Windows Analysis Report US1pwXib6h.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: NetWire |
---|
{"C2 list": ["netno.ddns.net:6577", "ddns.dbcdubai.com:6577", "netsecond.duckdns.org:6577"], "Password": "Trinidado1@", "Host ID": "OJ", "Mutex": "oCTboYgC", "Install Path": "-", "Startup Name": "-", "ActiveX Key": "-", "KeyLog Directory": "%AppData%\\Logs\\"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
Click to see the 10 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
Click to see the 10 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Code function: | 2_2_0040C4B7 | |
Source: | Code function: | 2_2_0040E511 | |
Source: | Code function: | 2_2_0040EDD6 | |
Source: | Code function: | 2_2_0040D290 | |
Source: | Code function: | 2_1_0040C4B7 | |
Source: | Code function: | 2_1_0040E511 | |
Source: | Code function: | 2_1_0040EDD6 | |
Source: | Code function: | 2_1_0040D290 | |
Source: | Code function: | 6_2_0040C4B7 | |
Source: | Code function: | 6_2_0040E511 | |
Source: | Code function: | 6_2_0040EDD6 | |
Source: | Code function: | 6_2_0040D290 | |
Source: | Code function: | 6_1_0040C4B7 | |
Source: | Code function: | 6_1_0040E511 | |
Source: | Code function: | 6_1_0040EDD6 | |
Source: | Code function: | 6_1_0040D290 | |
Source: | Code function: | 9_2_0040C4B7 | |
Source: | Code function: | 9_2_0040E511 | |
Source: | Code function: | 9_2_0040EDD6 | |
Source: | Code function: | 9_2_0040D290 |
Compliance: |
---|
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00405302 | |
Source: | Code function: | 1_2_00405CD8 | |
Source: | Code function: | 1_2_0040263E | |
Source: | Code function: | 2_2_00406453 | |
Source: | Code function: | 2_2_0040680D | |
Source: | Code function: | 2_2_0040753D | |
Source: | Code function: | 2_2_00413A85 | |
Source: | Code function: | 2_2_0040DB1C | |
Source: | Code function: | 2_2_00406F83 | |
Source: | Code function: | 2_2_00406390 | |
Source: | Code function: | 2_1_00406453 | |
Source: | Code function: | 2_1_0040680D | |
Source: | Code function: | 2_1_0040753D | |
Source: | Code function: | 2_1_00413A85 | |
Source: | Code function: | 2_1_0040DB1C | |
Source: | Code function: | 2_1_00406F83 | |
Source: | Code function: | 2_1_00406390 | |
Source: | Code function: | 6_2_00406453 | |
Source: | Code function: | 6_2_0040680D | |
Source: | Code function: | 6_2_0040753D | |
Source: | Code function: | 6_2_00413A85 | |
Source: | Code function: | 6_2_0040DB1C | |
Source: | Code function: | 6_2_00406F83 | |
Source: | Code function: | 6_2_00406390 | |
Source: | Code function: | 6_1_00406453 | |
Source: | Code function: | 6_1_0040680D | |
Source: | Code function: | 6_1_0040753D | |
Source: | Code function: | 6_1_00413A85 | |
Source: | Code function: | 6_1_0040DB1C | |
Source: | Code function: | 6_1_00406F83 | |
Source: | Code function: | 6_1_00406390 | |
Source: | Code function: | 7_2_00405302 | |
Source: | Code function: | 7_2_00405CD8 | |
Source: | Code function: | 7_2_0040263E | |
Source: | Code function: | 9_2_00406453 | |
Source: | Code function: | 9_2_0040680D | |
Source: | Code function: | 9_2_0040753D | |
Source: | Code function: | 9_2_00413A85 | |
Source: | Code function: | 9_2_0040DB1C | |
Source: | Code function: | 9_2_00406F83 | |
Source: | Code function: | 9_2_00406390 |
Source: | Code function: | 2_2_00406084 |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Uses dynamic DNS services | Show sources |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | Code function: | 2_2_00405811 |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to log keystrokes | Show sources |
Source: | Code function: | 2_2_00409953 | |
Source: | Code function: | 2_1_00409953 | |
Source: | Code function: | 6_2_00409953 | |
Source: | Code function: | 6_1_00409953 | |
Source: | Code function: | 9_2_00409953 |
Source: | Code function: | 1_2_00404EB9 |
Source: | Code function: | 2_2_00411D8C |
Source: | Code function: | 2_2_00409953 |
Source: | Binary or memory string: |
Source: | Code function: | 2_2_00409CF9 |
Source: | Code function: | 2_2_00409953 | |
Source: | Code function: | 2_1_00409953 | |
Source: | Code function: | 6_2_00409953 | |
Source: | Code function: | 6_1_00409953 | |
Source: | Code function: | 9_2_00409953 |
Source: | Code function: | 2_1_00411A5C | |
Source: | Code function: | 2_1_0040262F |
Source: | Code function: | 1_2_004030CB | |
Source: | Code function: | 7_2_004030CB |
Source: | Code function: | 1_2_004046CA | |
Source: | Code function: | 1_2_00405FA8 | |
Source: | Code function: | 1_2_73861A98 | |
Source: | Code function: | 2_2_00403047 | |
Source: | Code function: | 2_2_0041D049 | |
Source: | Code function: | 2_2_00419463 | |
Source: | Code function: | 2_2_00415079 | |
Source: | Code function: | 2_2_00420420 | |
Source: | Code function: | 2_2_004208C0 | |
Source: | Code function: | 2_2_004034D3 | |
Source: | Code function: | 2_2_00414976 | |
Source: | Code function: | 2_2_00402E68 | |
Source: | Code function: | 2_2_00416619 | |
Source: | Code function: | 2_2_0040AEC6 | |
Source: | Code function: | 2_2_00402AFC | |
Source: | Code function: | 2_2_00415ABF | |
Source: | Code function: | 2_2_00420F40 | |
Source: | Code function: | 2_2_0041FF50 | |
Source: | Code function: | 2_2_0040A728 | |
Source: | Code function: | 2_1_00403047 | |
Source: | Code function: | 2_1_0041D049 | |
Source: | Code function: | 2_1_00419463 | |
Source: | Code function: | 2_1_00415079 | |
Source: | Code function: | 2_1_00420420 | |
Source: | Code function: | 2_1_004208C0 | |
Source: | Code function: | 2_1_004034D3 | |
Source: | Code function: | 2_1_00414976 | |
Source: | Code function: | 2_1_00402E68 | |
Source: | Code function: | 2_1_00416619 | |
Source: | Code function: | 2_1_0040AEC6 | |
Source: | Code function: | 2_1_00402AFC | |
Source: | Code function: | 2_1_00415ABF | |
Source: | Code function: | 2_1_00420F40 | |
Source: | Code function: | 2_1_0041FF50 | |
Source: | Code function: | 2_1_0040A728 | |
Source: | Code function: | 6_2_00403047 | |
Source: | Code function: | 6_2_0041D049 | |
Source: | Code function: | 6_2_00419463 | |
Source: | Code function: | 6_2_00415079 | |
Source: | Code function: | 6_2_00420420 | |
Source: | Code function: | 6_2_004208C0 | |
Source: | Code function: | 6_2_004034D3 | |
Source: | Code function: | 6_2_00414976 | |
Source: | Code function: | 6_2_00402E68 | |
Source: | Code function: | 6_2_00416619 | |
Source: | Code function: | 6_2_0040AEC6 | |
Source: | Code function: | 6_2_00402AFC | |
Source: | Code function: | 6_2_00415ABF | |
Source: | Code function: | 6_2_00420F40 | |
Source: | Code function: | 6_2_0041FF50 | |
Source: | Code function: | 6_2_0040A728 | |
Source: | Code function: | 6_1_00403047 | |
Source: | Code function: | 6_1_0041D049 | |
Source: | Code function: | 6_1_00419463 | |
Source: | Code function: | 6_1_00415079 | |
Source: | Code function: | 6_1_00420420 | |
Source: | Code function: | 6_1_004208C0 | |
Source: | Code function: | 6_1_004034D3 | |
Source: | Code function: | 6_1_00414976 | |
Source: | Code function: | 6_1_00402E68 | |
Source: | Code function: | 6_1_00416619 | |
Source: | Code function: | 6_1_0040AEC6 | |
Source: | Code function: | 6_1_00402AFC | |
Source: | Code function: | 6_1_00415ABF | |
Source: | Code function: | 6_1_00420F40 | |
Source: | Code function: | 6_1_0041FF50 | |
Source: | Code function: | 6_1_0040A728 | |
Source: | Code function: | 7_2_004046CA | |
Source: | Code function: | 7_2_00405FA8 | |
Source: | Code function: | 9_2_00403047 | |
Source: | Code function: | 9_2_0041D049 | |
Source: | Code function: | 9_2_00419463 | |
Source: | Code function: | 9_2_00415079 | |
Source: | Code function: | 9_2_00420420 | |
Source: | Code function: | 9_2_004208C0 | |
Source: | Code function: | 9_2_004034D3 | |
Source: | Code function: | 9_2_00414976 | |
Source: | Code function: | 9_2_00402E68 | |
Source: | Code function: | 9_2_00416619 | |
Source: | Code function: | 9_2_0040AEC6 | |
Source: | Code function: | 9_2_00402AFC | |
Source: | Code function: | 9_2_00415ABF | |
Source: | Code function: | 9_2_00420F40 | |
Source: | Code function: | 9_2_0041FF50 | |
Source: | Code function: | 9_2_0040A728 |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 1_2_004041CD |
Source: | Code function: | 2_2_00402570 |
Source: | Code function: | 1_2_00402020 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 1_2_00405CFF |
Source: | Code function: | 1_2_73862F8E | |
Source: | Code function: | 2_2_00409FDE | |
Source: | Code function: | 2_2_0040DD9F | |
Source: | Code function: | 2_2_0040DDD9 | |
Source: | Code function: | 2_2_0040DDF7 | |
Source: | Code function: | 2_2_0040E394 | |
Source: | Code function: | 2_2_0040A543 | |
Source: | Code function: | 2_2_00409980 | |
Source: | Code function: | 2_2_0040998D | |
Source: | Code function: | 2_2_00412058 | |
Source: | Code function: | 2_2_00406E69 | |
Source: | Code function: | 2_2_004027C8 | |
Source: | Code function: | 2_2_00402815 | |
Source: | Code function: | 2_2_004029B2 | |
Source: | Code function: | 2_2_0041470B | |
Source: | Code function: | 2_2_004097B9 | |
Source: | Code function: | 2_1_00409FDE | |
Source: | Code function: | 2_1_0040DD9F | |
Source: | Code function: | 2_1_0040DDD9 | |
Source: | Code function: | 2_1_0040DDF7 | |
Source: | Code function: | 2_1_0040E394 | |
Source: | Code function: | 2_1_0040A543 | |
Source: | Code function: | 2_1_00409980 | |
Source: | Code function: | 2_1_0040998D | |
Source: | Code function: | 2_1_00412058 | |
Source: | Code function: | 2_1_00406E69 | |
Source: | Code function: | 2_1_004027C8 | |
Source: | Code function: | 2_1_00402815 | |
Source: | Code function: | 2_1_004029B2 | |
Source: | Code function: | 2_1_0041470B | |
Source: | Code function: | 2_1_004097B9 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File opened / queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 1_2_00405302 | |
Source: | Code function: | 1_2_00405CD8 | |
Source: | Code function: | 1_2_0040263E | |
Source: | Code function: | 2_2_00406453 | |
Source: | Code function: | 2_2_0040680D | |
Source: | Code function: | 2_2_0040753D | |
Source: | Code function: | 2_2_00413A85 | |
Source: | Code function: | 2_2_0040DB1C | |
Source: | Code function: | 2_2_00406F83 | |
Source: | Code function: | 2_2_00406390 | |
Source: | Code function: | 2_1_00406453 | |
Source: | Code function: | 2_1_0040680D | |
Source: | Code function: | 2_1_0040753D | |
Source: | Code function: | 2_1_00413A85 | |
Source: | Code function: | 2_1_0040DB1C | |
Source: | Code function: | 2_1_00406F83 | |
Source: | Code function: | 2_1_00406390 | |
Source: | Code function: | 6_2_00406453 | |
Source: | Code function: | 6_2_0040680D | |
Source: | Code function: | 6_2_0040753D | |
Source: | Code function: | 6_2_00413A85 | |
Source: | Code function: | 6_2_0040DB1C | |
Source: | Code function: | 6_2_00406F83 | |
Source: | Code function: | 6_2_00406390 | |
Source: | Code function: | 6_1_00406453 | |
Source: | Code function: | 6_1_0040680D | |
Source: | Code function: | 6_1_0040753D | |
Source: | Code function: | 6_1_00413A85 | |
Source: | Code function: | 6_1_0040DB1C | |
Source: | Code function: | 6_1_00406F83 | |
Source: | Code function: | 6_1_00406390 | |
Source: | Code function: | 7_2_00405302 | |
Source: | Code function: | 7_2_00405CD8 | |
Source: | Code function: | 7_2_0040263E | |
Source: | Code function: | 9_2_00406453 | |
Source: | Code function: | 9_2_0040680D | |
Source: | Code function: | 9_2_0040753D | |
Source: | Code function: | 9_2_00413A85 | |
Source: | Code function: | 9_2_0040DB1C | |
Source: | Code function: | 9_2_00406F83 | |
Source: | Code function: | 9_2_00406390 |
Source: | Code function: | 2_2_00406084 |
Source: | Code function: | 2_2_004132E6 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_00405CFF |
Source: | Code function: | 4_2_0019F83E | |
Source: | Code function: | 4_2_0019F79E | |
Source: | Code function: | 4_2_0019F7DB |
HIPS / PFW / Operating System Protection Evasion: |
---|
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 2_2_004121C0 |
Source: | Code function: | 2_2_004121EF |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_0040A115 |
Source: | Code function: | 2_2_004130E8 |
Source: | Code function: | 1_2_004059FF |
Stealing of Sensitive Information: |
---|
Contains functionality to steal Chrome passwords or cookies | Show sources |
Source: | Code function: | 2_2_0040F281 | |
Source: | Code function: | 2_2_0040F382 | |
Source: | Code function: | 2_1_0040F281 | |
Source: | Code function: | 2_1_0040F382 | |
Source: | Code function: | 6_2_0040F281 | |
Source: | Code function: | 6_2_0040F382 | |
Source: | Code function: | 6_1_0040F281 | |
Source: | Code function: | 6_1_0040F382 | |
Source: | Code function: | 9_2_0040F281 | |
Source: | Code function: | 9_2_0040F382 |
Contains functionality to steal Internet Explorer form passwords | Show sources |
Source: | Code function: | 2_2_0040D745 | |
Source: | Code function: | 2_1_0040D745 | |
Source: | Code function: | 6_2_0040D745 | |
Source: | Code function: | 6_1_0040D745 | |
Source: | Code function: | 9_2_0040D745 |
Remote Access Functionality: |
---|
Yara detected NetWire RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Native API1 | Registry Run Keys / Startup Folder1 | Process Injection112 | Deobfuscate/Decode Files or Information1 | OS Credential Dumping2 | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Registry Run Keys / Startup Folder1 | Obfuscated Files or Information2 | Input Capture141 | Account Discovery1 | Remote Desktop Protocol | Screen Capture1 | Exfiltration Over Bluetooth | Encrypted Channel2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Software Packing21 | Credentials In Files2 | File and Directory Discovery3 | SMB/Windows Admin Shares | Input Capture141 | Automated Exfiltration | Non-Standard Port1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Masquerading1 | NTDS | System Information Discovery5 | Distributed Component Object Model | Clipboard Data1 | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Virtualization/Sandbox Evasion21 | LSA Secrets | Security Software Discovery111 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol21 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Process Injection112 | Cached Domain Credentials | Virtualization/Sandbox Evasion21 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | Process Discovery3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Owner/User Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | Remote System Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
15% | Virustotal | Browse | ||
27% | ReversingLabs | Win32.Backdoor.NetWiredRc | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
27% | ReversingLabs | Win32.Backdoor.NetWiredRc |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1137482 | Download File | ||
100% | Avira | HEUR/AGEN.1137482 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1137482 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1137482 | Download File | ||
100% | Avira | HEUR/AGEN.1137482 | Download File | ||
100% | Avira | HEUR/AGEN.1137482 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1137482 | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1137482 | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1137482 | Download File | ||
100% | Avira | TR/Spy.Gen | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
netsecond.duckdns.org | 192.71.172.145 | true | true |
| unknown |
ddns.dbcdubai.com | 99.83.154.118 | true | true | unknown | |
netno.ddns.net | 192.71.172.145 | true | true | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| low |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 435325 |
Start date: | 16.06.2021 |
Start time: | 12:17:51 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 27s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | US1pwXib6h.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@9/10@14/3 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
12:19:00 | Autostart | |
12:19:03 | API Interceptor | |
12:19:08 | Autostart | |
12:19:09 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
99.83.154.118 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
netsecond.duckdns.org | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
TELIANETTeliaCarrierEU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsmBB29.tmp\System.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
C:\Users\user\AppData\Local\Temp\nst9B9A.tmp\System.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 164352 |
Entropy (8bit): | 7.99888202272782 |
Encrypted: | true |
SSDEEP: | 3072:nuGFc5H2Avwflf88feBN9eovlP9T+8yzKAnmKWBysmcz+d6OObWJjhY7dLHm:qHNItf88WBtvd9r4nmKNeyPObWhqxm |
MD5: | 7A4AE896CD2EBACFFD6D78170B53FCAA |
SHA1: | A445DBFA51502DCEF66EE058BAE9139B6EC93B8D |
SHA-256: | 98E678F95E223D306BD6DB6FA9D8CBEC4F109E02B00761A0A248E3281D68D10B |
SHA-512: | 2968A5A7AF0EBD95A0188BC8E538E9F0F88B74DCC0C6029FF461848AA1D6AC60F9377D0979CBDC92131F7419AE5F3878DA9DC1FEA6C51D41B2D37B7F38E40B3F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 59441 |
Entropy (8bit): | 4.972654246459409 |
Encrypted: | false |
SSDEEP: | 768:QWeteWZ6yuLDwhWeHhYFIaxTtGU5/nxWEFdGv6ypEK+U5/YpNfVXw6M+oLLmuNyF:UfWLDwsceGEFd2Zl/cfjovQFJTpkAB |
MD5: | F88C142D13998842037A6149E08A7AF3 |
SHA1: | DEB11C8456734B9D77CA451764145BCAE2C8A3D5 |
SHA-256: | 0321365F007604FAC07BC584931929CDFA7C2DE6C2DE31DE24CE36168DDD24F8 |
SHA-512: | 643742D7C2FE77F0C6D2424C3947391DD1E1D03CADAE388A43FB3CCD5F2BB63B13C476311F3510C7BA57812C33715465EAFCE5CD37E242B48D508B1F3DBD23EE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.855045165595541 |
Encrypted: | false |
SSDEEP: | 192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4 |
MD5: | FCCFF8CB7A1067E23FD2E2B63971A8E1 |
SHA1: | 30E2A9E137C1223A78A0F7B0BF96A1C361976D91 |
SHA-256: | 6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E |
SHA-512: | F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.855045165595541 |
Encrypted: | false |
SSDEEP: | 192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4 |
MD5: | FCCFF8CB7A1067E23FD2E2B63971A8E1 |
SHA1: | 30E2A9E137C1223A78A0F7B0BF96A1C361976D91 |
SHA-256: | 6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E |
SHA-512: | F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\US1pwXib6h.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.855045165595541 |
Encrypted: | false |
SSDEEP: | 192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4 |
MD5: | FCCFF8CB7A1067E23FD2E2B63971A8E1 |
SHA1: | 30E2A9E137C1223A78A0F7B0BF96A1C361976D91 |
SHA-256: | 6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E |
SHA-512: | F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C |
Malicious: | false |
Antivirus: |
|
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\US1pwXib6h.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 218807 |
Entropy (8bit): | 7.899471179052997 |
Encrypted: | false |
SSDEEP: | 6144:cQqTMHNItf88WBtvd9r4nmKNeyPObWhqxD4cft:yMHCtf88WBtvd9c5NJhAJ |
MD5: | 91514B3627E78E42CB05BC608737A47F |
SHA1: | B48882A3D656068E30B88671AEE71010E5602D32 |
SHA-256: | E0E0CA8EC324752ED823C7E503992398E817663828F94B4CA699FF1965095C31 |
SHA-512: | B50BE6BED7809B76697B4E9849453A12ADE782AFD43F63AE1C8207EE11E26F95E374293CDC4523F5A5B00030D564E67C04EFC0F80C5B2571EE37D19ECB08FC7E |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.899471179052997 |
TrID: |
|
File name: | US1pwXib6h.exe |
File size: | 218807 |
MD5: | 91514b3627e78e42cb05bc608737a47f |
SHA1: | b48882a3d656068e30b88671aee71010e5602d32 |
SHA256: | e0e0ca8ec324752ed823c7e503992398e817663828f94b4ca699ff1965095c31 |
SHA512: | b50be6bed7809b76697b4e9849453a12ade782afd43f63ae1c8207ee11e26f95e374293cdc4523f5a5b00030d564e67c04efc0f80c5b2571ee37d19ecb08fc7e |
SSDEEP: | 6144:cQqTMHNItf88WBtvd9r4nmKNeyPObWhqxD4cft:yMHCtf88WBtvd9c5NJhAJ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................Z......... |
File Icon |
---|
Icon Hash: | b2a88c96b2ca6a72 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4030cb |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4B1AE3C1 [Sat Dec 5 22:50:41 2009 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 7fa974366048f9c551ef45714595665e |
Entrypoint Preview |
---|
Instruction |
---|
sub esp, 00000180h |
push ebx |
push ebp |
push esi |
xor ebx, ebx |
push edi |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409160h |
xor esi, esi |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [00407030h] |
push 00008001h |
call dword ptr [004070B0h] |
push ebx |
call dword ptr [0040727Ch] |
push 00000008h |
mov dword ptr [00423F38h], eax |
call 00007F67F89CA776h |
mov dword ptr [00423E84h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 00000160h |
push eax |
push ebx |
push 0041F430h |
call dword ptr [00407158h] |
push 00409154h |
push 00423680h |
call 00007F67F89CA429h |
call dword ptr [004070ACh] |
mov edi, 00429000h |
push eax |
push edi |
call 00007F67F89CA417h |
push ebx |
call dword ptr [0040710Ch] |
cmp byte ptr [00429000h], 00000022h |
mov dword ptr [00423E80h], eax |
mov eax, edi |
jne 00007F67F89C7B8Ch |
mov byte ptr [esp+14h], 00000022h |
mov eax, 00429001h |
push dword ptr [esp+14h] |
push eax |
call 00007F67F89C9F0Ah |
push eax |
call dword ptr [0040721Ch] |
mov dword ptr [esp+1Ch], eax |
jmp 00007F67F89C7BE5h |
cmp cl, 00000020h |
jne 00007F67F89C7B88h |
inc eax |
cmp byte ptr [eax], 00000020h |
je 00007F67F89C7B7Ch |
cmp byte ptr [eax], 00000022h |
mov byte ptr [eax+eax+00h], 00000000h |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x73a4 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c000 | 0xc68 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x28c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x58d2 | 0x5a00 | False | 0.665234375 | data | 6.43310034828 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1190 | 0x1200 | False | 0.4453125 | data | 5.17976375781 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x1af78 | 0x400 | False | 0.55078125 | data | 4.6178023207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x24000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2c000 | 0xc68 | 0xe00 | False | 0.407087053571 | data | 3.98321239368 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x2c1d8 | 0x2e8 | data | English | United States |
RT_DIALOG | 0x2c4c0 | 0x100 | data | English | United States |
RT_DIALOG | 0x2c5c0 | 0x11c | data | English | United States |
RT_DIALOG | 0x2c6e0 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x2c740 | 0x14 | data | English | United States |
RT_VERSION | 0x2c758 | 0x23c | data | ||
RT_MANIFEST | 0x2c998 | 0x2cc | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | rules |
FileVersion | 6.3.0.6 |
CompanyName | cloak |
LegalTrademarks | erect |
Comments | conspired |
ProductName | unsubstantiated |
FileDescription | team |
Translation | 0x0000 0x04e4 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 16, 2021 12:19:02.259550095 CEST | 49722 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:02.365412951 CEST | 6577 | 49722 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:02.967448950 CEST | 49722 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:03.102101088 CEST | 6577 | 49722 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:03.608076096 CEST | 49722 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:03.710465908 CEST | 6577 | 49722 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:03.943574905 CEST | 49725 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:19:06.952198029 CEST | 49725 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:19:12.968271971 CEST | 49725 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:19:25.336196899 CEST | 49731 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:25.435848951 CEST | 6577 | 49731 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:25.938020945 CEST | 49731 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:26.039024115 CEST | 6577 | 49731 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:26.547477961 CEST | 49731 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:26.645812988 CEST | 6577 | 49731 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:26.967128038 CEST | 49732 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:27.069839001 CEST | 6577 | 49732 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:27.578855991 CEST | 49732 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:27.697033882 CEST | 6577 | 49732 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:28.203964949 CEST | 49732 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:28.302525043 CEST | 6577 | 49732 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:28.535087109 CEST | 49733 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:19:31.532247066 CEST | 49733 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:19:37.610933065 CEST | 49733 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:19:49.879136086 CEST | 49746 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:49.981734037 CEST | 6577 | 49746 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:50.487054110 CEST | 49746 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:50.603176117 CEST | 6577 | 49746 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:51.112101078 CEST | 49746 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:51.223711967 CEST | 6577 | 49746 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:52.091159105 CEST | 49747 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:52.201728106 CEST | 6577 | 49747 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:52.705924034 CEST | 49747 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:52.809077024 CEST | 6577 | 49747 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:53.409106016 CEST | 49747 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:19:53.507244110 CEST | 6577 | 49747 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:19:53.819104910 CEST | 49748 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:19:56.909404993 CEST | 49748 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:20:02.909858942 CEST | 49748 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:20:15.287276030 CEST | 49756 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:15.385623932 CEST | 6577 | 49756 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:15.895313025 CEST | 49756 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:16.027228117 CEST | 6577 | 49756 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:16.536015987 CEST | 49756 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:16.636188030 CEST | 6577 | 49756 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:16.871905088 CEST | 49758 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:16.969990969 CEST | 6577 | 49758 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:17.473753929 CEST | 49758 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:17.571770906 CEST | 6577 | 49758 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:18.083295107 CEST | 49758 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:18.185758114 CEST | 6577 | 49758 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:18.408498049 CEST | 49759 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:20:21.411658049 CEST | 49759 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:20:27.427573919 CEST | 49759 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:20:39.824605942 CEST | 49762 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:39.922693968 CEST | 6577 | 49762 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:40.425340891 CEST | 49762 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:40.530154943 CEST | 6577 | 49762 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:41.034846067 CEST | 49762 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:41.133194923 CEST | 6577 | 49762 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:41.379147053 CEST | 49763 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:41.480571032 CEST | 6577 | 49763 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:41.988254070 CEST | 49763 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:42.091746092 CEST | 6577 | 49763 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:42.597424030 CEST | 49763 | 6577 | 192.168.2.6 | 192.71.172.145 |
Jun 16, 2021 12:20:42.708498955 CEST | 6577 | 49763 | 192.71.172.145 | 192.168.2.6 |
Jun 16, 2021 12:20:42.911950111 CEST | 49764 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:20:45.925753117 CEST | 49764 | 6577 | 192.168.2.6 | 99.83.154.118 |
Jun 16, 2021 12:20:51.926316977 CEST | 49764 | 6577 | 192.168.2.6 | 99.83.154.118 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 16, 2021 12:18:37.141690969 CEST | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:37.193067074 CEST | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:37.200437069 CEST | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:37.251755953 CEST | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:38.081584930 CEST | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:38.141149998 CEST | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:38.193691015 CEST | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:38.253101110 CEST | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:39.070792913 CEST | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:39.121133089 CEST | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:39.866080046 CEST | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:39.916546106 CEST | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:40.900638103 CEST | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:40.950896978 CEST | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:50.476418018 CEST | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:50.534347057 CEST | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:54.080560923 CEST | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:54.133611917 CEST | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:55.075109959 CEST | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:55.140033960 CEST | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:55.930752039 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:55.981214046 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:56.782294989 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:56.838805914 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:57.927056074 CEST | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:57.977770090 CEST | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:18:58.851322889 CEST | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:18:58.918972015 CEST | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:00.587951899 CEST | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:00.645564079 CEST | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:01.492130041 CEST | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:01.551403999 CEST | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:02.181119919 CEST | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:02.244160891 CEST | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:02.373374939 CEST | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:02.426614046 CEST | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:03.334331036 CEST | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:03.388079882 CEST | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:03.857049942 CEST | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:03.941929102 CEST | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:04.312423944 CEST | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:04.374114990 CEST | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:05.136055946 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:05.192217112 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:17.098731041 CEST | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:17.160228968 CEST | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:25.109397888 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:25.335073948 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:26.901343107 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:26.965903997 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:28.439774036 CEST | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:28.531289101 CEST | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:32.670300007 CEST | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:32.723649979 CEST | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:39.188069105 CEST | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:39.330099106 CEST | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:39.851923943 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:39.926845074 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:40.097626925 CEST | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:40.159573078 CEST | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:40.818876028 CEST | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:41.136869907 CEST | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:41.640993118 CEST | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:41.710839987 CEST | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:42.714555025 CEST | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:42.781389952 CEST | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:43.435857058 CEST | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:43.497879982 CEST | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:44.098290920 CEST | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:44.166659117 CEST | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:44.973438978 CEST | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:45.033236980 CEST | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:46.031492949 CEST | 58177 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:46.090606928 CEST | 53 | 58177 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:46.588483095 CEST | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:46.641470909 CEST | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:49.807735920 CEST | 54069 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:49.877819061 CEST | 53 | 54069 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:51.366024971 CEST | 61178 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:51.425685883 CEST | 53 | 61178 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:53.751140118 CEST | 57017 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:53.814482927 CEST | 53 | 57017 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:19:58.142888069 CEST | 56327 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:19:58.205275059 CEST | 53 | 56327 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:20:15.064660072 CEST | 50243 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:20:15.285846949 CEST | 53 | 50243 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:20:15.983633041 CEST | 62055 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:20:16.070377111 CEST | 53 | 62055 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:20:16.798211098 CEST | 61249 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:20:16.868933916 CEST | 53 | 61249 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:20:18.346585035 CEST | 65252 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:20:18.406245947 CEST | 53 | 65252 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:20:28.833482027 CEST | 64367 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:20:28.915441990 CEST | 53 | 64367 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:20:31.154624939 CEST | 55066 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:20:31.226069927 CEST | 53 | 55066 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:20:39.602674007 CEST | 60211 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:20:39.823373079 CEST | 53 | 60211 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:20:41.307471037 CEST | 56570 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:20:41.377844095 CEST | 53 | 56570 | 8.8.8.8 | 192.168.2.6 |
Jun 16, 2021 12:20:42.847150087 CEST | 58454 | 53 | 192.168.2.6 | 8.8.8.8 |
Jun 16, 2021 12:20:42.909445047 CEST | 53 | 58454 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 16, 2021 12:19:02.181119919 CEST | 192.168.2.6 | 8.8.8.8 | 0xa981 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:19:03.857049942 CEST | 192.168.2.6 | 8.8.8.8 | 0x153f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:19:25.109397888 CEST | 192.168.2.6 | 8.8.8.8 | 0xd759 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:19:26.901343107 CEST | 192.168.2.6 | 8.8.8.8 | 0xef55 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:19:28.439774036 CEST | 192.168.2.6 | 8.8.8.8 | 0xbe9c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:19:49.807735920 CEST | 192.168.2.6 | 8.8.8.8 | 0xfd2a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:19:51.366024971 CEST | 192.168.2.6 | 8.8.8.8 | 0xeb32 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:19:53.751140118 CEST | 192.168.2.6 | 8.8.8.8 | 0x9e36 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:20:15.064660072 CEST | 192.168.2.6 | 8.8.8.8 | 0x26bb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:20:16.798211098 CEST | 192.168.2.6 | 8.8.8.8 | 0xd59b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:20:18.346585035 CEST | 192.168.2.6 | 8.8.8.8 | 0x38ae | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:20:39.602674007 CEST | 192.168.2.6 | 8.8.8.8 | 0x142c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:20:41.307471037 CEST | 192.168.2.6 | 8.8.8.8 | 0xdce | Standard query (0) | A (IP address) | IN (0x0001) | |
Jun 16, 2021 12:20:42.847150087 CEST | 192.168.2.6 | 8.8.8.8 | 0x2e10 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 16, 2021 12:19:02.244160891 CEST | 8.8.8.8 | 192.168.2.6 | 0xa981 | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:19:03.941929102 CEST | 8.8.8.8 | 192.168.2.6 | 0x153f | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:19:25.335073948 CEST | 8.8.8.8 | 192.168.2.6 | 0xd759 | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:19:26.965903997 CEST | 8.8.8.8 | 192.168.2.6 | 0xef55 | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:19:28.531289101 CEST | 8.8.8.8 | 192.168.2.6 | 0xbe9c | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:19:49.877819061 CEST | 8.8.8.8 | 192.168.2.6 | 0xfd2a | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:19:51.425685883 CEST | 8.8.8.8 | 192.168.2.6 | 0xeb32 | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:19:53.814482927 CEST | 8.8.8.8 | 192.168.2.6 | 0x9e36 | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:20:15.285846949 CEST | 8.8.8.8 | 192.168.2.6 | 0x26bb | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:20:16.868933916 CEST | 8.8.8.8 | 192.168.2.6 | 0xd59b | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:20:18.406245947 CEST | 8.8.8.8 | 192.168.2.6 | 0x38ae | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:20:39.823373079 CEST | 8.8.8.8 | 192.168.2.6 | 0x142c | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:20:41.377844095 CEST | 8.8.8.8 | 192.168.2.6 | 0xdce | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
Jun 16, 2021 12:20:42.909445047 CEST | 8.8.8.8 | 192.168.2.6 | 0x2e10 | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:18:56 |
Start date: | 16/06/2021 |
Path: | C:\Users\user\Desktop\US1pwXib6h.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 218807 bytes |
MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:18:57 |
Start date: | 16/06/2021 |
Path: | C:\Users\user\Desktop\US1pwXib6h.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 218807 bytes |
MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:19:08 |
Start date: | 16/06/2021 |
Path: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 218807 bytes |
MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:19:10 |
Start date: | 16/06/2021 |
Path: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 218807 bytes |
MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:19:16 |
Start date: | 16/06/2021 |
Path: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 218807 bytes |
MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:19:18 |
Start date: | 16/06/2021 |
Path: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 218807 bytes |
MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 004030CB, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 73861A98, Relevance: 25.1, APIs: 13, Strings: 1, Instructions: 591stringlibrarymemoryCOMMONCrypto
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405302, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CD8, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403526, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E5B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
C-Code - Quality: 94% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004063DD, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004065DE, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062F4, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DF9, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406247, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406365, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062B1, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 73862921, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056B4, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405695, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 73862A38, Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
C-Code - Quality: 19% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040304E, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403080, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 7386101B, Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 73861215, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 004046CA, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404EB9, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041CD, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 266stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004059FF, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004038BC, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403ED7, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040572B, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 738622F1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403DF6, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040464A, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B3B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 73861837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404568, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040523D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BBE, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404CCB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405517, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405629, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E61, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 87registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410608, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408AB3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409CF9, Relevance: 4.6, APIs: 3, Instructions: 84windowCOMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405999, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407F08, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407EF4, Relevance: 1.3, APIs: 1, Instructions: 7sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00409953, Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 210keyboardCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C4B7, Relevance: 56.7, APIs: 14, Strings: 18, Instructions: 656registryencryptionwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411D8C, Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 195windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D049, Relevance: 25.0, APIs: 11, Strings: 3, Instructions: 453fileCOMMONCrypto
C-Code - Quality: 15% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EDD6, Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 236stringfileencryptionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406F83, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 184stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040753D, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 280fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D745, Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 232registryfileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413A85, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 151fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406453, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 204filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406390, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040680D, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 168fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DB1C, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D290, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98encryptionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 32% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405811, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A115, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415079, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 432COMMONCrypto
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415ABF, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 396COMMONCrypto
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004121EF, Relevance: 3.0, APIs: 2, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408417, Relevance: 56.3, APIs: 13, Strings: 19, Instructions: 294libraryloaderCOMMON
C-Code - Quality: 18% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408417, Relevance: 54.5, APIs: 13, Strings: 18, Instructions: 294libraryloaderCOMMON
C-Code - Quality: 18% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DCE9, Relevance: 38.9, APIs: 16, Strings: 6, Instructions: 395libraryloaderCOMMON
C-Code - Quality: 35% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410FC4, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 236registryCOMMON
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004113B8, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 198pipeprocessfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FE8C, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 184timeprocessCOMMON
C-Code - Quality: 36% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004093E7, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 177networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410ADA, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 230registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040970C, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 132filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C197, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 83fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408FE0, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 156fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4BC, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 155libraryloadertimeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040970C, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 132filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C2DB, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 91fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 31% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407302, Relevance: 15.1, APIs: 10, Instructions: 94fileCOMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408FE0, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 156fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408042, Relevance: 13.6, APIs: 9, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F151, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 187stringCOMMON
C-Code - Quality: 30% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041086B, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D7D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054AC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E7B0, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 133stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401DD8, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 58stringCOMMON
C-Code - Quality: 31% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405328, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89networkCOMMON
C-Code - Quality: 48% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004109D8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406D22, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50processCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407E8C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E9B6, Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 233stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D420, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 105registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B016, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B105, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414470, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61processthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041ED42, Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
C-Code - Quality: 27% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C5A7, Relevance: 6.1, APIs: 4, Instructions: 55fileCOMMON
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407FC3, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406E04, Relevance: 6.0, APIs: 4, Instructions: 32fileCOMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004049CF, Relevance: 5.5, APIs: 4, Instructions: 475COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408218, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A115, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Non-executed Functions |
---|
Function 0019F79E, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019F7DB, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0019F83E, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00408FE0, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 156fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408FE0, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 156fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408AB3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00409953, Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 210keyboardCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D049, Relevance: 25.0, APIs: 11, Strings: 3, Instructions: 453fileCOMMONCrypto
C-Code - Quality: 15% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EDD6, Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 236stringfileencryptionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406F83, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 184stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040753D, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 280fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D745, Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 232registryfileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413A85, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 151fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406453, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 204filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406390, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040680D, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 168fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DB1C, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D290, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98encryptionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415079, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 432COMMONCrypto
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415ABF, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 396COMMONCrypto
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408417, Relevance: 56.3, APIs: 13, Strings: 19, Instructions: 294libraryloaderCOMMON
C-Code - Quality: 18% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408417, Relevance: 54.5, APIs: 13, Strings: 18, Instructions: 294libraryloaderCOMMON
C-Code - Quality: 18% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DCE9, Relevance: 38.9, APIs: 16, Strings: 6, Instructions: 395libraryloaderCOMMON
C-Code - Quality: 35% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411D8C, Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 195windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410FC4, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 236registryCOMMON
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004113B8, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 198pipeprocessfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040262F, Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 282networkCOMMON
C-Code - Quality: 43% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FE8C, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 184timeprocessCOMMON
C-Code - Quality: 36% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004093E7, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 177networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E61, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 87registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410ADA, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 230registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040970C, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 132filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C197, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 83fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4BC, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 155libraryloadertimeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040970C, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 132filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C2DB, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 91fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 31% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407302, Relevance: 15.1, APIs: 10, Instructions: 94fileCOMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408042, Relevance: 13.6, APIs: 9, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F151, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 187stringCOMMON
C-Code - Quality: 30% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041086B, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 32% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D7D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054AC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E7B0, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 133stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401DD8, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 58stringCOMMON
C-Code - Quality: 31% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405328, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89networkCOMMON
C-Code - Quality: 48% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004109D8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406D22, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50processCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407E8C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E9B6, Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 233stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D420, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 105registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B016, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B105, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414470, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61processthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405811, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410608, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A115, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041ED42, Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
C-Code - Quality: 27% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C5A7, Relevance: 6.1, APIs: 4, Instructions: 55fileCOMMON
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407FC3, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406E04, Relevance: 6.0, APIs: 4, Instructions: 32fileCOMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004049CF, Relevance: 5.5, APIs: 4, Instructions: 475COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408218, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A115, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 004030CB, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405302, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CD8, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403526, Relevance: 52.7, APIs: 16, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E5B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
C-Code - Quality: 94% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004063DD, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004065DE, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062F4, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DF9, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406247, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406365, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062B1, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056B4, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405695, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040304E, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403080, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 004046CA, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404EB9, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004038BC, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403ED7, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041CD, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040572B, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004059FF, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403DF6, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040464A, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B3B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404568, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040523D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BBE, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404CCB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405517, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405629, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00408FE0, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 156fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408AB3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00409953, Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 210keyboardCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D049, Relevance: 25.0, APIs: 11, Strings: 3, Instructions: 453fileCOMMONCrypto
C-Code - Quality: 15% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EDD6, Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 236stringfileencryptionCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040753D, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 280fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406453, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 204filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040680D, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 168fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415079, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 432COMMONCrypto
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408417, Relevance: 56.3, APIs: 13, Strings: 19, Instructions: 294libraryloaderCOMMON
C-Code - Quality: 18% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DCE9, Relevance: 38.9, APIs: 16, Strings: 6, Instructions: 395libraryloaderCOMMON
C-Code - Quality: 35% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411D8C, Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 195windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C197, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 83fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4BC, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 155libraryloadertimeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408042, Relevance: 13.6, APIs: 9, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F151, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 187stringCOMMON
C-Code - Quality: 30% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041086B, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D7D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054AC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401DD8, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 58stringCOMMON
C-Code - Quality: 31% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004109D8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406D22, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50processCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D420, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 105registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B016, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B105, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414470, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61processthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405811, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A115, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041ED42, Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
C-Code - Quality: 27% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C5A7, Relevance: 6.1, APIs: 4, Instructions: 55fileCOMMON
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004049CF, Relevance: 5.5, APIs: 4, Instructions: 475COMMON
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |