Analysis Report shorefront.eps
Overview
General Information
Detection
Score: | 92 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"lang_id": "RU, CN", "RSA Public Key": "YO4ItoAHj27nQHcek0ajLmmby9wzIPBRe+hTTGA+vdmBx9WHGSmH+27G6fUvU8FIdumcsGzdR3nVucsR89Hrym0hEi/6912U3fz8nLZTmfMNITP1haHrjk4931u8AJbwFobO2OROdhnUSaxTMA4bUUhDQ512s4Mw9dwF+RVgzByOOXZjTb/8c7RAb5TF3S9udlcSUcG0UgRjjerDAkFDNoGfvrRUbQdmhzdTQTVlAQndB1/gGmNmYRjiDY3ZPIgGCxRg+L7+cRtLwnqkaPMhiWWYFszaBPeJgqFJ28z3OWmw84N+FITvVekj/sQLKPQHnW1Axm22vEhQb3UNvpyJEVFYrda06XMVSGm1E2H2wkQ=", "c2_domain": ["app.buboleinov.com", "chat.veminiare.com", "chat.billionady.com", "app3.maintorna.com"], "botnet": "4500", "server": "580", "serpent_key": "46uoXhSnsCfVUpSs", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 20 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 2 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Code function: | 0_2_005035A1 | |
Source: | Code function: | 3_2_047735A1 |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_00504E9C | |
Source: | Code function: | 3_2_04774E9C |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_005035A1 | |
Source: | Code function: | 3_2_047735A1 |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Code function: | 0_2_6C5018D1 | |
Source: | Code function: | 0_2_6C501B89 | |
Source: | Code function: | 0_2_6C502485 | |
Source: | Code function: | 0_2_00503CA1 | |
Source: | Code function: | 0_2_005081CD | |
Source: | Code function: | 3_2_04773CA1 | |
Source: | Code function: | 3_2_047781CD |
Source: | Code function: | 0_2_6C502264 | |
Source: | Code function: | 0_2_00506609 | |
Source: | Code function: | 0_2_00507FA8 | |
Source: | Code function: | 0_2_6C558C07 | |
Source: | Code function: | 0_2_6C55A588 | |
Source: | Code function: | 0_2_6C548ED8 | |
Source: | Code function: | 0_2_6C54C8D4 | |
Source: | Code function: | 0_2_6C55139D | |
Source: | Code function: | 3_2_04776609 | |
Source: | Code function: | 3_2_04777FA8 | |
Source: | Code function: | 3_2_6C558C07 | |
Source: | Code function: | 3_2_6C55A588 | |
Source: | Code function: | 3_2_6C548ED8 | |
Source: | Code function: | 3_2_6C54C8D4 | |
Source: | Code function: | 3_2_6C55139D |
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_005019E7 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_6C501F31 |
Source: | Static PE information: |
Source: | Code function: | 0_2_6C502263 | |
Source: | Code function: | 0_2_6C502209 | |
Source: | Code function: | 0_2_0050B690 | |
Source: | Code function: | 0_2_00507C29 | |
Source: | Code function: | 0_2_0050B164 | |
Source: | Code function: | 0_2_00507FA7 | |
Source: | Code function: | 0_2_6C51242C | |
Source: | Code function: | 0_2_6C510DE4 | |
Source: | Code function: | 0_2_6C511F8F | |
Source: | Code function: | 0_2_6C54685A | |
Source: | Code function: | 0_2_6C54B388 | |
Source: | Code function: | 3_2_0477B690 | |
Source: | Code function: | 3_2_04777C29 | |
Source: | Code function: | 3_2_0477B164 | |
Source: | Code function: | 3_2_04777FA7 | |
Source: | Code function: | 3_2_6C51242C | |
Source: | Code function: | 3_2_6C510DE4 | |
Source: | Code function: | 3_2_6C511F8F | |
Source: | Code function: | 3_2_6C54685A | |
Source: | Code function: | 3_2_6C54B388 |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 0_2_6C50FC64 |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_00504E9C | |
Source: | Code function: | 3_2_04774E9C |
Source: | Code function: | 0_2_6C54DD9B |
Source: | Code function: | 0_2_6C55603F |
Source: | Code function: | 0_2_6C501F31 |
Source: | Code function: | 0_2_6C55F1E7 | |
Source: | Code function: | 0_2_6C55F11D | |
Source: | Code function: | 0_2_6C55ED24 | |
Source: | Code function: | 3_2_6C55F11D | |
Source: | Code function: | 3_2_6C55ED24 |
Source: | Code function: | 0_2_6C54B524 |
Source: | Code function: | 0_2_6C548B1A | |
Source: | Code function: | 3_2_6C548B1A |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00503946 |
Source: | Code function: | 0_2_6C501566 | |
Source: | Code function: | 0_2_6C54ACFA | |
Source: | Code function: | 0_2_6C556DEC | |
Source: | Code function: | 0_2_6C556F16 | |
Source: | Code function: | 0_2_6C556FC3 | |
Source: | Code function: | 0_2_6C556843 | |
Source: | Code function: | 0_2_6C554020 | |
Source: | Code function: | 0_2_6C546A76 | |
Source: | Code function: | 0_2_6C553A1E | |
Source: | Code function: | 0_2_6C553234 | |
Source: | Code function: | 0_2_6C54AAC0 | |
Source: | Code function: | 0_2_6C556AF7 | |
Source: | Code function: | 0_2_6C54AAFD | |
Source: | Code function: | 0_2_6C556AB7 | |
Source: | Code function: | 0_2_6C556B74 | |
Source: | Code function: | 0_2_6C556BF7 | |
Source: | Code function: | 3_2_6C54ACFA | |
Source: | Code function: | 3_2_6C556DEC | |
Source: | Code function: | 3_2_6C556F16 | |
Source: | Code function: | 3_2_6C556FC3 | |
Source: | Code function: | 3_2_6C556843 | |
Source: | Code function: | 3_2_6C554020 | |
Source: | Code function: | 3_2_6C546A76 | |
Source: | Code function: | 3_2_6C553A1E | |
Source: | Code function: | 3_2_6C553234 | |
Source: | Code function: | 3_2_6C54AAC0 | |
Source: | Code function: | 3_2_6C556AF7 | |
Source: | Code function: | 3_2_6C54AAFD | |
Source: | Code function: | 3_2_6C556AB7 | |
Source: | Code function: | 3_2_6C556B74 | |
Source: | Code function: | 3_2_6C556BF7 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_6C501979 |
Source: | Code function: | 0_2_00503946 |
Source: | Code function: | 0_2_6C50146C |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation2 | Path Interception | Process Injection12 | Masquerading1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Data Encrypted for Impact1 |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion1 | LSASS Memory | Security Software Discovery3 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection12 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information2 | LSA Secrets | Account Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Rundll321 | Cached Domain Credentials | System Owner/User Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | File and Directory Discovery2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Information Discovery34 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
46% | Virustotal | Browse | ||
54% | ReversingLabs | Win32.Trojan.Sdum | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
app.buboleinov.com | unknown | unknown | true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
true |
| unknown |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 429225 |
Start date: | 03.06.2021 |
Start time: | 18:04:14 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | shorefront.eps (renamed file extension from eps to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal92.troj.winDLL@16/17@6/0 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
18:06:28 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 50344 |
Entropy (8bit): | 1.9993845315328929 |
Encrypted: | false |
SSDEEP: | 192:r7ZYZdg2QjW0StiifcBPzMgHB+HDMKzcIwpSuM62pSbKpif8qpitkwNkimRwxkES:rN4FdxL900tk+dY1 |
MD5: | 7978357DDA034C05E56F55DA35366205 |
SHA1: | 48E4CABD925132F6A720DBF850A937DFCCC69152 |
SHA-256: | 6B8EEF1FA301C04940AA30E7958CFA1C07D64E11423141A358089F78E59A2F6A |
SHA-512: | 1EEDC44DAFC7B64B1D1A1F26CBC74940EE74451114AA089D2C2B5C6B130A3C52E86B6137B4723D74066F57A50A1F2714C28AC7FAFD6AFF32A4D1FCDE53C8AC41 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27588 |
Entropy (8bit): | 1.9124316644431674 |
Encrypted: | false |
SSDEEP: | 192:rIZvQf6hkOjt2lWeMGVwmJ06ibFVwmJ06ixmmA:rIoSSIk83qhIbhIwx |
MD5: | 2E09A548EF11126190EFD8E8398EFBB9 |
SHA1: | 17B8746C47A049ACAA52C304C607FC7E2F192F2B |
SHA-256: | 80ABDEBCCF9BCFC80CAE6DB09CB39304A8338B6927C70E988258FCE27FB8D74D |
SHA-512: | C827881750C667D70195CD98D9279DC92C4EDFEC76925A4CF12969F00DBA76B63B5B89BF6ECF88A2D803B3351C46ED78DE8BC2D1BE5E12CB8884376A63BDEE62 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28156 |
Entropy (8bit): | 1.922108016741325 |
Encrypted: | false |
SSDEEP: | 96:roZvQr69BS/jl2FW1MpdphCuQbKolpIK9hCuQeOA:roZvQr69k/jl2FW1Mpdpw9lpfwnA |
MD5: | 99B43810D1B0B8FB2D4795325EBFF699 |
SHA1: | 2BEA2EB826754881F2135787DE63991849271614 |
SHA-256: | 891910C972C0E0B618F60AE4B2ACDE679390016D197D089D3DAD579BBB31EB46 |
SHA-512: | B17DFCDE50DACF718C2CC975DE6F5725FD4E64ED73402D04512318F5F4D6EFA092E80E58ADEFC5BFA58695969AF98BB7A286E715F35BD5BD5C437FC6211AB7D2 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/NewErrorPageTemplate.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/httpErrorPagesScripts.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/down.png |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=9003 |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/errorPageStrings.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 89 |
Entropy (8bit): | 4.457498499025032 |
Encrypted: | false |
SSDEEP: | 3:oVXUbVCE9Ts4T48JOGXnEbVCE9Ts4uk+n:o9Urn4qErq |
MD5: | 330A46A120DAA4AA27765FF48C17CFA2 |
SHA1: | D64846D9E5996A84A50FE3522DF95B8D995D187C |
SHA-256: | 4C01D98C1E31356C9F8DDB63A2320560DF77C8A37B6215E8C51E4440AFFECC12 |
SHA-512: | 3DD1DED3DDE41C97ED2C1D32E9065F58D9FC8272D403D0BD7B2DFEEEE064A924AE80049DEF6917EFF2861F795F741AA7FCBE281E7D17EF49B0A26F0CD50C5245 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40185 |
Entropy (8bit): | 0.6775647831808976 |
Encrypted: | false |
SSDEEP: | 96:kBqoxKAuvScS+EiIZCPphCuQbKephCuQbKZphCuQbK6:kBqoxKAuqR+EiIZCPpwVpwOpwT |
MD5: | 69940C57E758F61ED876E80B30613A47 |
SHA1: | 643EE6264C9C8B4B54B84A83B7FCFF57B07F3B94 |
SHA-256: | 85E2C83108205161715618459450AEA91475F42DE1B577CE9E2BA86B0FE1BB8F |
SHA-512: | 4353AFCF37B8DBD3E0B99D737F385125D3BF072A8ACB1FE27A57D08E239162AED77D2C6184297D553D61ACE72C2A1F1299E006BAAE9F65AC3E9FDC50808C2781 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40073 |
Entropy (8bit): | 0.6558580738443309 |
Encrypted: | false |
SSDEEP: | 192:kBqoxKAuqR+tzxQTWwmJ06iRwmJ06iqwmJ06if:kBqoxKAuqR+tzxQTWhIRhIqhIf |
MD5: | BED294CA39E721D92EE7C908AFAA80A9 |
SHA1: | E3B390F086560AF18F1C96F3633448B5B431C6D3 |
SHA-256: | 52A5530CAFACE2F1C8A1D6D9B4E4B7A315236B316C6EF2C491278A9719F0B599 |
SHA-512: | 740F9AE6B38ECC70861E1D4B746238D970EA40EA84B17276897ABCBA19D90D93DFFFDEF811D5F0D053EACEBD4A0B400E2B70BB3BCC41539DA707E44DF4A89781 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13237 |
Entropy (8bit): | 0.5972692611662705 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loJ9lop9lWnxTV929:kBqoIysrG |
MD5: | E96BA0BC747494236BC0429356C61A71 |
SHA1: | 50C56F2FB54ACF0D56C65C1F92B43894B8247773 |
SHA-256: | 0FCB065D36956D9134F1DEAFE195677B90F3143C534147A4E91FB53DBFE1A301 |
SHA-512: | 139FF4AB662834360F7D752A01ED0D14308FC85E782DEF0D10CCFBF0C2999DC1EBE105B5B1938BD5A34709D2A55C812D43D79F7DD3F0276F575BB2DF07A67A40 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.166903919730553 |
TrID: |
|
File name: | shorefront.dll |
File size: | 393728 |
MD5: | b3526bc3c4a61f9f09ac31ee9a5fc8a5 |
SHA1: | d92ac3fa9cca4ed8273111f767e24d8f53896787 |
SHA256: | f4a464c2e5f14cd4c391a9b5ba60deca36ccaa6c1503a097eeb0c5070945d1fb |
SHA512: | 0583e811619ea1ce40c430436e91b8b216fc509e7c75ed7132fdccc9f52f1828f50dbca6cd4b973090962fe6e8b76e298b0fe43b56ea2485810d4dc52e033fdb |
SSDEEP: | 6144:hC5FUWwNmY036ua+71w5uJEr+AitTdyh+a6R+/ZQWdB:0FBwNuKu4umqAinyh+7+h1H |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....pS...........!.........$.......W..............................................K.....@.............................m.. |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1045798 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x1000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x53700FF7 [Mon May 12 00:04:07 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | f97da13a5df33dbcb72f17527b1d6819 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007F6174C5A777h |
call 00007F6174C64340h |
push dword ptr [ebp+10h] |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp+08h] |
call 00007F6174C5A77Ch |
add esp, 0Ch |
pop ebp |
retn 000Ch |
push 0000000Ch |
push 0105B7D8h |
call 00007F6174C602DEh |
xor eax, eax |
inc eax |
mov esi, dword ptr [ebp+0Ch] |
test esi, esi |
jne 00007F6174C5A77Eh |
cmp dword ptr [020691B4h], esi |
je 00007F6174C5A85Ah |
and dword ptr [ebp-04h], 00000000h |
cmp esi, 01h |
je 00007F6174C5A777h |
cmp esi, 02h |
jne 00007F6174C5A7A7h |
mov ecx, dword ptr [010137A0h] |
test ecx, ecx |
je 00007F6174C5A77Eh |
push dword ptr [ebp+10h] |
push esi |
push dword ptr [ebp+08h] |
call ecx |
mov dword ptr [ebp-1Ch], eax |
test eax, eax |
je 00007F6174C5A827h |
push dword ptr [ebp+10h] |
push esi |
push dword ptr [ebp+08h] |
call 00007F6174C5A586h |
mov dword ptr [ebp-1Ch], eax |
test eax, eax |
je 00007F6174C5A810h |
mov ebx, dword ptr [ebp+10h] |
push ebx |
push esi |
push dword ptr [ebp+08h] |
call 00007F6174C52768h |
mov edi, eax |
mov dword ptr [ebp-1Ch], edi |
cmp esi, 01h |
jne 00007F6174C5A79Ah |
test edi, edi |
jne 00007F6174C5A796h |
push ebx |
push eax |
push dword ptr [ebp+08h] |
call 00007F6174C52750h |
push ebx |
push edi |
push dword ptr [ebp+08h] |
call 00007F6174C5A54Ch |
mov eax, dword ptr [010137A0h] |
test eax, eax |
je 00007F6174C5A779h |
push ebx |
push edi |
push dword ptr [ebp+08h] |
call eax |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x5bdf0 | 0x6d | .text |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x106c200 | 0x64 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x106d000 | 0x2334 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1080 | 0x38 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x18b68 | 0x40 | .text |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x106c000 | 0x200 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5ae5d | 0x5b000 | False | 0.629630623283 | data | 6.14182941666 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x5c000 | 0x100f10c | 0x1c00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x106c000 | 0xc34 | 0xe00 | False | 0.399832589286 | data | 5.23220949273 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x106d000 | 0x2334 | 0x2400 | False | 0.759331597222 | data | 6.62458632125 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | SetStdHandle, WriteConsoleW, ReadConsoleW, CreateFileW, SetSystemPowerState, CreateFileA, GetWindowsDirectoryA, GetCommandLineA, CreateSemaphoreA, FormatMessageA, GetLocalTime, GetSystemTimeAsFileTime, HeapWalk, HeapCompact, HeapFree, HeapAlloc, VirtualProtectEx, OutputDebugStringW, LoadLibraryExW, SetFilePointerEx, ReadFile, GetConsoleMode, GetConsoleCP, FlushFileBuffers, CloseHandle, HeapReAlloc, GetModuleFileNameW, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCurrentProcessId, QueryPerformanceCounter, GetModuleFileNameA, GetFileType, GetStdHandle, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, GetLastError, RaiseException, RtlUnwind, GetCurrentThreadId, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetProcAddress, IsProcessorFeaturePresent, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ExitProcess, GetModuleHandleExW, HeapSize, GetProcessHeap, IsDebuggerPresent, IsValidCodePage, GetACP, GetOEMCP |
ole32.dll | OleUninitialize, OleInitialize, OleSetContainedObject |
ADVAPI32.dll | AllocateAndInitializeSid, SetEntriesInAclA, StartServiceCtrlDispatcherW, SetServiceStatus, RegisterServiceCtrlHandlerA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, DeleteService, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegOpenKeyA, RegEnumKeyA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, LookupPrivilegeValueA, OpenProcessToken, OpenThreadToken, GetTokenInformation, FreeSid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl |
hlink.dll |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Child | 1 | 0x103dbb0 |
Forcearea | 2 | 0x103dc60 |
Stationmeat | 3 | 0x103d3d0 |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 3, 2021 18:04:57.835787058 CEST | 50579 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:04:57.877228022 CEST | 53 | 50579 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:04:58.193685055 CEST | 51703 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:04:58.194834948 CEST | 65248 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:04:58.195405006 CEST | 53723 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:04:58.235152006 CEST | 53 | 51703 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:04:58.236143112 CEST | 53 | 65248 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:04:58.236301899 CEST | 53 | 53723 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:04:58.640815020 CEST | 64646 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:04:58.690197945 CEST | 53 | 64646 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:04:59.577861071 CEST | 65298 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:04:59.626797915 CEST | 53 | 65298 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:04:59.664598942 CEST | 59123 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:04:59.737924099 CEST | 53 | 59123 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:05:00.287354946 CEST | 54531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:05:00.341882944 CEST | 53 | 54531 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:05:00.524528980 CEST | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:05:00.574057102 CEST | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:05:01.698822021 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:05:01.747279882 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:05:03.097371101 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:05:03.139079094 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:05:04.113044977 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:05:04.161500931 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:05:05.240236998 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:05:05.283468008 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:05:54.963553905 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:05:55.027280092 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:26.936666965 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:26.978046894 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:28.175432920 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:28.218729019 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:29.277987003 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:29.328186989 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:29.367486954 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:29.416198969 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:30.062048912 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:30.127419949 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:30.666662931 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:30.715130091 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:31.485276937 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:31.534965038 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:33.046251059 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:33.096560955 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:37.884838104 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:37.934593916 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:39.378293037 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:39.420027018 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:40.316010952 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:40.365956068 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:41.262558937 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:41.314126015 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:43.233447075 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:43.282026052 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:46.981379986 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:47.032116890 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:48.251032114 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:48.301836967 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:48.314477921 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:48.377386093 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:48.390541077 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:48.439580917 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:49.089580059 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:49.138902903 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:49.145909071 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:49.194487095 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:06:49.201268911 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:06:49.252738953 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:07:10.306181908 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:07:10.375230074 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jun 3, 2021 18:07:14.013451099 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 3, 2021 18:07:14.063872099 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 3, 2021 18:06:48.251032114 CEST | 192.168.2.4 | 8.8.8.8 | 0xd976 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2021 18:06:48.314477921 CEST | 192.168.2.4 | 8.8.8.8 | 0x65f0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2021 18:06:48.390541077 CEST | 192.168.2.4 | 8.8.8.8 | 0xf05a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2021 18:06:49.089580059 CEST | 192.168.2.4 | 8.8.8.8 | 0x72bc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2021 18:06:49.145909071 CEST | 192.168.2.4 | 8.8.8.8 | 0x2930 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 3, 2021 18:06:49.201268911 CEST | 192.168.2.4 | 8.8.8.8 | 0xd559 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 3, 2021 18:06:29.328186989 CEST | 8.8.8.8 | 192.168.2.4 | 0xbf1e | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Jun 3, 2021 18:06:48.301836967 CEST | 8.8.8.8 | 192.168.2.4 | 0xd976 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jun 3, 2021 18:06:48.377386093 CEST | 8.8.8.8 | 192.168.2.4 | 0x65f0 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jun 3, 2021 18:06:48.439580917 CEST | 8.8.8.8 | 192.168.2.4 | 0xf05a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jun 3, 2021 18:06:49.138902903 CEST | 8.8.8.8 | 192.168.2.4 | 0x72bc | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jun 3, 2021 18:06:49.194487095 CEST | 8.8.8.8 | 192.168.2.4 | 0x2930 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jun 3, 2021 18:06:49.252738953 CEST | 8.8.8.8 | 192.168.2.4 | 0xd559 | Name error (3) | none | none | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 18:05:03 |
Start date: | 03/06/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x960000 |
File size: | 116736 bytes |
MD5 hash: | 542795ADF7CC08EFCF675D65310596E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 18:05:04 |
Start date: | 03/06/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 18:05:04 |
Start date: | 03/06/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 18:05:04 |
Start date: | 03/06/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 18:05:08 |
Start date: | 03/06/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 18:05:14 |
Start date: | 03/06/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x200000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 18:06:45 |
Start date: | 03/06/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff601e70000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 18:06:46 |
Start date: | 03/06/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 18:06:47 |
Start date: | 03/06/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00504E9C, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 222memoryfiletimeCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00503946, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 102memoryCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C5018D1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C501566, Relevance: 4.5, APIs: 3, Instructions: 23COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C501B89, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C5017A7, Relevance: 15.1, APIs: 10, Instructions: 103threadsleepsynchronizationCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00502D63, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 191memoryCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00501041, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00504430, Relevance: 10.6, APIs: 7, Instructions: 72sleepmemorytimeCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00505AE3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C53E710, Relevance: 10.6, APIs: 7, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C501E04, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050344C, Relevance: 6.1, APIs: 4, Instructions: 98memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C5015A3, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C501D32, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00504A3C, Relevance: 4.6, APIs: 3, Instructions: 94memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050243C, Relevance: 4.6, APIs: 3, Instructions: 82memoryCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C501030, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050274E, Relevance: 4.6, APIs: 3, Instructions: 57memoryCOMMON
C-Code - Quality: 28% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00501896, Relevance: 3.8, APIs: 3, Instructions: 82COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005041D0, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C501C12, Relevance: 2.5, APIs: 2, Instructions: 48memoryCOMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C53BBD0, Relevance: 1.6, APIs: 1, Instructions: 141COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00504BFF, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00505C4E, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00502A03, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C501236, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005030AD, Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00505872, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00501AF1, Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005045E6, Relevance: 1.3, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005019E7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41processCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C502485, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 195nativeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C50146C, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00506609, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 610COMMONCrypto
C-Code - Quality: 49% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C54AAC0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C54AAFD, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C54B524, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00507FA8, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C502264, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C55ED24, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C50FC64, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C55F11D, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C54AF5D, Relevance: 18.1, APIs: 12, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050762C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112stringCOMMON
C-Code - Quality: 27% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00507836, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110librarymemoryloaderCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050374B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 190memoryCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 32% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C54C541, Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C5421E6, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050202E, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 172stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00504CD5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92synchronizationCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00505419, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 79registryCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C55088C, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00502A18, Relevance: 7.5, APIs: 5, Instructions: 31COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C542319, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00501E91, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C547BF3, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050467C, Relevance: 6.1, APIs: 4, Instructions: 108synchronizationCOMMON
C-Code - Quality: 56% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050514D, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 97stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C552328, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00507289, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005049BA, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C53E2D0, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00501970, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C545D49, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C54E11F, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00501547, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00507360, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98registrysynchronizationCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005031C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050110A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25registryCOMMON
C-Code - Quality: 16% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00502956, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18timeCOMMON
C-Code - Quality: 37% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00502FFC, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00504DC8, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00502829, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 04774E9C, Relevance: 34.7, APIs: 23, Instructions: 222memoryfiletimeCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04771041, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04774430, Relevance: 10.6, APIs: 7, Instructions: 72sleepmemorytimeCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04775AE3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C53E710, Relevance: 10.6, APIs: 7, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0477344C, Relevance: 6.1, APIs: 4, Instructions: 98memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04774A3C, Relevance: 4.6, APIs: 3, Instructions: 94memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0477243C, Relevance: 4.6, APIs: 3, Instructions: 82memoryCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0477274E, Relevance: 4.6, APIs: 3, Instructions: 57memoryCOMMON
C-Code - Quality: 28% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04771896, Relevance: 3.8, APIs: 3, Instructions: 82COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04777471, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047741D0, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C53BBD0, Relevance: 1.6, APIs: 1, Instructions: 141COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04774BFF, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04775C4E, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04772A03, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047730AD, Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04775872, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04771AF1, Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047745E6, Relevance: 1.3, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C55F289, Relevance: 1.3, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C54AF5D, Relevance: 18.1, APIs: 12, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04777836, Relevance: 13.6, APIs: 9, Instructions: 110librarymemoryloaderCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C54C541, Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C5421E6, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 32% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C55088C, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04772A18, Relevance: 7.5, APIs: 5, Instructions: 31COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0477202E, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C542319, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C547BF3, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04771E91, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0477467C, Relevance: 6.1, APIs: 4, Instructions: 108synchronizationCOMMON
C-Code - Quality: 56% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C552328, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04777289, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047749BA, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C53E2D0, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C545D49, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6C54E11F, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04771970, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04771547, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04772FFC, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04774DC8, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04772829, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |