Play interactive tour
Edit tourWindows Analysis Report US1pwXib6h.exe
Overview
General Information
| Sample Name: | US1pwXib6h.exe |
| Analysis ID: | 435325 |
| MD5: | 91514b3627e78e42cb05bc608737a47f |
| SHA1: | b48882a3d656068e30b88671aee71010e5602d32 |
| SHA256: | e0e0ca8ec324752ed823c7e503992398e817663828f94b4ca699ff1965095c31 |
| Tags: | exeNetWireRAT |
| Infos: | |
Most interesting Screenshot:  | |
Detection
NetWire
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected NetWire RAT
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Internet Explorer form passwords
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Uses dynamic DNS services
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Classification
Process Tree |
|---|
|
Malware Configuration |
|---|
Threatname: NetWire |
|---|
{"C2 list": ["netno.ddns.net:6577", "ddns.dbcdubai.com:6577", "netsecond.duckdns.org:6577"], "Password": "Trinidado1@", "Host ID": "OJ", "Mutex": "oCTboYgC", "Install Path": "-", "Startup Name": "-", "ActiveX Key": "-", "KeyLog Directory": "%AppData%\\Logs\\"}Yara Overview |
|---|
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| Click to see the 10 entries | ||||
Unpacked PEs |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| JoeSecurity_NetWire_1 | Yara detected NetWire RAT | Joe Security | ||
| Click to see the 10 entries | ||||
Sigma Overview |
|---|
| No Sigma rule has matched |
|---|
Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
AV Detection: |   |
|---|
| Found malware configuration | Show sources | ||
| Source: | Malware Configuration Extractor: | ||
| Multi AV Scanner detection for dropped file | Show sources | ||
| Source: | ReversingLabs: | ||
| Multi AV Scanner detection for submitted file | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Machine Learning detection for dropped file | Show sources | ||
| Source: | Joe Sandbox ML: | ||
| Machine Learning detection for sample | Show sources | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Code function: | 2_2_0040C4B7 | |
| Source: | Code function: | 2_2_0040E511 | |
| Source: | Code function: | 2_2_0040EDD6 | |
| Source: | Code function: | 2_2_0040D290 | |
| Source: | Code function: | 2_1_0040C4B7 | |
| Source: | Code function: | 2_1_0040E511 | |
| Source: | Code function: | 2_1_0040EDD6 | |
| Source: | Code function: | 2_1_0040D290 | |
| Source: | Code function: | 6_2_0040C4B7 | |
| Source: | Code function: | 6_2_0040E511 | |
| Source: | Code function: | 6_2_0040EDD6 | |
| Source: | Code function: | 6_2_0040D290 | |
| Source: | Code function: | 6_1_0040C4B7 | |
| Source: | Code function: | 6_1_0040E511 | |
| Source: | Code function: | 6_1_0040EDD6 | |
| Source: | Code function: | 6_1_0040D290 | |
| Source: | Code function: | 9_2_0040C4B7 | |
| Source: | Code function: | 9_2_0040E511 | |
| Source: | Code function: | 9_2_0040EDD6 | |
| Source: | Code function: | 9_2_0040D290 | |
Compliance: | |
|---|
| Detected unpacking (overwrites its own PE header) | Show sources | ||
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 1_2_00405302 | |
| Source: | Code function: | 1_2_00405CD8 | |
| Source: | Code function: | 1_2_0040263E | |
| Source: | Code function: | 2_2_00406453 | |
| Source: | Code function: | 2_2_0040680D | |
| Source: | Code function: | 2_2_0040753D | |
| Source: | Code function: | 2_2_00413A85 | |
| Source: | Code function: | 2_2_0040DB1C | |
| Source: | Code function: | 2_2_00406F83 | |
| Source: | Code function: | 2_2_00406390 | |
| Source: | Code function: | 2_1_00406453 | |
| Source: | Code function: | 2_1_0040680D | |
| Source: | Code function: | 2_1_0040753D | |
| Source: | Code function: | 2_1_00413A85 | |
| Source: | Code function: | 2_1_0040DB1C | |
| Source: | Code function: | 2_1_00406F83 | |
| Source: | Code function: | 2_1_00406390 | |
| Source: | Code function: | 6_2_00406453 | |
| Source: | Code function: | 6_2_0040680D | |
| Source: | Code function: | 6_2_0040753D | |
| Source: | Code function: | 6_2_00413A85 | |
| Source: | Code function: | 6_2_0040DB1C | |
| Source: | Code function: | 6_2_00406F83 | |
| Source: | Code function: | 6_2_00406390 | |
| Source: | Code function: | 6_1_00406453 | |
| Source: | Code function: | 6_1_0040680D | |
| Source: | Code function: | 6_1_0040753D | |
| Source: | Code function: | 6_1_00413A85 | |
| Source: | Code function: | 6_1_0040DB1C | |
| Source: | Code function: | 6_1_00406F83 | |
| Source: | Code function: | 6_1_00406390 | |
| Source: | Code function: | 7_2_00405302 | |
| Source: | Code function: | 7_2_00405CD8 | |
| Source: | Code function: | 7_2_0040263E | |
| Source: | Code function: | 9_2_00406453 | |
| Source: | Code function: | 9_2_0040680D | |
| Source: | Code function: | 9_2_0040753D | |
| Source: | Code function: | 9_2_00413A85 | |
| Source: | Code function: | 9_2_0040DB1C | |
| Source: | Code function: | 9_2_00406F83 | |
| Source: | Code function: | 9_2_00406390 | |
| Source: | Code function: | 2_2_00406084 | |
Networking: | |
|---|
| C2 URLs / IPs found in malware configuration | Show sources | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Uses dynamic DNS services | Show sources | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | Code function: | 2_2_00405811 | |
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing: | |
|---|
| Contains functionality to log keystrokes | Show sources | ||
| Source: | Code function: | 2_2_00409953 | |
| Source: | Code function: | 2_1_00409953 | |
| Source: | Code function: | 6_2_00409953 | |
| Source: | Code function: | 6_1_00409953 | |
| Source: | Code function: | 9_2_00409953 | |
| Source: | Code function: | 1_2_00404EB9 | |
| Source: | Code function: | 2_2_00411D8C | |
| Source: | Code function: | 2_2_00409953 | |
| Source: | Binary or memory string: | ||
| Source: | Code function: | 2_2_00409CF9 | |
| Source: | Code function: | 2_2_00409953 | |
| Source: | Code function: | 2_1_00409953 | |
| Source: | Code function: | 6_2_00409953 | |
| Source: | Code function: | 6_1_00409953 | |
| Source: | Code function: | 9_2_00409953 | |
| Source: | Code function: | 2_1_00411A5C | |
| Source: | Code function: | 2_1_0040262F | |
| Source: | Code function: | 1_2_004030CB | |
| Source: | Code function: | 7_2_004030CB | |
| Source: | Code function: | 1_2_004046CA | |
| Source: | Code function: | 1_2_00405FA8 | |
| Source: | Code function: | 1_2_73861A98 | |
| Source: | Code function: | 2_2_00403047 | |
| Source: | Code function: | 2_2_0041D049 | |
| Source: | Code function: | 2_2_00419463 | |
| Source: | Code function: | 2_2_00415079 | |
| Source: | Code function: | 2_2_00420420 | |
| Source: | Code function: | 2_2_004208C0 | |
| Source: | Code function: | 2_2_004034D3 | |
| Source: | Code function: | 2_2_00414976 | |
| Source: | Code function: | 2_2_00402E68 | |
| Source: | Code function: | 2_2_00416619 | |
| Source: | Code function: | 2_2_0040AEC6 | |
| Source: | Code function: | 2_2_00402AFC | |
| Source: | Code function: | 2_2_00415ABF | |
| Source: | Code function: | 2_2_00420F40 | |
| Source: | Code function: | 2_2_0041FF50 | |
| Source: | Code function: | 2_2_0040A728 | |
| Source: | Code function: | 2_1_00403047 | |
| Source: | Code function: | 2_1_0041D049 | |
| Source: | Code function: | 2_1_00419463 | |
| Source: | Code function: | 2_1_00415079 | |
| Source: | Code function: | 2_1_00420420 | |
| Source: | Code function: | 2_1_004208C0 | |
| Source: | Code function: | 2_1_004034D3 | |
| Source: | Code function: | 2_1_00414976 | |
| Source: | Code function: | 2_1_00402E68 | |
| Source: | Code function: | 2_1_00416619 | |
| Source: | Code function: | 2_1_0040AEC6 | |
| Source: | Code function: | 2_1_00402AFC | |
| Source: | Code function: | 2_1_00415ABF | |
| Source: | Code function: | 2_1_00420F40 | |
| Source: | Code function: | 2_1_0041FF50 | |
| Source: | Code function: | 2_1_0040A728 | |
| Source: | Code function: | 6_2_00403047 | |
| Source: | Code function: | 6_2_0041D049 | |
| Source: | Code function: | 6_2_00419463 | |
| Source: | Code function: | 6_2_00415079 | |
| Source: | Code function: | 6_2_00420420 | |
| Source: | Code function: | 6_2_004208C0 | |
| Source: | Code function: | 6_2_004034D3 | |
| Source: | Code function: | 6_2_00414976 | |
| Source: | Code function: | 6_2_00402E68 | |
| Source: | Code function: | 6_2_00416619 | |
| Source: | Code function: | 6_2_0040AEC6 | |
| Source: | Code function: | 6_2_00402AFC | |
| Source: | Code function: | 6_2_00415ABF | |
| Source: | Code function: | 6_2_00420F40 | |
| Source: | Code function: | 6_2_0041FF50 | |
| Source: | Code function: | 6_2_0040A728 | |
| Source: | Code function: | 6_1_00403047 | |
| Source: | Code function: | 6_1_0041D049 | |
| Source: | Code function: | 6_1_00419463 | |
| Source: | Code function: | 6_1_00415079 | |
| Source: | Code function: | 6_1_00420420 | |
| Source: | Code function: | 6_1_004208C0 | |
| Source: | Code function: | 6_1_004034D3 | |
| Source: | Code function: | 6_1_00414976 | |
| Source: | Code function: | 6_1_00402E68 | |
| Source: | Code function: | 6_1_00416619 | |
| Source: | Code function: | 6_1_0040AEC6 | |
| Source: | Code function: | 6_1_00402AFC | |
| Source: | Code function: | 6_1_00415ABF | |
| Source: | Code function: | 6_1_00420F40 | |
| Source: | Code function: | 6_1_0041FF50 | |
| Source: | Code function: | 6_1_0040A728 | |
| Source: | Code function: | 7_2_004046CA | |
| Source: | Code function: | 7_2_00405FA8 | |
| Source: | Code function: | 9_2_00403047 | |
| Source: | Code function: | 9_2_0041D049 | |
| Source: | Code function: | 9_2_00419463 | |
| Source: | Code function: | 9_2_00415079 | |
| Source: | Code function: | 9_2_00420420 | |
| Source: | Code function: | 9_2_004208C0 | |
| Source: | Code function: | 9_2_004034D3 | |
| Source: | Code function: | 9_2_00414976 | |
| Source: | Code function: | 9_2_00402E68 | |
| Source: | Code function: | 9_2_00416619 | |
| Source: | Code function: | 9_2_0040AEC6 | |
| Source: | Code function: | 9_2_00402AFC | |
| Source: | Code function: | 9_2_00415ABF | |
| Source: | Code function: | 9_2_00420F40 | |
| Source: | Code function: | 9_2_0041FF50 | |
| Source: | Code function: | 9_2_0040A728 | |
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 1_2_004041CD | |
| Source: | Code function: | 2_2_00402570 | |
| Source: | Code function: | 1_2_00402020 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation: | |
|---|
| Detected unpacking (changes PE section rights) | Show sources | ||
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Detected unpacking (overwrites its own PE header) | Show sources | ||
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 1_2_00405CFF | |
| Source: | Code function: | 1_2_73862F8E | |
| Source: | Code function: | 2_2_00409FDE | |
| Source: | Code function: | 2_2_0040DD9F | |
| Source: | Code function: | 2_2_0040DDD9 | |
| Source: | Code function: | 2_2_0040DDF7 | |
| Source: | Code function: | 2_2_0040E394 | |
| Source: | Code function: | 2_2_0040A543 | |
| Source: | Code function: | 2_2_00409980 | |
| Source: | Code function: | 2_2_0040998D | |
| Source: | Code function: | 2_2_00412058 | |
| Source: | Code function: | 2_2_00406E69 | |
| Source: | Code function: | 2_2_004027C8 | |
| Source: | Code function: | 2_2_00402815 | |
| Source: | Code function: | 2_2_004029B2 | |
| Source: | Code function: | 2_2_0041470B | |
| Source: | Code function: | 2_2_004097B9 | |
| Source: | Code function: | 2_1_00409FDE | |
| Source: | Code function: | 2_1_0040DD9F | |
| Source: | Code function: | 2_1_0040DDD9 | |
| Source: | Code function: | 2_1_0040DDF7 | |
| Source: | Code function: | 2_1_0040E394 | |
| Source: | Code function: | 2_1_0040A543 | |
| Source: | Code function: | 2_1_00409980 | |
| Source: | Code function: | 2_1_0040998D | |
| Source: | Code function: | 2_1_00412058 | |
| Source: | Code function: | 2_1_00406E69 | |
| Source: | Code function: | 2_1_004027C8 | |
| Source: | Code function: | 2_1_00402815 | |
| Source: | Code function: | 2_1_004029B2 | |
| Source: | Code function: | 2_1_0041470B | |
| Source: | Code function: | 2_1_004097B9 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | File opened / queried: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 1_2_00405302 | |
| Source: | Code function: | 1_2_00405CD8 | |
| Source: | Code function: | 1_2_0040263E | |
| Source: | Code function: | 2_2_00406453 | |
| Source: | Code function: | 2_2_0040680D | |
| Source: | Code function: | 2_2_0040753D | |
| Source: | Code function: | 2_2_00413A85 | |
| Source: | Code function: | 2_2_0040DB1C | |
| Source: | Code function: | 2_2_00406F83 | |
| Source: | Code function: | 2_2_00406390 | |
| Source: | Code function: | 2_1_00406453 | |
| Source: | Code function: | 2_1_0040680D | |
| Source: | Code function: | 2_1_0040753D | |
| Source: | Code function: | 2_1_00413A85 | |
| Source: | Code function: | 2_1_0040DB1C | |
| Source: | Code function: | 2_1_00406F83 | |
| Source: | Code function: | 2_1_00406390 | |
| Source: | Code function: | 6_2_00406453 | |
| Source: | Code function: | 6_2_0040680D | |
| Source: | Code function: | 6_2_0040753D | |
| Source: | Code function: | 6_2_00413A85 | |
| Source: | Code function: | 6_2_0040DB1C | |
| Source: | Code function: | 6_2_00406F83 | |
| Source: | Code function: | 6_2_00406390 | |
| Source: | Code function: | 6_1_00406453 | |
| Source: | Code function: | 6_1_0040680D | |
| Source: | Code function: | 6_1_0040753D | |
| Source: | Code function: | 6_1_00413A85 | |
| Source: | Code function: | 6_1_0040DB1C | |
| Source: | Code function: | 6_1_00406F83 | |
| Source: | Code function: | 6_1_00406390 | |
| Source: | Code function: | 7_2_00405302 | |
| Source: | Code function: | 7_2_00405CD8 | |
| Source: | Code function: | 7_2_0040263E | |
| Source: | Code function: | 9_2_00406453 | |
| Source: | Code function: | 9_2_0040680D | |
| Source: | Code function: | 9_2_0040753D | |
| Source: | Code function: | 9_2_00413A85 | |
| Source: | Code function: | 9_2_0040DB1C | |
| Source: | Code function: | 9_2_00406F83 | |
| Source: | Code function: | 9_2_00406390 | |
| Source: | Code function: | 2_2_00406084 | |
| Source: | Code function: | 2_2_004132E6 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 1_2_00405CFF | |
| Source: | Code function: | 4_2_0019F83E | |
| Source: | Code function: | 4_2_0019F79E | |
| Source: | Code function: | 4_2_0019F7DB | |
HIPS / PFW / Operating System Protection Evasion: | |
|---|
| Maps a DLL or memory area into another process | Show sources | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Code function: | 2_2_004121C0 | |
| Source: | Code function: | 2_2_004121EF | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 2_2_0040A115 | |
| Source: | Code function: | 2_2_004130E8 | |
| Source: | Code function: | 1_2_004059FF | |
Stealing of Sensitive Information: | |
|---|
| Contains functionality to steal Chrome passwords or cookies | Show sources | ||
| Source: | Code function: | 2_2_0040F281 | |
| Source: | Code function: | 2_2_0040F382 | |
| Source: | Code function: | 2_1_0040F281 | |
| Source: | Code function: | 2_1_0040F382 | |
| Source: | Code function: | 6_2_0040F281 | |
| Source: | Code function: | 6_2_0040F382 | |
| Source: | Code function: | 6_1_0040F281 | |
| Source: | Code function: | 6_1_0040F382 | |
| Source: | Code function: | 9_2_0040F281 | |
| Source: | Code function: | 9_2_0040F382 | |
| Contains functionality to steal Internet Explorer form passwords | Show sources | ||
| Source: | Code function: | 2_2_0040D745 | |
| Source: | Code function: | 2_1_0040D745 | |
| Source: | Code function: | 6_2_0040D745 | |
| Source: | Code function: | 6_1_0040D745 | |
| Source: | Code function: | 9_2_0040D745 | |
Remote Access Functionality: | |
|---|
| Yara detected NetWire RAT | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Native API1 | Registry Run Keys / Startup Folder1 | Process Injection112 | Deobfuscate/Decode Files or Information1 | OS Credential Dumping2 | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Registry Run Keys / Startup Folder1 | Obfuscated Files or Information2 | Input Capture141 | Account Discovery1 | Remote Desktop Protocol | Screen Capture1 | Exfiltration Over Bluetooth | Encrypted Channel2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Software Packing21 | Credentials In Files2 | File and Directory Discovery3 | SMB/Windows Admin Shares | Input Capture141 | Automated Exfiltration | Non-Standard Port1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Masquerading1 | NTDS | System Information Discovery5 | Distributed Component Object Model | Clipboard Data1 | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Virtualization/Sandbox Evasion21 | LSA Secrets | Security Software Discovery111 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol21 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Process Injection112 | Cached Domain Credentials | Virtualization/Sandbox Evasion21 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | Process Discovery3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Owner/User Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | Remote System Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 15% | Virustotal | Browse | ||
| 27% | ReversingLabs | Win32.Backdoor.NetWiredRc | ||
| 100% | Joe Sandbox ML |
Dropped Files |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 27% | ReversingLabs | Win32.Backdoor.NetWiredRc |
Unpacked PE Files |
|---|
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | HEUR/AGEN.1137482 | Download File | ||
| 100% | Avira | HEUR/AGEN.1137482 | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1137482 | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Spy.Gen | Download File | ||
| 100% | Avira | TR/Spy.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1137482 | Download File | ||
| 100% | Avira | HEUR/AGEN.1137482 | Download File | ||
| 100% | Avira | HEUR/AGEN.1137482 | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Spy.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1137482 | Download File | ||
| 100% | Avira | TR/Spy.Gen | Download File | ||
| 100% | Avira | TR/Spy.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1137482 | Download File | ||
| 100% | Avira | TR/Patched.Ren.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1137482 | Download File | ||
| 100% | Avira | TR/Spy.Gen | Download File |
Domains |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 3% | Virustotal | Browse |
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
Domains and IPs |
|---|
Contacted Domains |
|---|
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| netsecond.duckdns.org | 192.71.172.145 | true | true |
| unknown |
| ddns.dbcdubai.com | 99.83.154.118 | true | true | unknown | |
| netno.ddns.net | 192.71.172.145 | true | true | unknown |
Contacted URLs |
|---|
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown |
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| low |
Contacted IPs |
|---|
General Information |
|---|
| Joe Sandbox Version: | 32.0.0 Black Diamond |
| Analysis ID: | 435325 |
| Start date: | 16.06.2021 |
| Start time: | 12:17:51 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 12m 27s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | US1pwXib6h.exe |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 24 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@9/10@14/3 |
| EGA Information: | Failed |
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| Time | Type | Description |
|---|---|---|
| 12:19:00 | Autostart | |
| 12:19:03 | API Interceptor | |
| 12:19:08 | Autostart | |
| 12:19:09 | API Interceptor |
Joe Sandbox View / Context |
|---|
IPs |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 99.83.154.118 | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
Domains |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| netsecond.duckdns.org | Get hash | malicious | Browse |
|
ASN |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| AMAZON-02US | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| TELIANETTeliaCarrierEU | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
JA3 Fingerprints |
|---|
| No context |
|---|
Dropped Files |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsmBB29.tmp\System.dll | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| C:\Users\user\AppData\Local\Temp\nst9B9A.tmp\System.dll | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse |
Created / dropped Files |
|---|
| Process: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 164352 |
| Entropy (8bit): | 7.99888202272782 |
| Encrypted: | true |
| SSDEEP: | 3072:nuGFc5H2Avwflf88feBN9eovlP9T+8yzKAnmKWBysmcz+d6OObWJjhY7dLHm:qHNItf88WBtvd9r4nmKNeyPObWhqxm |
| MD5: | 7A4AE896CD2EBACFFD6D78170B53FCAA |
| SHA1: | A445DBFA51502DCEF66EE058BAE9139B6EC93B8D |
| SHA-256: | 98E678F95E223D306BD6DB6FA9D8CBEC4F109E02B00761A0A248E3281D68D10B |
| SHA-512: | 2968A5A7AF0EBD95A0188BC8E538E9F0F88B74DCC0C6029FF461848AA1D6AC60F9377D0979CBDC92131F7419AE5F3878DA9DC1FEA6C51D41B2D37B7F38E40B3F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 59441 |
| Entropy (8bit): | 4.972654246459409 |
| Encrypted: | false |
| SSDEEP: | 768:QWeteWZ6yuLDwhWeHhYFIaxTtGU5/nxWEFdGv6ypEK+U5/YpNfVXw6M+oLLmuNyF:UfWLDwsceGEFd2Zl/cfjovQFJTpkAB |
| MD5: | F88C142D13998842037A6149E08A7AF3 |
| SHA1: | DEB11C8456734B9D77CA451764145BCAE2C8A3D5 |
| SHA-256: | 0321365F007604FAC07BC584931929CDFA7C2DE6C2DE31DE24CE36168DDD24F8 |
| SHA-512: | 643742D7C2FE77F0C6D2424C3947391DD1E1D03CADAE388A43FB3CCD5F2BB63B13C476311F3510C7BA57812C33715465EAFCE5CD37E242B48D508B1F3DBD23EE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.855045165595541 |
| Encrypted: | false |
| SSDEEP: | 192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4 |
| MD5: | FCCFF8CB7A1067E23FD2E2B63971A8E1 |
| SHA1: | 30E2A9E137C1223A78A0F7B0BF96A1C361976D91 |
| SHA-256: | 6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E |
| SHA-512: | F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
|
| Process: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.855045165595541 |
| Encrypted: | false |
| SSDEEP: | 192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4 |
| MD5: | FCCFF8CB7A1067E23FD2E2B63971A8E1 |
| SHA1: | 30E2A9E137C1223A78A0F7B0BF96A1C361976D91 |
| SHA-256: | 6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E |
| SHA-512: | F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
|
| Process: | C:\Users\user\Desktop\US1pwXib6h.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.855045165595541 |
| Encrypted: | false |
| SSDEEP: | 192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4 |
| MD5: | FCCFF8CB7A1067E23FD2E2B63971A8E1 |
| SHA1: | 30E2A9E137C1223A78A0F7B0BF96A1C361976D91 |
| SHA-256: | 6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E |
| SHA-512: | F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
|
| Process: | C:\Users\user\Desktop\US1pwXib6h.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 218807 |
| Entropy (8bit): | 7.899471179052997 |
| Encrypted: | false |
| SSDEEP: | 6144:cQqTMHNItf88WBtvd9r4nmKNeyPObWhqxD4cft:yMHCtf88WBtvd9c5NJhAJ |
| MD5: | 91514B3627E78E42CB05BC608737A47F |
| SHA1: | B48882A3D656068E30B88671AEE71010E5602D32 |
| SHA-256: | E0E0CA8EC324752ED823C7E503992398E817663828F94B4CA699FF1965095C31 |
| SHA-512: | B50BE6BED7809B76697B4E9849453A12ADE782AFD43F63AE1C8207EE11E26F95E374293CDC4523F5A5B00030D564E67C04EFC0F80C5B2571EE37D19ECB08FC7E |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 7.899471179052997 |
| TrID: |
|
| File name: | US1pwXib6h.exe |
| File size: | 218807 |
| MD5: | 91514b3627e78e42cb05bc608737a47f |
| SHA1: | b48882a3d656068e30b88671aee71010e5602d32 |
| SHA256: | e0e0ca8ec324752ed823c7e503992398e817663828f94b4ca699ff1965095c31 |
| SHA512: | b50be6bed7809b76697b4e9849453a12ade782afd43f63ae1c8207ee11e26f95e374293cdc4523f5a5b00030d564e67c04efc0f80c5b2571ee37d19ecb08fc7e |
| SSDEEP: | 6144:cQqTMHNItf88WBtvd9r4nmKNeyPObWhqxD4cft:yMHCtf88WBtvd9c5NJhAJ |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................Z......... |
File Icon |
|---|
 | |
| Icon Hash: | b2a88c96b2ca6a72 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x4030cb |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x4B1AE3C1 [Sat Dec 5 22:50:41 2009 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 7fa974366048f9c551ef45714595665e |
Entrypoint Preview |
|---|
| Instruction |
|---|
| sub esp, 00000180h |
| push ebx |
| push ebp |
| push esi |
| xor ebx, ebx |
| push edi |
| mov dword ptr [esp+18h], ebx |
| mov dword ptr [esp+10h], 00409160h |
| xor esi, esi |
| mov byte ptr [esp+14h], 00000020h |
| call dword ptr [00407030h] |
| push 00008001h |
| call dword ptr [004070B0h] |
| push ebx |
| call dword ptr [0040727Ch] |
| push 00000008h |
| mov dword ptr [00423F38h], eax |
| call 00007F67F89CA776h |
| mov dword ptr [00423E84h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 00000160h |
| push eax |
| push ebx |
| push 0041F430h |
| call dword ptr [00407158h] |
| push 00409154h |
| push 00423680h |
| call 00007F67F89CA429h |
| call dword ptr [004070ACh] |
| mov edi, 00429000h |
| push eax |
| push edi |
| call 00007F67F89CA417h |
| push ebx |
| call dword ptr [0040710Ch] |
| cmp byte ptr [00429000h], 00000022h |
| mov dword ptr [00423E80h], eax |
| mov eax, edi |
| jne 00007F67F89C7B8Ch |
| mov byte ptr [esp+14h], 00000022h |
| mov eax, 00429001h |
| push dword ptr [esp+14h] |
| push eax |
| call 00007F67F89C9F0Ah |
| push eax |
| call dword ptr [0040721Ch] |
| mov dword ptr [esp+1Ch], eax |
| jmp 00007F67F89C7BE5h |
| cmp cl, 00000020h |
| jne 00007F67F89C7B88h |
| inc eax |
| cmp byte ptr [eax], 00000020h |
| je 00007F67F89C7B7Ch |
| cmp byte ptr [eax], 00000022h |
| mov byte ptr [eax+eax+00h], 00000000h |
Rich Headers |
|---|
| Programming Language: |
|
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x73a4 | 0xb4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c000 | 0xc68 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x28c | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x58d2 | 0x5a00 | False | 0.665234375 | data | 6.43310034828 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rdata | 0x7000 | 0x1190 | 0x1200 | False | 0.4453125 | data | 5.17976375781 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x9000 | 0x1af78 | 0x400 | False | 0.55078125 | data | 4.6178023207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .ndata | 0x24000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x2c000 | 0xc68 | 0xe00 | False | 0.407087053571 | data | 3.98321239368 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x2c1d8 | 0x2e8 | data | English | United States |
| RT_DIALOG | 0x2c4c0 | 0x100 | data | English | United States |
| RT_DIALOG | 0x2c5c0 | 0x11c | data | English | United States |
| RT_DIALOG | 0x2c6e0 | 0x60 | data | English | United States |
| RT_GROUP_ICON | 0x2c740 | 0x14 | data | English | United States |
| RT_VERSION | 0x2c758 | 0x23c | data | ||
| RT_MANIFEST | 0x2c998 | 0x2cc | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
|---|
| DLL | Import |
|---|---|
| KERNEL32.dll | CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA |
| USER32.dll | EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow |
| GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject |
| SHELL32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation |
| ADVAPI32.dll | RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA |
| COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
| ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
| VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Version Infos |
|---|
| Description | Data |
|---|---|
| LegalCopyright | rules |
| FileVersion | 6.3.0.6 |
| CompanyName | cloak |
| LegalTrademarks | erect |
| Comments | conspired |
| ProductName | unsubstantiated |
| FileDescription | team |
| Translation | 0x0000 0x04e4 |
Possible Origin |
|---|
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
Network Port Distribution |
|---|
TCP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jun 16, 2021 12:19:02.259550095 CEST | 49722 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:02.365412951 CEST | 6577 | 49722 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:02.967448950 CEST | 49722 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:03.102101088 CEST | 6577 | 49722 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:03.608076096 CEST | 49722 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:03.710465908 CEST | 6577 | 49722 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:03.943574905 CEST | 49725 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:19:06.952198029 CEST | 49725 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:19:12.968271971 CEST | 49725 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:19:25.336196899 CEST | 49731 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:25.435848951 CEST | 6577 | 49731 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:25.938020945 CEST | 49731 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:26.039024115 CEST | 6577 | 49731 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:26.547477961 CEST | 49731 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:26.645812988 CEST | 6577 | 49731 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:26.967128038 CEST | 49732 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:27.069839001 CEST | 6577 | 49732 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:27.578855991 CEST | 49732 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:27.697033882 CEST | 6577 | 49732 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:28.203964949 CEST | 49732 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:28.302525043 CEST | 6577 | 49732 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:28.535087109 CEST | 49733 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:19:31.532247066 CEST | 49733 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:19:37.610933065 CEST | 49733 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:19:49.879136086 CEST | 49746 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:49.981734037 CEST | 6577 | 49746 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:50.487054110 CEST | 49746 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:50.603176117 CEST | 6577 | 49746 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:51.112101078 CEST | 49746 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:51.223711967 CEST | 6577 | 49746 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:52.091159105 CEST | 49747 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:52.201728106 CEST | 6577 | 49747 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:52.705924034 CEST | 49747 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:52.809077024 CEST | 6577 | 49747 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:53.409106016 CEST | 49747 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:19:53.507244110 CEST | 6577 | 49747 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:19:53.819104910 CEST | 49748 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:19:56.909404993 CEST | 49748 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:20:02.909858942 CEST | 49748 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:20:15.287276030 CEST | 49756 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:15.385623932 CEST | 6577 | 49756 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:15.895313025 CEST | 49756 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:16.027228117 CEST | 6577 | 49756 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:16.536015987 CEST | 49756 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:16.636188030 CEST | 6577 | 49756 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:16.871905088 CEST | 49758 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:16.969990969 CEST | 6577 | 49758 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:17.473753929 CEST | 49758 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:17.571770906 CEST | 6577 | 49758 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:18.083295107 CEST | 49758 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:18.185758114 CEST | 6577 | 49758 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:18.408498049 CEST | 49759 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:20:21.411658049 CEST | 49759 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:20:27.427573919 CEST | 49759 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:20:39.824605942 CEST | 49762 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:39.922693968 CEST | 6577 | 49762 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:40.425340891 CEST | 49762 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:40.530154943 CEST | 6577 | 49762 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:41.034846067 CEST | 49762 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:41.133194923 CEST | 6577 | 49762 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:41.379147053 CEST | 49763 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:41.480571032 CEST | 6577 | 49763 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:41.988254070 CEST | 49763 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:42.091746092 CEST | 6577 | 49763 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:42.597424030 CEST | 49763 | 6577 | 192.168.2.6 | 192.71.172.145 |
| Jun 16, 2021 12:20:42.708498955 CEST | 6577 | 49763 | 192.71.172.145 | 192.168.2.6 |
| Jun 16, 2021 12:20:42.911950111 CEST | 49764 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:20:45.925753117 CEST | 49764 | 6577 | 192.168.2.6 | 99.83.154.118 |
| Jun 16, 2021 12:20:51.926316977 CEST | 49764 | 6577 | 192.168.2.6 | 99.83.154.118 |
UDP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jun 16, 2021 12:18:37.141690969 CEST | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:37.193067074 CEST | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:37.200437069 CEST | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:37.251755953 CEST | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:38.081584930 CEST | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:38.141149998 CEST | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:38.193691015 CEST | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:38.253101110 CEST | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:39.070792913 CEST | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:39.121133089 CEST | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:39.866080046 CEST | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:39.916546106 CEST | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:40.900638103 CEST | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:40.950896978 CEST | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:50.476418018 CEST | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:50.534347057 CEST | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:54.080560923 CEST | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:54.133611917 CEST | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:55.075109959 CEST | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:55.140033960 CEST | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:55.930752039 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:55.981214046 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:56.782294989 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:56.838805914 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:57.927056074 CEST | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:57.977770090 CEST | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:18:58.851322889 CEST | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:18:58.918972015 CEST | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:00.587951899 CEST | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:00.645564079 CEST | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:01.492130041 CEST | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:01.551403999 CEST | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:02.181119919 CEST | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:02.244160891 CEST | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:02.373374939 CEST | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:02.426614046 CEST | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:03.334331036 CEST | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:03.388079882 CEST | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:03.857049942 CEST | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:03.941929102 CEST | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:04.312423944 CEST | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:04.374114990 CEST | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:05.136055946 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:05.192217112 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:17.098731041 CEST | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:17.160228968 CEST | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:25.109397888 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:25.335073948 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:26.901343107 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:26.965903997 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:28.439774036 CEST | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:28.531289101 CEST | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:32.670300007 CEST | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:32.723649979 CEST | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:39.188069105 CEST | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:39.330099106 CEST | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:39.851923943 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:39.926845074 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:40.097626925 CEST | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:40.159573078 CEST | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:40.818876028 CEST | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:41.136869907 CEST | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:41.640993118 CEST | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:41.710839987 CEST | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:42.714555025 CEST | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:42.781389952 CEST | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:43.435857058 CEST | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:43.497879982 CEST | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:44.098290920 CEST | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:44.166659117 CEST | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:44.973438978 CEST | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:45.033236980 CEST | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:46.031492949 CEST | 58177 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:46.090606928 CEST | 53 | 58177 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:46.588483095 CEST | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:46.641470909 CEST | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:49.807735920 CEST | 54069 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:49.877819061 CEST | 53 | 54069 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:51.366024971 CEST | 61178 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:51.425685883 CEST | 53 | 61178 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:53.751140118 CEST | 57017 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:53.814482927 CEST | 53 | 57017 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:19:58.142888069 CEST | 56327 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:19:58.205275059 CEST | 53 | 56327 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:20:15.064660072 CEST | 50243 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:20:15.285846949 CEST | 53 | 50243 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:20:15.983633041 CEST | 62055 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:20:16.070377111 CEST | 53 | 62055 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:20:16.798211098 CEST | 61249 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:20:16.868933916 CEST | 53 | 61249 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:20:18.346585035 CEST | 65252 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:20:18.406245947 CEST | 53 | 65252 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:20:28.833482027 CEST | 64367 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:20:28.915441990 CEST | 53 | 64367 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:20:31.154624939 CEST | 55066 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:20:31.226069927 CEST | 53 | 55066 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:20:39.602674007 CEST | 60211 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:20:39.823373079 CEST | 53 | 60211 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:20:41.307471037 CEST | 56570 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:20:41.377844095 CEST | 53 | 56570 | 8.8.8.8 | 192.168.2.6 |
| Jun 16, 2021 12:20:42.847150087 CEST | 58454 | 53 | 192.168.2.6 | 8.8.8.8 |
| Jun 16, 2021 12:20:42.909445047 CEST | 53 | 58454 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Jun 16, 2021 12:19:02.181119919 CEST | 192.168.2.6 | 8.8.8.8 | 0xa981 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:19:03.857049942 CEST | 192.168.2.6 | 8.8.8.8 | 0x153f | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:19:25.109397888 CEST | 192.168.2.6 | 8.8.8.8 | 0xd759 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:19:26.901343107 CEST | 192.168.2.6 | 8.8.8.8 | 0xef55 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:19:28.439774036 CEST | 192.168.2.6 | 8.8.8.8 | 0xbe9c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:19:49.807735920 CEST | 192.168.2.6 | 8.8.8.8 | 0xfd2a | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:19:51.366024971 CEST | 192.168.2.6 | 8.8.8.8 | 0xeb32 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:19:53.751140118 CEST | 192.168.2.6 | 8.8.8.8 | 0x9e36 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:20:15.064660072 CEST | 192.168.2.6 | 8.8.8.8 | 0x26bb | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:20:16.798211098 CEST | 192.168.2.6 | 8.8.8.8 | 0xd59b | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:20:18.346585035 CEST | 192.168.2.6 | 8.8.8.8 | 0x38ae | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:20:39.602674007 CEST | 192.168.2.6 | 8.8.8.8 | 0x142c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:20:41.307471037 CEST | 192.168.2.6 | 8.8.8.8 | 0xdce | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 16, 2021 12:20:42.847150087 CEST | 192.168.2.6 | 8.8.8.8 | 0x2e10 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Jun 16, 2021 12:19:02.244160891 CEST | 8.8.8.8 | 192.168.2.6 | 0xa981 | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:19:03.941929102 CEST | 8.8.8.8 | 192.168.2.6 | 0x153f | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:19:25.335073948 CEST | 8.8.8.8 | 192.168.2.6 | 0xd759 | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:19:26.965903997 CEST | 8.8.8.8 | 192.168.2.6 | 0xef55 | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:19:28.531289101 CEST | 8.8.8.8 | 192.168.2.6 | 0xbe9c | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:19:49.877819061 CEST | 8.8.8.8 | 192.168.2.6 | 0xfd2a | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:19:51.425685883 CEST | 8.8.8.8 | 192.168.2.6 | 0xeb32 | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:19:53.814482927 CEST | 8.8.8.8 | 192.168.2.6 | 0x9e36 | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:20:15.285846949 CEST | 8.8.8.8 | 192.168.2.6 | 0x26bb | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:20:16.868933916 CEST | 8.8.8.8 | 192.168.2.6 | 0xd59b | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:20:18.406245947 CEST | 8.8.8.8 | 192.168.2.6 | 0x38ae | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:20:39.823373079 CEST | 8.8.8.8 | 192.168.2.6 | 0x142c | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:20:41.377844095 CEST | 8.8.8.8 | 192.168.2.6 | 0xdce | No error (0) | 192.71.172.145 | A (IP address) | IN (0x0001) | ||
| Jun 16, 2021 12:20:42.909445047 CEST | 8.8.8.8 | 192.168.2.6 | 0x2e10 | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) |
Code Manipulations |
|---|
Statistics |
|---|
CPU Usage |
|---|
Click to jump to process
Memory Usage |
|---|
Click to jump to process
High Level Behavior Distribution |
|---|
back
Click to dive into process behavior distribution
Behavior |
|---|
Click to jump to process
System Behavior |
|---|
General |
|---|
| Start time: | 12:18:56 |
| Start date: | 16/06/2021 |
| Path: | C:\Users\user\Desktop\US1pwXib6h.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 218807 bytes |
| MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
General |
|---|
| Start time: | 12:18:57 |
| Start date: | 16/06/2021 |
| Path: | C:\Users\user\Desktop\US1pwXib6h.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 218807 bytes |
| MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
General |
|---|
| Start time: | 12:19:08 |
| Start date: | 16/06/2021 |
| Path: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 218807 bytes |
| MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Antivirus matches: |
|
| Reputation: | low |
General |
|---|
| Start time: | 12:19:10 |
| Start date: | 16/06/2021 |
| Path: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 218807 bytes |
| MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
General |
|---|
| Start time: | 12:19:16 |
| Start date: | 16/06/2021 |
| Path: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 218807 bytes |
| MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
General |
|---|
| Start time: | 12:19:18 |
| Start date: | 16/06/2021 |
| Path: | C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 218807 bytes |
| MD5 hash: | 91514B3627E78E42CB05BC608737A47F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
Disassembly |
|---|
Code Analysis |
|---|
Executed Functions |
|---|
Function 004030CB, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
Download Yara Rule
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 73861A98, Relevance: 25.1, APIs: 13, Strings: 1, Instructions: 591stringlibrarymemoryCOMMONCrypto
Download Yara Rule
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405302, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
Download Yara Rule
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CD8, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403526, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
Download Yara Rule
| C-Code - Quality: 96% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 80% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
Download Yara Rule
| C-Code - Quality: 60% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E5B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
Download Yara Rule
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 60% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
Download Yara Rule
| C-Code - Quality: 69% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 84% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004063DD, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| C-Code - Quality: 99% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004065DE, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004062F4, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DF9, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406247, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406365, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004062B1, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 73862921, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004056B4, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| C-Code - Quality: 68% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405695, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 73862A38, Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
Download Yara Rule
| C-Code - Quality: 19% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040304E, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403080, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 7386101B, Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
Download Yara Rule
| C-Code - Quality: 16% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 73861215, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 004046CA, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
Download Yara Rule
| C-Code - Quality: 98% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404EB9, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
Download Yara Rule
| C-Code - Quality: 96% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004041CD, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 266stringCOMMON
Download Yara Rule
| C-Code - Quality: 78% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004059FF, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
Download Yara Rule
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
Download Yara Rule
| C-Code - Quality: 74% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
Download Yara Rule
| C-Code - Quality: 39% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004038BC, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
Download Yara Rule
| C-Code - Quality: 84% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403ED7, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
Download Yara Rule
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040572B, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
Download Yara Rule
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 89% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 738622F1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
Download Yara Rule
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403DF6, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040464A, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B3B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
| C-Code - Quality: 85% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 73861837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| C-Code - Quality: 97% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 84% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404568, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
Download Yara Rule
| C-Code - Quality: 51% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| C-Code - Quality: 51% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040523D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004054D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
Download Yara Rule
| C-Code - Quality: 85% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
Download Yara Rule
| C-Code - Quality: 67% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BBE, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404CCB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405517, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405629, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
|---|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E61, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 87registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 20% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00410608, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408AB3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00409CF9, Relevance: 4.6, APIs: 3, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405999, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| C-Code - Quality: 84% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407F08, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407EF4, Relevance: 1.3, APIs: 1, Instructions: 7sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 00409953, Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 210keyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C4B7, Relevance: 56.7, APIs: 14, Strings: 18, Instructions: 656registryencryptionwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00411D8C, Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 195windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 43% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D049, Relevance: 25.0, APIs: 11, Strings: 3, Instructions: 453fileCOMMONCrypto
Download Yara Rule
| C-Code - Quality: 15% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EDD6, Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 236stringfileencryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406F83, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 184stringfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040753D, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 280fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D745, Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 232registryfileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413A85, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406453, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 204filetimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406390, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040680D, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 168fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DB1C, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D290, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98encryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 32% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405811, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A115, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00415079, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 432COMMONCrypto
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00415ABF, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 396COMMONCrypto
Download Yara Rule
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004121EF, Relevance: 3.0, APIs: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408417, Relevance: 56.3, APIs: 13, Strings: 19, Instructions: 294libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 18% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408417, Relevance: 54.5, APIs: 13, Strings: 18, Instructions: 294libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 18% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DCE9, Relevance: 38.9, APIs: 16, Strings: 6, Instructions: 395libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 35% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00410FC4, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 236registryCOMMON
Download Yara Rule
| C-Code - Quality: 25% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004113B8, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 198pipeprocessfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FE8C, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 184timeprocessCOMMON
Download Yara Rule
| C-Code - Quality: 36% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004093E7, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 177networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00410ADA, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 230registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040970C, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 132filetimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C197, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 83fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408FE0, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 156fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4BC, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 155libraryloadertimeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040970C, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 132filetimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C2DB, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 91fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 31% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407302, Relevance: 15.1, APIs: 10, Instructions: 94fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408FE0, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 156fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408042, Relevance: 13.6, APIs: 9, Instructions: 90COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F151, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 187stringCOMMON
Download Yara Rule
| C-Code - Quality: 30% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041086B, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D7D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004054AC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 48% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E7B0, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 133stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401DD8, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 58stringCOMMON
Download Yara Rule
| C-Code - Quality: 31% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405328, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89networkCOMMON
Download Yara Rule
| C-Code - Quality: 48% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004109D8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406D22, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50processCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407E8C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E9B6, Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 233stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 43% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D420, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 105registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B016, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B105, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00414470, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61processthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041ED42, Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
Download Yara Rule
| C-Code - Quality: 27% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C5A7, Relevance: 6.1, APIs: 4, Instructions: 55fileCOMMON
Download Yara Rule
| C-Code - Quality: 16% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407FC3, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406E04, Relevance: 6.0, APIs: 4, Instructions: 32fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004049CF, Relevance: 5.5, APIs: 4, Instructions: 475COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 77% |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408218, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A115, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
|---|
Non-executed Functions |
|---|
Function 0019F79E, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0019F7DB, Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0019F83E, Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
|---|
Function 00408FE0, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 156fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408FE0, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 156fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408AB3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 00409953, Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 210keyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D049, Relevance: 25.0, APIs: 11, Strings: 3, Instructions: 453fileCOMMONCrypto
Download Yara Rule
| C-Code - Quality: 15% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EDD6, Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 236stringfileencryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406F83, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 184stringfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040753D, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 280fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D745, Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 232registryfileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413A85, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 151fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406453, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 204filetimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406390, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040680D, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 168fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DB1C, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D290, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98encryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00415079, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 432COMMONCrypto
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00415ABF, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 396COMMONCrypto
Download Yara Rule
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408417, Relevance: 56.3, APIs: 13, Strings: 19, Instructions: 294libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 18% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408417, Relevance: 54.5, APIs: 13, Strings: 18, Instructions: 294libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 18% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DCE9, Relevance: 38.9, APIs: 16, Strings: 6, Instructions: 395libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 35% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00411D8C, Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 195windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00410FC4, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 236registryCOMMON
Download Yara Rule
| C-Code - Quality: 25% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004113B8, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 198pipeprocessfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040262F, Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 282networkCOMMON
Download Yara Rule
| C-Code - Quality: 43% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FE8C, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 184timeprocessCOMMON
Download Yara Rule
| C-Code - Quality: 36% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004093E7, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 177networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00409E61, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 87registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00410ADA, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 230registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040970C, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 132filetimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C197, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 83fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4BC, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 155libraryloadertimeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040970C, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 132filetimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C2DB, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 91fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 31% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407302, Relevance: 15.1, APIs: 10, Instructions: 94fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408042, Relevance: 13.6, APIs: 9, Instructions: 90COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F151, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 187stringCOMMON
Download Yara Rule
| C-Code - Quality: 30% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041086B, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 32% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D7D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004054AC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 48% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 20% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E7B0, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 133stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401DD8, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 58stringCOMMON
Download Yara Rule
| C-Code - Quality: 31% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405328, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89networkCOMMON
Download Yara Rule
| C-Code - Quality: 48% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004109D8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406D22, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50processCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407E8C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E9B6, Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 233stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 43% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D420, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 105registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B016, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B105, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00414470, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61processthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405811, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00410608, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A115, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041ED42, Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
Download Yara Rule
| C-Code - Quality: 27% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C5A7, Relevance: 6.1, APIs: 4, Instructions: 55fileCOMMON
Download Yara Rule
| C-Code - Quality: 16% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407FC3, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406E04, Relevance: 6.0, APIs: 4, Instructions: 32fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004049CF, Relevance: 5.5, APIs: 4, Instructions: 475COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 77% |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408218, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A115, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
|---|
Function 004030CB, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
Download Yara Rule
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405302, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
Download Yara Rule
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CD8, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403526, Relevance: 52.7, APIs: 16, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
Download Yara Rule
| C-Code - Quality: 96% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 80% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
Download Yara Rule
| C-Code - Quality: 60% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E5B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
Download Yara Rule
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 60% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 84% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004063DD, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| C-Code - Quality: 99% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004065DE, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004062F4, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DF9, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406247, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406365, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004062B1, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| C-Code - Quality: 69% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004056B4, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| C-Code - Quality: 68% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405695, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040304E, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403080, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 004046CA, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
Download Yara Rule
| C-Code - Quality: 98% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404EB9, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
Download Yara Rule
| C-Code - Quality: 96% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004038BC, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
Download Yara Rule
| C-Code - Quality: 84% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403ED7, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
Download Yara Rule
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004041CD, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
Download Yara Rule
| C-Code - Quality: 78% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040572B, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
Download Yara Rule
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004059FF, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
Download Yara Rule
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403DF6, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040464A, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B3B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Download Yara Rule
| C-Code - Quality: 85% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 84% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404568, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
Download Yara Rule
| C-Code - Quality: 51% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
Download Yara Rule
| C-Code - Quality: 51% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040523D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004054D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
Download Yara Rule
| C-Code - Quality: 85% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
Download Yara Rule
| C-Code - Quality: 67% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BBE, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
Download Yara Rule
| C-Code - Quality: 74% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404CCB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 44% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405517, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405629, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
|---|
Function 00408FE0, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 156fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408AB3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 00409953, Relevance: 65.0, APIs: 13, Strings: 24, Instructions: 210keyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D049, Relevance: 25.0, APIs: 11, Strings: 3, Instructions: 453fileCOMMONCrypto
Download Yara Rule
| C-Code - Quality: 15% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EDD6, Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 236stringfileencryptionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040753D, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 280fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406453, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 204filetimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040680D, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 168fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00415079, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 432COMMONCrypto
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408417, Relevance: 56.3, APIs: 13, Strings: 19, Instructions: 294libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 18% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DCE9, Relevance: 38.9, APIs: 16, Strings: 6, Instructions: 395libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 35% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00411D8C, Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 195windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C197, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 83fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4BC, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 155libraryloadertimeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408042, Relevance: 13.6, APIs: 9, Instructions: 90COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F151, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 187stringCOMMON
Download Yara Rule
| C-Code - Quality: 30% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041086B, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D7D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004054AC, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 48% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 20% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401DD8, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 58stringCOMMON
Download Yara Rule
| C-Code - Quality: 31% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004109D8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406D22, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50processCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 43% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D420, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 105registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B016, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B105, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00414470, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61processthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405811, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A115, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041ED42, Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
Download Yara Rule
| C-Code - Quality: 27% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C5A7, Relevance: 6.1, APIs: 4, Instructions: 55fileCOMMON
Download Yara Rule
| C-Code - Quality: 16% |
|
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004049CF, Relevance: 5.5, APIs: 4, Instructions: 475COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 77% |
|
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |