Windows Analysis Report Cailbers22LongRiflorderlist.exe
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: GuLoader |
---|
{"Payload URL": "https://onedrive.live.com/download?cid=CF699836D17ED884&resid=CF699836D17ED884%21110&authkey=AB6GufhtYFcXJ00P*"}
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_1 | Yara detected GuLoader | Joe Security |
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_1 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_1 | Yara detected GuLoader | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_1 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_1 | Yara detected GuLoader | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | Binary or memory string: |
System Summary: |
---|
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Code function: | 0_2_02225909 | |
Source: | Code function: | 0_2_02225A23 | |
Source: | Code function: | 0_2_02225A6C | |
Source: | Code function: | 0_2_02225AC6 | |
Source: | Code function: | 0_2_02225B2C | |
Source: | Code function: | 0_2_02225B4F | |
Source: | Code function: | 0_2_02225938 | |
Source: | Code function: | 0_2_02225998 | |
Source: | Code function: | 0_2_022259F0 |
Source: | Code function: | 0_2_00412054 | |
Source: | Code function: | 0_2_02225909 | |
Source: | Code function: | 0_2_02222A24 | |
Source: | Code function: | 0_2_0222263A | |
Source: | Code function: | 0_2_02221216 | |
Source: | Code function: | 0_2_02223E1C | |
Source: | Code function: | 0_2_02223E64 | |
Source: | Code function: | 0_2_02223A6A | |
Source: | Code function: | 0_2_02222A68 | |
Source: | Code function: | 0_2_0222127C | |
Source: | Code function: | 0_2_02224248 | |
Source: | Code function: | 0_2_02227E5E | |
Source: | Code function: | 0_2_02224284 | |
Source: | Code function: | 0_2_02222688 | |
Source: | Code function: | 0_2_02223A93 | |
Source: | Code function: | 0_2_02223A9C | |
Source: | Code function: | 0_2_02223AE8 | |
Source: | Code function: | 0_2_022212C2 | |
Source: | Code function: | 0_2_02222AC0 | |
Source: | Code function: | 0_2_02223EC0 | |
Source: | Code function: | 0_2_022256C8 | |
Source: | Code function: | 0_2_022242D0 | |
Source: | Code function: | 0_2_02220ED8 | |
Source: | Code function: | 0_2_02220F32 | |
Source: | Code function: | 0_2_02224338 | |
Source: | Code function: | 0_2_02223F0A | |
Source: | Code function: | 0_2_02221308 | |
Source: | Code function: | 0_2_02222B1A | |
Source: | Code function: | 0_2_02223B64 | |
Source: | Code function: | 0_2_02223B44 | |
Source: | Code function: | 0_2_02220F50 | |
Source: | Code function: | 0_2_02223F50 | |
Source: | Code function: | 0_2_022267A1 | |
Source: | Code function: | 0_2_022243A4 | |
Source: | Code function: | 0_2_02222BBA | |
Source: | Code function: | 0_2_02223B88 | |
Source: | Code function: | 0_2_02222B9A | |
Source: | Code function: | 0_2_02223F98 | |
Source: | Code function: | 0_2_02223FE1 | |
Source: | Code function: | 0_2_02223BEC | |
Source: | Code function: | 0_2_02220FC4 | |
Source: | Code function: | 0_2_0222402C | |
Source: | Code function: | 0_2_02223C34 | |
Source: | Code function: | 0_2_02222C35 | |
Source: | Code function: | 0_2_02221014 | |
Source: | Code function: | 0_2_02223467 | |
Source: | Code function: | 0_2_02221068 | |
Source: | Code function: | 0_2_02223470 | |
Source: | Code function: | 0_2_0222207E | |
Source: | Code function: | 0_2_02222C4E | |
Source: | Code function: | 0_2_02224454 | |
Source: | Code function: | 0_2_022210AC | |
Source: | Code function: | 0_2_022244B0 | |
Source: | Code function: | 0_2_022294B1 | |
Source: | Code function: | 0_2_022234B4 | |
Source: | Code function: | 0_2_02223C81 | |
Source: | Code function: | 0_2_02222C92 | |
Source: | Code function: | 0_2_0222949A | |
Source: | Code function: | 0_2_02223899 | |
Source: | Code function: | 0_2_022294E4 | |
Source: | Code function: | 0_2_022244EA | |
Source: | Code function: | 0_2_022210F0 | |
Source: | Code function: | 0_2_022294C6 | |
Source: | Code function: | 0_2_02222CDA | |
Source: | Code function: | 0_2_02223CDA | |
Source: | Code function: | 0_2_02222D2D | |
Source: | Code function: | 0_2_02223D32 | |
Source: | Code function: | 0_2_0222253B | |
Source: | Code function: | 0_2_02225938 | |
Source: | Code function: | 0_2_02224102 | |
Source: | Code function: | 0_2_0222350A | |
Source: | Code function: | 0_2_02223170 | |
Source: | Code function: | 0_2_02229578 | |
Source: | Code function: | 0_2_02224140 | |
Source: | Code function: | 0_2_02224546 | |
Source: | Code function: | 0_2_02222544 | |
Source: | Code function: | 0_2_022225A9 | |
Source: | Code function: | 0_2_022241AC | |
Source: | Code function: | 0_2_022219BB | |
Source: | Code function: | 0_2_02221180 | |
Source: | Code function: | 0_2_02222981 | |
Source: | Code function: | 0_2_02223D86 | |
Source: | Code function: | 0_2_02222984 | |
Source: | Code function: | 0_2_02229590 | |
Source: | Code function: | 0_2_02225998 | |
Source: | Code function: | 0_2_022225F0 | |
Source: | Code function: | 0_2_022245F4 | |
Source: | Code function: | 0_2_022229C2 | |
Source: | Code function: | 0_2_02223DC6 | |
Source: | Code function: | 0_2_022211CC | |
Source: | Code function: | 0_2_022241D8 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_0040A5D9 | |
Source: | Code function: | 0_2_02228AEE |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contains functionality to detect hardware virtualization (CPUID execution measurement) | Show sources |
Source: | Code function: | 0_2_022294B1 | |
Source: | Code function: | 0_2_0222949A | |
Source: | Code function: | 0_2_022294E4 | |
Source: | Code function: | 0_2_022294FE | |
Source: | Code function: | 0_2_022294C6 | |
Source: | Code function: | 0_2_02229532 | |
Source: | Code function: | 0_2_0222951C | |
Source: | Code function: | 0_2_02229560 | |
Source: | Code function: | 0_2_02229578 | |
Source: | Code function: | 0_2_02222981 | |
Source: | Code function: | 0_2_02229590 |
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 0_2_02225909 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Anti Debugging: |
---|
Found potential dummy code loops (likely to delay analysis) | Show sources |
Source: | Process Stats: |
Source: | Code function: | 0_2_02225909 |
Source: | Code function: | 0_2_02225204 | |
Source: | Code function: | 0_2_02227EEA | |
Source: | Code function: | 0_2_02227B6C | |
Source: | Code function: | 0_2_02223467 | |
Source: | Code function: | 0_2_02223470 | |
Source: | Code function: | 0_2_02222981 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_02220691 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Virtualization/Sandbox Evasion11 | Input Capture1 | Security Software Discovery41 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Virtualization/Sandbox Evasion11 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information1 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Information Discovery311 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | ReversingLabs |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 434934 |
Start date: | 15.06.2021 |
Start time: | 16:55:18 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Cailbers22LongRiflorderlist.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.troj.evad.winEXE@1/0@0/0 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.908882457092713 |
TrID: |
|
File name: | Cailbers22LongRiflorderlist.exe |
File size: | 270336 |
MD5: | da7e577b39dc1882d8c2f5819ead22e3 |
SHA1: | 4c7ff9565349068f73d96f48423ee5ae4f832fa6 |
SHA256: | 66e4fb4c25d6f26bd7322782642f7b3ffd5747ca736e64868f8a3c76467bf8c0 |
SHA512: | 1d0ba9a828c6ed666ad5a7ac4bfc79f2f3ba2b8f555b02980365fa686296ac8bbb2fc4cd2a0e265d2c2967d45005bcab54b9d4114410b4ffb2f75df0be7988f7 |
SSDEEP: | 3072:SH1hZYJQKX+an/XNSn3N59UN9+xc9+OTPl3p1YCxsaX5vt42TM:eyvNy5aN8xK+OB3zYwHo |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c.S............&........ .......$......Rich....................PE..L....8.P.....................0.......(............@........ |
File Icon |
---|
Icon Hash: | 2828bae9d2777576 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x402894 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x50E938CB [Sun Jan 6 08:41:47 2013 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | adaafa2c180eccb7addf1201d12c8322 |
Entrypoint Preview |
---|
Instruction |
---|
push 004035CCh |
call 00007FBB149B2783h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], bh |
in eax, dx |
lodsb |
fxch7 st(7) |
inc ecx |
xchg eax, esi |
or eax, CE5BEE49h |
jle 00007FBB149B27DFh |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
insb |
imul esi, dword ptr [ebx+74h], 6C617665h |
add byte ptr [bx+si], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
add byte ptr [edi+00h], dh |
scasb |
push es |
add byte ptr [edi-2877B1F6h], cl |
mov esi, EDC7B255h |
sbb dword ptr [eax-24h], FFFFFFF2h |
sbb edi, dword ptr [ecx] |
dec esi |
mov ebx, 6A7E8640h |
lds esi, fword ptr [ecx] |
jmp 00007FBB63D55FFBh |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
mov es, word ptr [esi] |
add byte ptr [eax], al |
mov dword ptr [esi], eax |
add byte ptr [eax], al |
add byte ptr [edx], cl |
add byte ptr [ebx+74h], dl |
popad |
jc 00007FBB149B27FAh |
jc 00007FBB149B27C6h |
add byte ptr [42000B01h], cl |
jc 00007FBB149B27F8h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3e9f4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x42000 | 0x9ec | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x1b0 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3e0ac | 0x3f000 | False | 0.288361080109 | data | 6.04226982534 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x40000 | 0x1be8 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x42000 | 0x9ec | 0x1000 | False | 0.229248046875 | data | 2.11966183681 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x42704 | 0x2e8 | data | ||
RT_ICON | 0x4251c | 0x1e8 | data | ||
RT_ICON | 0x423f4 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x423c4 | 0x30 | data | ||
RT_VERSION | 0x42150 | 0x274 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLineInputStr, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaI2I4, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, __vbaVarLateMemCallLd, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
InternalName | Nonamorousness5 |
FileVersion | 1.00 |
CompanyName | Orion Solutions |
Comments | Orion Solutions |
ProductName | listevalg |
ProductVersion | 1.00 |
OriginalFilename | Nonamorousness5.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
System Behavior |
---|
General |
---|
Start time: | 16:56:09 |
Start date: | 15/06/2021 |
Path: | C:\Users\user\Desktop\Cailbers22LongRiflorderlist.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 270336 bytes |
MD5 hash: | DA7E577B39DC1882D8C2F5819EAD22E3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 02225909, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 393memorynativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02225938, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 166memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02225A23, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02225998, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022259F0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02225A6C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02225AC6, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02225B4F, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02225B2C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E3C0, Relevance: 6.0, APIs: 4, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02222981, Relevance: 5.1, Strings: 3, Instructions: 1350COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0222949A, Relevance: 4.7, Strings: 3, Instructions: 910COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223899, Relevance: 4.5, Strings: 3, Instructions: 763COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223A6A, Relevance: 4.5, Strings: 3, Instructions: 711COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223A9C, Relevance: 4.4, Strings: 3, Instructions: 700COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223AE8, Relevance: 4.4, Strings: 3, Instructions: 687COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223B64, Relevance: 4.4, Strings: 3, Instructions: 676COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223B88, Relevance: 4.4, Strings: 3, Instructions: 674COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223BEC, Relevance: 4.4, Strings: 3, Instructions: 672COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223B44, Relevance: 4.4, Strings: 3, Instructions: 670COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223C34, Relevance: 4.4, Strings: 3, Instructions: 635COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223C81, Relevance: 4.4, Strings: 3, Instructions: 627COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223CDA, Relevance: 4.4, Strings: 3, Instructions: 611COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223D32, Relevance: 4.3, Strings: 3, Instructions: 596COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223D86, Relevance: 4.3, Strings: 3, Instructions: 573COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223DC6, Relevance: 4.3, Strings: 3, Instructions: 566COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223E1C, Relevance: 4.3, Strings: 3, Instructions: 552COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223E64, Relevance: 4.3, Strings: 3, Instructions: 538COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223EC0, Relevance: 4.3, Strings: 3, Instructions: 513COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223F0A, Relevance: 4.2, Strings: 3, Instructions: 500COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223F50, Relevance: 4.2, Strings: 3, Instructions: 484COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223F98, Relevance: 4.2, Strings: 3, Instructions: 471COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223FE1, Relevance: 4.2, Strings: 3, Instructions: 457COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0222402C, Relevance: 4.2, Strings: 3, Instructions: 441COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02224102, Relevance: 2.9, Strings: 2, Instructions: 401COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02224140, Relevance: 2.9, Strings: 2, Instructions: 400COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022241AC, Relevance: 2.9, Strings: 2, Instructions: 374COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022241D8, Relevance: 2.9, Strings: 2, Instructions: 371COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02224248, Relevance: 2.8, Strings: 2, Instructions: 346COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02224284, Relevance: 2.8, Strings: 2, Instructions: 335COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022242D0, Relevance: 2.8, Strings: 2, Instructions: 330COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02224338, Relevance: 2.8, Strings: 2, Instructions: 313COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022243A4, Relevance: 2.8, Strings: 2, Instructions: 286COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02220F50, Relevance: 1.6, Strings: 1, Instructions: 334COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02220ED8, Relevance: 1.6, Strings: 1, Instructions: 333COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02220F32, Relevance: 1.6, Strings: 1, Instructions: 317COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02220FC4, Relevance: 1.5, Strings: 1, Instructions: 287COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02221014, Relevance: 1.5, Strings: 1, Instructions: 269COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02221068, Relevance: 1.5, Strings: 1, Instructions: 249COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02227E5E, Relevance: 1.5, Strings: 1, Instructions: 247COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022210AC, Relevance: 1.5, Strings: 1, Instructions: 234COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022210F0, Relevance: 1.5, Strings: 1, Instructions: 222COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02221180, Relevance: 1.4, Strings: 1, Instructions: 192COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022211CC, Relevance: 1.4, Strings: 1, Instructions: 173COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02221216, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0222127C, Relevance: 1.4, Strings: 1, Instructions: 139COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022212C2, Relevance: 1.4, Strings: 1, Instructions: 122COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02221308, Relevance: 1.4, Strings: 1, Instructions: 107COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222984, Relevance: .4, Instructions: 399COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022229C2, Relevance: .4, Instructions: 385COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222A24, Relevance: .4, Instructions: 362COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222A68, Relevance: .3, Instructions: 343COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222AC0, Relevance: .3, Instructions: 329COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222B1A, Relevance: .3, Instructions: 311COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222B9A, Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222BBA, Relevance: .3, Instructions: 283COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222C35, Relevance: .3, Instructions: 257COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02224454, Relevance: .3, Instructions: 255COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222C4E, Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0222253B, Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022244B0, Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222C92, Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222544, Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022244EA, Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222CDA, Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022225A9, Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02224546, Relevance: .2, Instructions: 211COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022225F0, Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222D2D, Relevance: .2, Instructions: 206COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0222263A, Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022294B1, Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022294C6, Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022245F4, Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022294E4, Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022294FE, Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02222688, Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223170, Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02229532, Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0222951C, Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022267A1, Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223467, Relevance: .2, Instructions: 165COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02229560, Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223470, Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022219BB, Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02229578, Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02229590, Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0222207E, Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022234B4, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0222350A, Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022256C8, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02223A93, Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02220691, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02227EEA, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02225204, Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02227B6C, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |