Analysis Report supply us this product.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "Username": "ideshow@eflownutrition.com", "Password": "ngozi8989", "Host": "mail.scottbyscott.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
Click to see the 7 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 5 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_0B12AC58 | |
Source: | Code function: | 1_2_0B12BF78 |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Installs a global keyboard hook | Show sources |
Source: | Windows user hook set: | Jump to behavior |
Source: | Window created: | Jump to behavior |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
System Summary: |
---|
.NET source code contains very large array initializations | Show sources |
Source: | Large array initialization: | ||
Source: | Large array initialization: |
Source: | Code function: | 1_2_024B94A8 | |
Source: | Code function: | 1_2_024BC148 | |
Source: | Code function: | 1_2_024BA758 | |
Source: | Code function: | 1_2_054FB440 | |
Source: | Code function: | 1_2_054FF3B0 | |
Source: | Code function: | 1_2_054FACF0 | |
Source: | Code function: | 1_2_054FBE70 | |
Source: | Code function: | 1_2_054F7B00 | |
Source: | Code function: | 1_2_054F7548 | |
Source: | Code function: | 1_2_054F7550 | |
Source: | Code function: | 1_2_054FB433 | |
Source: | Code function: | 1_2_054FA179 | |
Source: | Code function: | 1_2_054FA188 | |
Source: | Code function: | 1_2_054FF1B8 | |
Source: | Code function: | 1_2_054F0040 | |
Source: | Code function: | 1_2_054F003E | |
Source: | Code function: | 1_2_054FACEB | |
Source: | Code function: | 1_2_054FECE8 | |
Source: | Code function: | 1_2_054FEF20 | |
Source: | Code function: | 1_2_054FBE6E | |
Source: | Code function: | 1_2_054FDB60 | |
Source: | Code function: | 1_2_054F7AFB | |
Source: | Code function: | 1_2_0B12B510 | |
Source: | Code function: | 1_2_0B124500 | |
Source: | Code function: | 1_2_0B1289E7 | |
Source: | Code function: | 1_2_0B124018 | |
Source: | Code function: | 1_2_0B1247F8 | |
Source: | Code function: | 1_2_0B1247E9 | |
Source: | Code function: | 1_2_0B128A4E | |
Source: | Code function: | 1_2_0B1236DC | |
Source: | Code function: | 1_2_0B123110 | |
Source: | Code function: | 1_2_0B128810 | |
Source: | Code function: | 1_2_0B126810 | |
Source: | Code function: | 1_2_0B128801 | |
Source: | Code function: | 1_2_0B120006 | |
Source: | Code function: | 1_2_0B124008 | |
Source: | Code function: | 1_2_0B125C31 | |
Source: | Code function: | 1_2_0B128450 | |
Source: | Code function: | 1_2_0B120040 | |
Source: | Code function: | 1_2_0B125C40 | |
Source: | Code function: | 1_2_0B128441 | |
Source: | Code function: | 1_2_0B1230C9 | |
Source: | Code function: | 1_2_0B1244EF | |
Source: | Code function: | 5_2_00D147A0 | |
Source: | Code function: | 5_2_00D14790 | |
Source: | Code function: | 5_2_00D383B0 | |
Source: | Code function: | 5_2_00D3A778 | |
Source: | Code function: | 5_2_00D35940 | |
Source: | Code function: | 5_2_00D32EC8 | |
Source: | Code function: | 5_2_00D32F3A | |
Source: | Code function: | 5_2_00D66818 | |
Source: | Code function: | 5_2_00D65AB8 | |
Source: | Code function: | 5_2_00D66230 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_054FB3B1 | |
Source: | Code function: | 1_2_0B124B7B | |
Source: | Code function: | 1_2_0B127DDB | |
Source: | Code function: | 1_2_0B127DE2 | |
Source: | Code function: | 1_2_0B128064 |
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: | ||
Source: | File source: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 5_2_00D3B6E8 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Modifies the hosts file | Show sources |
Source: | File written: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Path Interception | Process Injection112 | File and Directory Permissions Modification1 | OS Credential Dumping2 | System Information Discovery114 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | Input Capture11 | Query Registry1 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Deobfuscate/Decode Files or Information1 | Credentials in Registry1 | Security Software Discovery211 | SMB/Windows Admin Shares | Email Collection1 | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information3 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture11 | Scheduled Transfer | Application Layer Protocol11 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing3 | LSA Secrets | Virtualization/Sandbox Evasion131 | SSH | Clipboard Data1 | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Masquerading1 | Cached Domain Credentials | Application Window Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Virtualization/Sandbox Evasion131 | DCSync | Remote System Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Process Injection112 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | ReversingLabs | ByteCode-MSIL.Spyware.Negasteal |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Spy.Gen8 | Download File | ||
100% | Avira | TR/Spy.Gen8 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
scottbyscott.com | 50.87.146.199 | true | true | unknown | |
mail.scottbyscott.com | unknown | unknown | true | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
50.87.146.199 | scottbyscott.com | United States | 46606 | UNIFIEDLAYER-AS-1US | true |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 432673 |
Start date: | 10.06.2021 |
Start time: | 16:42:14 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | supply us this product.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 31 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.adwa.spyw.evad.winEXE@5/2@2/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
16:43:04 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\supply us this product.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1314 |
Entropy (8bit): | 5.350128552078965 |
Encrypted: | false |
SSDEEP: | 24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR |
MD5: | 1DC1A2DCC9EFAA84EABF4F6D6066565B |
SHA1: | B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9 |
SHA-256: | 28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF |
SHA-512: | 95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\supply us this product.exe |
File Type: | |
Category: | modified |
Size (bytes): | 11 |
Entropy (8bit): | 2.663532754804255 |
Encrypted: | false |
SSDEEP: | 3:iLE:iLE |
MD5: | B24D295C1F84ECBFB566103374FB91C5 |
SHA1: | 6A750D3F8B45C240637332071D34B403FA1FF55A |
SHA-256: | 4DC7B65075FBC5B5421551F0CB814CAFDC8CACA5957D393C222EE388B6F405F4 |
SHA-512: | 9BE279BFA70A859608B50EF5D30BF2345F334E5F433C410EA6A188DCAB395BFF50C95B165177E59A29261464871C11F903A9ECE55B2D900FE49A9F3C49EB88FA |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.607581520365733 |
TrID: |
|
File name: | supply us this product.exe |
File size: | 907264 |
MD5: | 958f243581dc2eda4e763086875e9a0b |
SHA1: | cd163dd563fa0cda762ab9c5df8743f053fed612 |
SHA256: | ae44346a0297d8a9deab5419ff2b4679b83646abbed05b835c90fc33eb3ce2d5 |
SHA512: | da0face65969d9ec3626eae938111a7bd863a842b19fbd8ecefc8df6dd011652a157ab476d857d8af7e7a8506bf6e4a4de205958242ddbf059c9a6791fcd78c3 |
SSDEEP: | 12288:bUV7Cwg8mnQigQl1j/Bi31o8BAAmx9HvBI0RA43AGDhZM4e/ZUdtb:bmC4mjgQzj/BiFFafx9F9AchNeBUdt |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..`..............P..0..........fO... ...`....@.. .......................@............@................................ |
File Icon |
---|
Icon Hash: | 8c8caa8e9692aa00 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4b4f66 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x60C2164D [Thu Jun 10 13:40:29 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb4f14 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb6000 | 0x2a3d4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe2000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb4ddc | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xb2f6c | 0xb3000 | False | 0.946567300978 | data | 7.95544670392 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xb6000 | 0x2a3d4 | 0x2a400 | False | 0.12447993713 | data | 4.17411605052 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe2000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xb6200 | 0x2326 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0xb8538 | 0x10828 | dBase III DBT, version number 0, next free block index 40 | ||
RT_ICON | 0xc8d70 | 0x94a8 | data | ||
RT_ICON | 0xd2228 | 0x5488 | data | ||
RT_ICON | 0xd76c0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294967295 | ||
RT_ICON | 0xdb8f8 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xddeb0 | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xdef68 | 0x988 | data | ||
RT_ICON | 0xdf900 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0xdfd78 | 0x84 | data | ||
RT_VERSION | 0xdfe0c | 0x3c8 | data | ||
RT_MANIFEST | 0xe01e4 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Paul Harris 2016 |
Assembly Version | 251.2.0.0 |
InternalName | MultiProducerMultiConsumerQueue.exe |
FileVersion | 251.2.0.0 |
CompanyName | Paul Harris |
LegalTrademarks | |
Comments | 1992 Alpine A 610 |
ProductName | ReloadManager |
ProductVersion | 251.2.0.0 |
FileDescription | ReloadManager |
OriginalFilename | MultiProducerMultiConsumerQueue.exe |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 10, 2021 16:45:00.939832926 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:01.126144886 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:01.126327038 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:03.956713915 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:03.957417011 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:04.145348072 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:04.145904064 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:04.340920925 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:04.388159990 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:04.430222988 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:04.629743099 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:04.629796982 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:04.629833937 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:04.629861116 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:04.629941940 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:04.629987955 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:04.633068085 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:04.641385078 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:04.829282999 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:04.872855902 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:05.129991055 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:05.316404104 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:05.320581913 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:05.507282972 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:05.508452892 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:05.734195948 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:05.736284971 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:05.923954964 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:05.924567938 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:06.151444912 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:06.181214094 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:06.182041883 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:06.368148088 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:06.374519110 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:06.375176907 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:06.375197887 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:06.375343084 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
Jun 10, 2021 16:45:06.562066078 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:06.563066959 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:06.563081980 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:06.563087940 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:06.563599110 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 |
Jun 10, 2021 16:45:06.606982946 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 10, 2021 16:42:56.258388042 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:42:56.319225073 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:42:57.368027925 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:42:57.421149969 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:42:58.138667107 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:42:58.201411009 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:42:58.453378916 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:42:58.506350994 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:42:59.334577084 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:42:59.384685040 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:00.542500973 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:00.592962027 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:02.315161943 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:02.374692917 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:03.483397007 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:03.535886049 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:04.511207104 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:04.561410904 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:05.431035042 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:05.481168985 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:06.362893105 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:06.413151979 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:07.311208963 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:07.361267090 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:08.266130924 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:08.316145897 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:09.190562010 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:09.243616104 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:10.355942965 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:10.414921999 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:11.941920042 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:11.995295048 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:12.893654108 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:12.945406914 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:13.806236029 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:13.856189013 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:14.890638113 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:14.940960884 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:31.883455992 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:31.946002960 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:32.657687902 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:32.727158070 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:52.599786043 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:52.660857916 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:53.060441017 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:53.121721983 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:43:53.232753992 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:43:53.293638945 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:02.579128027 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:02.731652975 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:03.747196913 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:03.806921005 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:04.490444899 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:04.565329075 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:05.022654057 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:05.165291071 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:05.983757019 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:06.046206951 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:07.050965071 CEST | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:07.102823019 CEST | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:08.087718010 CEST | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:08.146688938 CEST | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:09.115701914 CEST | 59420 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:09.166862965 CEST | 53 | 59420 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:10.718446016 CEST | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:10.782983065 CEST | 53 | 58784 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:13.084239006 CEST | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:13.145562887 CEST | 53 | 63978 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:13.169725895 CEST | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:13.229742050 CEST | 53 | 62938 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:15.495228052 CEST | 55708 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:15.554701090 CEST | 53 | 55708 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:47.731378078 CEST | 56803 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:47.807257891 CEST | 53 | 56803 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:44:50.020605087 CEST | 57145 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:44:50.083514929 CEST | 53 | 57145 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:45:00.238121986 CEST | 55359 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:45:00.436954975 CEST | 53 | 55359 | 8.8.8.8 | 192.168.2.3 |
Jun 10, 2021 16:45:00.766784906 CEST | 58306 | 53 | 192.168.2.3 | 8.8.8.8 |
Jun 10, 2021 16:45:00.826528072 CEST | 53 | 58306 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 10, 2021 16:45:00.238121986 CEST | 192.168.2.3 | 8.8.8.8 | 0xbed1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 10, 2021 16:45:00.766784906 CEST | 192.168.2.3 | 8.8.8.8 | 0xa072 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 10, 2021 16:45:00.436954975 CEST | 8.8.8.8 | 192.168.2.3 | 0xbed1 | No error (0) | scottbyscott.com | CNAME (Canonical name) | IN (0x0001) | ||
Jun 10, 2021 16:45:00.436954975 CEST | 8.8.8.8 | 192.168.2.3 | 0xbed1 | No error (0) | 50.87.146.199 | A (IP address) | IN (0x0001) | ||
Jun 10, 2021 16:45:00.826528072 CEST | 8.8.8.8 | 192.168.2.3 | 0xa072 | No error (0) | scottbyscott.com | CNAME (Canonical name) | IN (0x0001) | ||
Jun 10, 2021 16:45:00.826528072 CEST | 8.8.8.8 | 192.168.2.3 | 0xa072 | No error (0) | 50.87.146.199 | A (IP address) | IN (0x0001) |
SMTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Jun 10, 2021 16:45:03.956713915 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 | 220-gator3013.hostgator.com ESMTP Exim 4.94.2 #2 Thu, 10 Jun 2021 09:45:03 -0500 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Jun 10, 2021 16:45:03.957417011 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 | EHLO 045012 |
Jun 10, 2021 16:45:04.145348072 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 | 250-gator3013.hostgator.com Hello 045012 [84.17.52.18] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
Jun 10, 2021 16:45:04.145904064 CEST | 49759 | 587 | 192.168.2.3 | 50.87.146.199 | STARTTLS |
Jun 10, 2021 16:45:04.340920925 CEST | 587 | 49759 | 50.87.146.199 | 192.168.2.3 | 220 TLS go ahead |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:43:03 |
Start date: | 10/06/2021 |
Path: | C:\Users\user\Desktop\supply us this product.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc0000 |
File size: | 907264 bytes |
MD5 hash: | 958F243581DC2EDA4E763086875E9A0B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 16:43:06 |
Start date: | 10/06/2021 |
Path: | C:\Users\user\Desktop\supply us this product.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x420000 |
File size: | 907264 bytes |
MD5 hash: | 958F243581DC2EDA4E763086875E9A0B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:43:06 |
Start date: | 10/06/2021 |
Path: | C:\Users\user\Desktop\supply us this product.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x4c0000 |
File size: | 907264 bytes |
MD5 hash: | 958F243581DC2EDA4E763086875E9A0B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 0B124018, Relevance: 1.5, Strings: 1, Instructions: 258COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B124008, Relevance: 1.5, Strings: 1, Instructions: 255COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FACF0, Relevance: 1.4, Strings: 1, Instructions: 183COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FACEB, Relevance: 1.4, Strings: 1, Instructions: 181COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B1244EF, Relevance: 1.4, Strings: 1, Instructions: 181COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B124500, Relevance: 1.4, Strings: 1, Instructions: 180COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B1289E7, Relevance: 1.4, Strings: 1, Instructions: 146COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FBE70, Relevance: 1.3, Strings: 1, Instructions: 78COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FBE6E, Relevance: 1.3, Strings: 1, Instructions: 57COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B94A8, Relevance: .7, Instructions: 665COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B12B510, Relevance: .6, Instructions: 608COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F7B00, Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F7AFB, Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FB440, Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FB433, Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FF3B0, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B12AC58, Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024BBA50, Relevance: 1.7, APIs: 1, Instructions: 201COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024BDF0D, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024BDF18, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B7009, Relevance: 1.6, APIs: 1, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B7078, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B126740, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B126FF1, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B126748, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B126FF8, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024B7080, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B126E37, Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B12270A, Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B122710, Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B126690, Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B126E48, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B126698, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B12C218, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024BBC40, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B12A770, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024BE159, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024BE160, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B126E1E, Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FB638, Relevance: 1.3, Strings: 1, Instructions: 82COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FB633, Relevance: 1.3, Strings: 1, Instructions: 82COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FA0E3, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FA0F0, Relevance: 1.3, Strings: 1, Instructions: 37COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F9E68, Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F89A0, Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F5ED8, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FB760, Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6928, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FB770, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6D4D8, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A7D1D4, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A7D01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FD2F8, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6ACD, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F66F4, Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FBBE8, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FBBE3, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6440, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6D4D3, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FD410, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6924, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A7D017, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A7D1CF, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6700, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F7043, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6D771, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6D770, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6E93, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FC225, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FDF30, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6F33, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6E98, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6F38, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FAB18, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FC10B, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6411, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FA097, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FA2C3, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FB88F, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FB898, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FA0A0, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6DF5, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6F8B, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F81DB, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F5E8B, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F81E0, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6F90, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F5E90, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F6E00, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 054FECE8, Relevance: 2.6, Strings: 2, Instructions: 113COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B128450, Relevance: 1.5, Strings: 1, Instructions: 222COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B128441, Relevance: 1.5, Strings: 1, Instructions: 216COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B128810, Relevance: 1.4, Strings: 1, Instructions: 166COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B128801, Relevance: 1.4, Strings: 1, Instructions: 163COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B1247F8, Relevance: 1.4, Strings: 1, Instructions: 149COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B1247E9, Relevance: 1.4, Strings: 1, Instructions: 143COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B128A4E, Relevance: 1.4, Strings: 1, Instructions: 124COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FF1B8, Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F0040, Relevance: 1.3, Strings: 1, Instructions: 97COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024BC148, Relevance: .5, Instructions: 522COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F7548, Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024BA758, Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F7550, Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FDB60, Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FEF20, Relevance: .2, Instructions: 173COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B1230C9, Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B120006, Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B123110, Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B120040, Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054F003E, Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B125C40, Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B125C31, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B1236DC, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FA188, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054FA179, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B126810, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0B12BF78, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00D3B6E8, Relevance: 2.0, APIs: 1, Instructions: 461COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61017, Relevance: 3.4, APIs: 2, Instructions: 431COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61053, Relevance: 3.4, APIs: 2, Instructions: 426COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61098, Relevance: 3.4, APIs: 2, Instructions: 419COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D610DD, Relevance: 3.4, APIs: 2, Instructions: 412COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61122, Relevance: 3.4, APIs: 2, Instructions: 405COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61167, Relevance: 3.4, APIs: 2, Instructions: 398COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D611AC, Relevance: 3.4, APIs: 2, Instructions: 391COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D611F1, Relevance: 3.4, APIs: 2, Instructions: 384COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61236, Relevance: 3.4, APIs: 2, Instructions: 375COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61272, Relevance: 3.4, APIs: 2, Instructions: 370COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D612B7, Relevance: 1.9, APIs: 1, Instructions: 363COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D612FC, Relevance: 1.9, APIs: 1, Instructions: 356COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61341, Relevance: 1.8, APIs: 1, Instructions: 349COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61386, Relevance: 1.8, APIs: 1, Instructions: 342COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D613CB, Relevance: 1.8, APIs: 1, Instructions: 335COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D614F5, Relevance: 1.8, APIs: 1, Instructions: 303COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61801, Relevance: 1.7, APIs: 1, Instructions: 224COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6183D, Relevance: 1.7, APIs: 1, Instructions: 219COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61885, Relevance: 1.7, APIs: 1, Instructions: 212COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D618CD, Relevance: 1.7, APIs: 1, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61915, Relevance: 1.7, APIs: 1, Instructions: 198COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D6195D, Relevance: 1.7, APIs: 1, Instructions: 191COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D619A5, Relevance: 1.7, APIs: 1, Instructions: 184COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D619ED, Relevance: 1.7, APIs: 1, Instructions: 177COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61A35, Relevance: 1.7, APIs: 1, Instructions: 168COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D61A71, Relevance: 1.7, APIs: 1, Instructions: 161COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D13C7C, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D15184, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D16964, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D1C3C9, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D16D73, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D16D78, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D1C3D8, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D12F44, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D141AB, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|