Play interactive tour

Edit tour

Windows Analysis Report Quotation From Asia Tianjin Steel Co.Ltd.exe

Overview

General Information

Sample Name:	Quotation From Asia Tianjin Steel Co.Ltd.exe
Analysis ID:	458829
MD5:	0fcf33a3980c44c176d519a4589028aa
SHA1:	f2aebb3e351e1654c49b8d1781d28ac8591721d1
SHA256:	6d877514b8301c2c5ec0655792599f127b2a1649f7483a584d5f7125171cf7a0
Tags:	AgentTeslaexe
Infos:
Most interesting Screenshot:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected AntiVM3

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for sample

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Antivirus or Machine Learning detection for unpacked file

Binary contains a suspicious time stamp

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates processes with suspicious names

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses SMTP (mail sending)

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

Quotation From Asia Tianjin Steel Co.Ltd.exe (PID: 5476 cmdline: 'C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe' MD5: 0FCF33A3980C44C176D519A4589028AA)

Quotation From Asia Tianjin Steel Co.Ltd.exe (PID: 1900 cmdline: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe MD5: 0FCF33A3980C44C176D519A4589028AA)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Username": "usernamegood@vivaldi.net", "Password": "aaaAAaaaawGoodPass@123@", "Host": "smtp.vivaldi.net"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author
4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
Click to see the 1 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "usernamegood@vivaldi.net", "Password": "aaaAAaaaawGoodPass@123@", "Host": "smtp.vivaldi.net"}

Multi AV Scanner detection for submitted file

Show sources

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe	Virustotal: Detection: 37%			Perma Link
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe	ReversingLabs: Detection: 28%

Machine Learning detection for sample

Show sources

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe

Joe Sandbox ML: detected

Source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack

Avira: Label: TR/Spy.Gen8

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: mscorrc.pdb source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.252031228.0000000007230000.00000002.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501973199.0000000005920000.00000002.00000001.sdmp

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_03321670
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_03321778
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_03321662
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_0332176A

Source: global traffic

TCP traffic: 192.168.2.5:49728 -> 31.209.137.12:587

Source: Joe Sandbox View

IP Address: 31.209.137.12 31.209.137.12

Source: global traffic

TCP traffic: 192.168.2.5:49728 -> 31.209.137.12:587

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Code function: 4_2_00EFA09A recv,

4_2_00EFA09A

Source: unknown

DNS traffic detected: queries for: smtp.vivaldi.net

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp	String found in binary or memory: http://JWsVGd.com
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dst
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org0
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/0
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	String found in binary or memory: http://r3.o.lencr.
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232884852.0000000005B64000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232936879.0000000005B64000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.com/
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232830773.0000000005B62000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.com1Fc
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232936879.0000000005B64000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.comgo
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232884852.0000000005B64000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.comn-upa
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232785891.0000000005B76000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.como.
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234630328.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234918906.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235932482.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234679985.0000000005B95000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersD
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236156609.0000000005B95000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersO
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236202999.0000000005B95000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersb
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234630328.0000000005B95000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersd
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.238676609.0000000005B95000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersico2
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235932482.0000000005B95000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersr
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com;_
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comF
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comI.TTFV_
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com__
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comd
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.coml1
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comlic
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.commta
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.como
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comsief
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232183674.0000000005B76000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232562754.0000000005B70000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/Vo
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232197740.0000000001B7B000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cntU
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233197829.0000000005B65000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/2_
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/;_
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/H
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233135201.0000000005B65000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/I_
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/X
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233197829.0000000005B65000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/__
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/d_
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/I_
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233318873.0000000005B65000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/m_
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.238354635.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236529593.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.237095915.0000000005B95000.00000004.00000001.sdmp	String found in binary or memory: http://www.monotype.
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232751222.0000000005B73000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cno.
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp	String found in binary or memory: https://10QLtVeXGPiyPS.net
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp	String found in binary or memory: https://10QLtVeXGPiyPS.netd
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

System Summary:

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample

Static PE information: Filename: Quotation From Asia Tianjin Steel Co.Ltd.exe

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_00EFB0BA NtQuerySystemInformation,		4_2_00EFB0BA
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_00EFB089 NtQuerySystemInformation,		4_2_00EFB089

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_03320202	0_2_03320202
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_03320006	0_2_03320006
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_03320070	0_2_03320070
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F6F99	0_2_033F6F99
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F8680	0_2_033F8680
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FC910	0_2_033FC910
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FF1B0	0_2_033FF1B0
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FA9C0	0_2_033FA9C0
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F7848	0_2_033F7848
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F6880	0_2_033F6880
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FC4E8	0_2_033FC4E8
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FD738	0_2_033FD738
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F73A0	0_2_033F73A0
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FA7F8	0_2_033FA7F8
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FCBD0	0_2_033FCBD0
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F67CF	0_2_033F67CF
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FCBC0	0_2_033FCBC0
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F9E58	0_2_033F9E58
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F9E48	0_2_033F9E48
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F5D28	0_2_033F5D28
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FBD1C	0_2_033FBD1C
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FDD08	0_2_033FDD08
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FC900	0_2_033FC900
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FD140	0_2_033FD140
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F8598	0_2_033F8598
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FA410	0_2_033FA410
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FA808	0_2_033FA808
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FA401	0_2_033FA401
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FC4D8	0_2_033FC4D8
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F0A28	0_2_033F0A28
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F0A19	0_2_033F0A19
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_01070070	4_2_01070070
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_01070006	4_2_01070006
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_04ED62B8	4_2_04ED62B8
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_04EDA688	4_2_04EDA688
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_04ED7010	4_2_04ED7010
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_05985698	4_2_05985698
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_0598A438	4_2_0598A438
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_05980070	4_2_05980070
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_0598DE60	4_2_0598DE60
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_05980006	4_2_05980006

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenametYWMIegPZljjEbkQaYWdORyJX.exe4 vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.243897661.00000000010AC000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameFileIOPermissi.exe6 vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.247006575.0000000004791000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameStoreElement.dllB vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.248471042.0000000005920000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameConfigNodeType.dll> vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.252031228.0000000007230000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496424078.0000000000FF0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamewshom.ocx.mui vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenametYWMIegPZljjEbkQaYWdORyJX.exe4 vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000000.242919622.000000000073C000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameFileIOPermissi.exe6 vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501701176.0000000005610000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamewbemdisp.tlbj% vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501973199.0000000005920000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496359418.0000000000FE0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamewshom.ocx vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501193932.0000000005140000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe	Binary or memory string: OriginalFilenameFileIOPermissi.exe6 vs Quotation From Asia Tianjin Steel Co.Ltd.exe

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Section loaded: security.dll

Jump to behavior

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@1/1

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_00EFAF3E AdjustTokenPrivileges,		4_2_00EFAF3E
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_00EFAF07 AdjustTokenPrivileges,		4_2_00EFAF07

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Quotation From Asia Tianjin Steel Co.Ltd.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe	Virustotal: Detection: 37%
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe	ReversingLabs: Detection: 28%

Source: unknown	Process created: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe 'C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe'
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process created: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process created: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe

Static PE information: 0xE7CA8BB4 [Wed Mar 25 09:15:32 2093 UTC]

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_01862C34 push cs; ret	0_2_01862C56
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_0187723C push 580187C3h; ret	0_2_01877241
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033FE6A4 push eax; retf	0_2_033FE6A5
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F8069 push eax; iretd	0_2_033F806B
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 0_2_033F805F push eax; iretd	0_2_033F8061
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_00EF2954 push cs; ret	4_2_00EF298E
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_04EDBECA push eax; iretd	4_2_04EDBED1
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Code function: 4_2_04EDA632 push esp; ret	4_2_04EDA679

Source: initial sample

Static PE information: section name: .text entropy: 7.44517704491

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	File created: \quotation from asia tianjin steel co.ltd.exe
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	File created: \quotation from asia tianjin steel co.ltd.exe			Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Yara detected AntiVM3

Show sources

Source: Yara match	File source: 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476, type: MEMORYSTR

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Show sources

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Function Chain: memAlloc,systemQueried,systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,systemQueried,threadDelayed,systemQueried,threadDelayed,memAlloc,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadDelayed,memAlloc,threadDelayed,threadDelayed,memAlloc

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Window / User API: threadDelayed 582

Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 5464	Thread sleep time: -38010s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 5112	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 1864	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 1864	Thread sleep count: 582 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 1864	Thread sleep time: -17460000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe TID: 1864	Thread sleep time: -60000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Thread delayed: delay time: 38010	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501193932.0000000005140000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501193932.0000000005140000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501193932.0000000005140000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.501193932.0000000005140000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Code function: 4_2_04ED30B8 KiUserExceptionDispatcher,LdrInitializeThunk,

4_2_04ED30B8

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Memory written: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Process created: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Jump to behavior

Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496759610.0000000001460000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496759610.0000000001460000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496759610.0000000001460000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496759610.0000000001460000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.496759610.0000000001460000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, type: MEMORY

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\			Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Source: Yara match	File source: 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900, type: MEMORYSTR

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, type: MEMORY

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.a6324b8.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation211	DLL Side-Loading1	DLL Side-Loading1	Disable or Modify Tools11	OS Credential Dumping2	System Information Discovery114	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API1	Boot or Logon Initialization Scripts	Access Token Manipulation1	Obfuscated Files or Information3	Credentials in Registry1	Query Registry1	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Encrypted Channel1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Process Injection112	Software Packing3	Security Account Manager	Security Software Discovery211	SMB/Windows Admin Shares	Email Collection1	Automated Exfiltration	Non-Standard Port1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Timestomp1	NTDS	Process Discovery2	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	DLL Side-Loading1	LSA Secrets	Virtualization/Sandbox Evasion131	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol11	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading1	Cached Domain Credentials	Application Window Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion131	DCSync	Remote System Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Access Token Manipulation1	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Process Injection112	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Quotation From Asia Tianjin Steel Co.Ltd.exe	38%	Virustotal		Browse
Quotation From Asia Tianjin Steel Co.Ltd.exe	29%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
Quotation From Asia Tianjin Steel Co.Ltd.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
4.2.Quotation From Asia Tianjin Steel Co.Ltd.exe.400000.0.unpack	100%	Avira	TR/Spy.Gen8		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.carterandcone.com1Fc	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/m_	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.carterandcone.com/	0%	Virustotal		Browse
http://www.carterandcone.com/	0%	Avira URL Cloud	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.fontbureau.coml1	0%	URL Reputation	safe
http://r3.i.lencr.org/0	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/Vo	0%	Avira URL Cloud	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
https://10QLtVeXGPiyPS.net	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/2_	0%	Avira URL Cloud	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
http://r3.o.lencr.org0	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Y0	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/d_	0%	Avira URL Cloud	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.carterandcone.como.	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/;_	0%	Avira URL Cloud	safe
http://cps.root-x1.letsencrypt.org0	0%	URL Reputation	safe
http://www.fontbureau.commta	0%	Avira URL Cloud	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/X	0%	URL Reputation	safe
http://www.fontbureau.comF	0%	URL Reputation	safe
https://10QLtVeXGPiyPS.netd	0%	Avira URL Cloud	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/H	0%	URL Reputation	safe
http://www.fontbureau.comlic	0%	URL Reputation	safe
http://r3.o.lencr.	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/jp/	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/__	0%	Avira URL Cloud	safe
http://www.fontbureau.comd	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/jp/I_	0%	Avira URL Cloud	safe
http://www.fontbureau.com;_	0%	Avira URL Cloud	safe
http://JWsVGd.com	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.monotype.	0%	URL Reputation	safe
http://www.carterandcone.comn-upa	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.como	0%	URL Reputation	safe
http://www.carterandcone.comgo	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cno.	0%	URL Reputation	safe
http://www.fontbureau.com__	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/I_	0%	Avira URL Cloud	safe
http://www.fontbureau.comI.TTFV_	0%	Avira URL Cloud	safe
http://www.fontbureau.comsief	0%	URL Reputation	safe
http://www.founder.com.cn/cntU	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
smtp.vivaldi.net	31.209.137.12	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:HTTP/1.1	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.com/designersG	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com/designers/?	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false		high
http://www.founder.com.cn/cn/bThe	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersico2	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.238676609.0000000005B95000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designers?	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false		high
http://www.carterandcone.com1Fc	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232830773.0000000005B62000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersD	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234679985.0000000005B95000.00000004.00000001.sdmp	false		high
http://www.jiyu-kobo.co.jp/m_	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233318873.0000000005B65000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.com/	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232936879.0000000005B64000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false		high
http://www.goodfont.co.kr	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.com	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232884852.0000000005B64000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersO	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236156609.0000000005B95000.00000004.00000001.sdmp	false		high
http://www.fontbureau.coml1	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://r3.i.lencr.org/0	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/Vo	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232562754.0000000005B70000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.typography.netD	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
https://10QLtVeXGPiyPS.net	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/2_	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.c.lencr.org/0	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersd	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234630328.0000000005B95000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designersb	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236202999.0000000005B95000.00000004.00000001.sdmp	false		high
http://r3.o.lencr.org0	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Y0	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233197829.0000000005B65000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false		high
http://www.jiyu-kobo.co.jp/d_	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sandoll.co.kr	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.como.	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232785891.0000000005B76000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/;_	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://cps.root-x1.letsencrypt.org0	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersr	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235932482.0000000005B95000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmp	false		high
http://www.fontbureau.commta	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://DynDns.comDynDNS	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/X	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comF	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://10QLtVeXGPiyPS.netd	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://cps.letsencrypt.org0	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/H	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comlic	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://r3.o.lencr.	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.502359891.0000000005F30000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/jp/	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/__	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comd	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/jp/I_	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com;_	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://JWsVGd.com	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false		high
http://www.founder.com.cn/cn	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232183674.0000000005B76000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com/designers/cabarga.html	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	false		high
http://www.monotype.	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.238354635.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.236529593.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.237095915.0000000005B95000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comn-upa	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232884852.0000000005B64000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233448488.0000000005B6C000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233197829.0000000005B65000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.como	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250220206.0000000005B60000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comgo	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232936879.0000000005B64000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.zhongyicts.com.cno.	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232751222.0000000005B73000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235932482.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000002.250582588.0000000005C50000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com__	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.jiyu-kobo.co.jp/I_	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.233135201.0000000005B65000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comI.TTFV_	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.com/designers/	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234630328.0000000005B95000.00000004.00000001.sdmp, Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.234918906.0000000005B6C000.00000004.00000001.sdmp	false		high
http://www.fontbureau.comsief	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.235975085.0000000005B6C000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cntU	Quotation From Asia Tianjin Steel Co.Ltd.exe, 00000000.00000003.232197740.0000000001B7B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
31.209.137.12	smtp.vivaldi.net	Iceland		51896	HRINGDU-ASIS	false

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	458829
Start date:	03.08.2021
Start time:	19:28:01
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Quotation From Asia Tianjin Steel Co.Ltd.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@1/1
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 272 Number of non-executed functions: 21
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 104.42.151.234, 13.64.90.137, 204.79.197.200, 13.107.21.200, 23.211.6.115, 23.211.4.86, 20.50.102.62, 40.112.88.60, 93.184.221.240, 20.82.210.154, 80.67.82.211, 80.67.82.235 Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, e12564.dspb.akamaiedge.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, dual-a-0001.a-msedge.net, wu.ec.azureedge.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:28:56	API Interceptor	904x Sleep call for process: Quotation From Asia Tianjin Steel Co.Ltd.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
31.209.137.12	RE Outstanding SOA Settled.exe	Get hash	malicious	Browse
	invoice.exe	Get hash	malicious	Browse
	RFQ#775643.exe	Get hash	malicious	Browse
	Payment $67,765.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.MSIL_Agent.CAC.genEldorado.5417.exe	Get hash	malicious	Browse
	DHL SHIPPING INVOICE.pdf.exe	Get hash	malicious	Browse
	URGENT REQUEST FOR QUOTATION.pdf.exe	Get hash	malicious	Browse
	RE Outstanding SOA Settled.exe	Get hash	malicious	Browse
	Swift Copy.exe	Get hash	malicious	Browse
	Swift Copy.exe	Get hash	malicious	Browse
	9872362-1926.exe	Get hash	malicious	Browse
	invoice.exe	Get hash	malicious	Browse
	Order.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Artemis960D9DB7F7C9.7109.exe	Get hash	malicious	Browse
	PREPAYMENT.exe	Get hash	malicious	Browse
	SHIPPING DOCUMENTS.exe	Get hash	malicious	Browse
	quo 4542.exe	Get hash	malicious	Browse
	SHIPPING DOCUMENTS.exe	Get hash	malicious	Browse
	Swift TT copy.exe	Get hash	malicious	Browse
	SecuriteInfo.com.ArtemisA47F39CCDFEA.14562.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
smtp.vivaldi.net	RE Outstanding SOA Settled.exe	Get hash	malicious	Browse	31.209.137.12
	invoice.exe	Get hash	malicious	Browse	31.209.137.12
	quotation.exe	Get hash	malicious	Browse	31.209.137.12
	RFQ#775643.exe	Get hash	malicious	Browse	31.209.137.12
	Payment $67,765.exe	Get hash	malicious	Browse	31.209.137.12
	SecuriteInfo.com.W32.MSIL_Agent.CAC.genEldorado.5417.exe	Get hash	malicious	Browse	31.209.137.12
	DHL SHIPPING INVOICE.pdf.exe	Get hash	malicious	Browse	31.209.137.12
	URGENT REQUEST FOR QUOTATION.pdf.exe	Get hash	malicious	Browse	31.209.137.12
	RE Outstanding SOA Settled.exe	Get hash	malicious	Browse	31.209.137.12
	Swift Copy.exe	Get hash	malicious	Browse	31.209.137.12
	Swift Copy.exe	Get hash	malicious	Browse	31.209.137.12
	9872362-1926.exe	Get hash	malicious	Browse	31.209.137.12
	invoice.exe	Get hash	malicious	Browse	31.209.137.12
	Order.exe	Get hash	malicious	Browse	31.209.137.12
	SecuriteInfo.com.Artemis960D9DB7F7C9.7109.exe	Get hash	malicious	Browse	31.209.137.12
	PREPAYMENT.exe	Get hash	malicious	Browse	31.209.137.12
	SHIPPING DOCUMENTS.exe	Get hash	malicious	Browse	31.209.137.12
	quo 4542.exe	Get hash	malicious	Browse	31.209.137.12
	SHIPPING DOCUMENTS.exe	Get hash	malicious	Browse	31.209.137.12
	Swift TT copy.exe	Get hash	malicious	Browse	31.209.137.12

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HRINGDU-ASIS	RE Outstanding SOA Settled.exe	Get hash	malicious	Browse	31.209.137.12
	invoice.exe	Get hash	malicious	Browse	31.209.137.12
	RFQ#775643.exe	Get hash	malicious	Browse	31.209.137.12
	Payment $67,765.exe	Get hash	malicious	Browse	31.209.137.12
	SecuriteInfo.com.W32.MSIL_Agent.CAC.genEldorado.5417.exe	Get hash	malicious	Browse	31.209.137.12
	DHL SHIPPING INVOICE.pdf.exe	Get hash	malicious	Browse	31.209.137.12
	URGENT REQUEST FOR QUOTATION.pdf.exe	Get hash	malicious	Browse	31.209.137.12
	RE Outstanding SOA Settled.exe	Get hash	malicious	Browse	31.209.137.12
	Swift Copy.exe	Get hash	malicious	Browse	31.209.137.12
	Swift Copy.exe	Get hash	malicious	Browse	31.209.137.12
	9872362-1926.exe	Get hash	malicious	Browse	31.209.137.12
	invoice.exe	Get hash	malicious	Browse	31.209.137.12
	Order.exe	Get hash	malicious	Browse	31.209.137.12
	SecuriteInfo.com.Artemis960D9DB7F7C9.7109.exe	Get hash	malicious	Browse	31.209.137.12
	PREPAYMENT.exe	Get hash	malicious	Browse	31.209.137.12
	SHIPPING DOCUMENTS.exe	Get hash	malicious	Browse	31.209.137.12
	quo 4542.exe	Get hash	malicious	Browse	31.209.137.12
	SHIPPING DOCUMENTS.exe	Get hash	malicious	Browse	31.209.137.12
	Swift TT copy.exe	Get hash	malicious	Browse	31.209.137.12
	SecuriteInfo.com.ArtemisA47F39CCDFEA.14562.exe	Get hash	malicious	Browse	31.209.137.12

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Quotation From Asia Tianjin Steel Co.Ltd.exe.log Download File
Process:	C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	664
Entropy (8bit):	5.288448637977022
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
MD5:	B1DB55991C3DA14E35249AEA1BC357CA
SHA1:	0DD2D91198FDEF296441B12F1A906669B279700C
SHA-256:	34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
SHA-512:	BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.437526161568796
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	Quotation From Asia Tianjin Steel Co.Ltd.exe
File size:	823296
MD5:	0fcf33a3980c44c176d519a4589028aa
SHA1:	f2aebb3e351e1654c49b8d1781d28ac8591721d1
SHA256:	6d877514b8301c2c5ec0655792599f127b2a1649f7483a584d5f7125171cf7a0
SHA512:	74b2fcf32136661792f9255e78f3bc2c2e5690182d964d103e44e5e34841b41386bd33905e23667b4be32652783c5c164cb8a9091c77da515fde467c096b7423
SSDEEP:	12288:wo6as4J1zgVDU0QrAXDGZSIUf055blwR/0lcJsTtmEburWqpu6x7XM2iN:wo6asU1eBBXyqfgbyR/XKxsW36FXM1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................P.................. ........@.. ....................................@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x4ca5f2
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0xE7CA8BB4 [Wed Mar 25 09:15:32 2093 UTC]
TLS Callbacks:
CLR (.Net) Version:	v2.0.50727
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xca5a0	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xcc000	0x5cc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xce000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xca584	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xc85f8	0xc8600	False	0.786352737056	data	7.44517704491	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0xcc000	0x5cc	0x600	False	0.42578125	data	4.1279967586	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xce000	0xc	0x200	False	0.044921875	data	0.0980041756627	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0xcc090	0x33c	data
RT_MANIFEST	0xcc3dc	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2020
Assembly Version	1.0.0.0
InternalName	FileIOPermissi.exe
FileVersion	1.0.0.0
CompanyName
LegalTrademarks
Comments
ProductName	Modul VB 3
ProductVersion	1.0.0.0
FileDescription	Modul VB 3
OriginalFilename	FileIOPermissi.exe

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 3, 2021 19:30:37.475300074 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:37.541042089 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:37.541230917 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.118119001 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.118660927 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.181658983 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.181740046 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.182279110 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.245362997 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.297498941 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.343296051 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.406749964 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.406779051 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.406794071 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.406809092 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.407020092 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.407069921 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.471543074 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.483303070 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.547992945 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.594192028 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.798753023 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.862318993 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.863651037 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:39.927512884 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:39.928388119 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:40.032656908 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:40.088265896 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:40.089205980 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:40.152415037 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:40.153657913 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:40.154540062 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:40.248058081 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:40.248622894 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:40.312366009 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:40.314050913 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:40.314184904 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:40.314282894 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:40.314384937 CEST	49728	587	192.168.2.5	31.209.137.12
Aug 3, 2021 19:30:40.378827095 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:40.378848076 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:40.378858089 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:40.399832010 CEST	587	49728	31.209.137.12	192.168.2.5
Aug 3, 2021 19:30:40.453666925 CEST	49728	587	192.168.2.5	31.209.137.12

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 3, 2021 19:28:43.455396891 CEST	64344	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:43.480052948 CEST	53	64344	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:44.431104898 CEST	62060	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:44.458755016 CEST	53	62060	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:44.472796917 CEST	61805	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:44.509670973 CEST	53	61805	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:45.551842928 CEST	54795	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:45.585217953 CEST	53	54795	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:46.620692968 CEST	49557	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:46.648164034 CEST	53	49557	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:47.388104916 CEST	61733	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:47.432465076 CEST	53	61733	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:47.674118996 CEST	65447	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:47.701772928 CEST	53	65447	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:48.870022058 CEST	52441	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:48.895916939 CEST	53	52441	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:49.970072031 CEST	62176	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:49.995728016 CEST	53	62176	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:51.836621046 CEST	59596	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:51.863881111 CEST	53	59596	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:52.866481066 CEST	65296	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:52.892756939 CEST	53	65296	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:54.137003899 CEST	63183	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:54.165452957 CEST	53	63183	8.8.8.8	192.168.2.5
Aug 3, 2021 19:28:55.326634884 CEST	60151	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:28:55.354491949 CEST	53	60151	8.8.8.8	192.168.2.5
Aug 3, 2021 19:29:10.726607084 CEST	56969	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:29:10.771431923 CEST	53	56969	8.8.8.8	192.168.2.5
Aug 3, 2021 19:29:17.881165981 CEST	55161	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:29:17.915437937 CEST	53	55161	8.8.8.8	192.168.2.5
Aug 3, 2021 19:29:37.289781094 CEST	54757	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:29:37.337935925 CEST	53	54757	8.8.8.8	192.168.2.5
Aug 3, 2021 19:29:38.612571001 CEST	49992	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:29:38.648159981 CEST	53	49992	8.8.8.8	192.168.2.5
Aug 3, 2021 19:29:52.176815033 CEST	60075	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:29:52.217484951 CEST	53	60075	8.8.8.8	192.168.2.5
Aug 3, 2021 19:29:55.804697037 CEST	55016	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:29:55.868314028 CEST	53	55016	8.8.8.8	192.168.2.5
Aug 3, 2021 19:30:29.589536905 CEST	64345	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:30:29.622097015 CEST	53	64345	8.8.8.8	192.168.2.5
Aug 3, 2021 19:30:31.414474010 CEST	57128	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:30:31.449619055 CEST	53	57128	8.8.8.8	192.168.2.5
Aug 3, 2021 19:30:37.330224037 CEST	54791	53	192.168.2.5	8.8.8.8
Aug 3, 2021 19:30:37.366628885 CEST	53	54791	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 3, 2021 19:30:37.330224037 CEST	192.168.2.5	8.8.8.8	0x72e7	Standard query (0)	smtp.vivaldi.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 3, 2021 19:30:37.366628885 CEST	8.8.8.8	192.168.2.5	0x72e7	No error (0)	smtp.vivaldi.net		31.209.137.12	A (IP address)	IN (0x0001)

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Aug 3, 2021 19:30:39.118119001 CEST	587	49728	31.209.137.12	192.168.2.5	220 smtp.vivaldi.net ESMTP Postfix (Ubuntu)
Aug 3, 2021 19:30:39.118660927 CEST	49728	587	192.168.2.5	31.209.137.12	EHLO 910646
Aug 3, 2021 19:30:39.181740046 CEST	587	49728	31.209.137.12	192.168.2.5	250-smtp.vivaldi.net 250-PIPELINING 250-SIZE 36700160 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 SMTPUTF8
Aug 3, 2021 19:30:39.182279110 CEST	49728	587	192.168.2.5	31.209.137.12	STARTTLS
Aug 3, 2021 19:30:39.245362997 CEST	587	49728	31.209.137.12	192.168.2.5	220 2.0.0 Ready to start TLS

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476 Parent PID: 5556

General

Start time:	19:28:51
Start date:	03/08/2021
Path:	C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe'
Imagebase:	0xfe0000
File size:	823296 bytes
MD5 hash:	0FCF33A3980C44C176D519A4589028AA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.246514460.0000000003AF3000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.254121480.000000000A591000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900 Parent PID: 5476

General

Start time:	19:28:58
Start date:	03/08/2021
Path:	C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Quotation From Asia Tianjin Steel Co.Ltd.exe
Imagebase:	0x670000
File size:	823296 bytes
MD5 hash:	0FCF33A3980C44C176D519A4589028AA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000004.00000002.493730793.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.499241824.0000000002D01000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.499523582.0000000002DA8000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 5476 Parent PID: 5556 Quotation From Asia Tianjin Steel Co.Ltd.exeCOMMON

Executed Functions

Function 033F0A19, Relevance: 2.7, Instructions: 2699COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43c79e4bfb857a4e5bb9b3230d4eb517b614615bbd398e390d8e35d0783d92fc
Instruction ID: b7151d61d8ea02a58f1fd6418141725fdbf22354a7823dc5dce0e4f0719f8bfb
Opcode Fuzzy Hash: 43c79e4bfb857a4e5bb9b3230d4eb517b614615bbd398e390d8e35d0783d92fc
Instruction Fuzzy Hash: D863B374A012288FDB65DF24C894B99B7F2FF89301F1185E9D909A7361DB326EA5CF40

Uniqueness

Uniqueness Score: -1.00%

Function 033F0A28, Relevance: 2.7, Instructions: 2694COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3b6723e8ed10779597eab87018f95ba36cfebe9acaabfbfd5877f246a214b11
Instruction ID: b454cf523c3f3cfdc501001b0eb10dc89c222470fb1f0b89c73f0a23de71d56c
Opcode Fuzzy Hash: f3b6723e8ed10779597eab87018f95ba36cfebe9acaabfbfd5877f246a214b11
Instruction Fuzzy Hash: E363B374A012288FDB65DF24C894B99B7F2FF89301F1185E9D909A7361DB326EA5CF40

Uniqueness

Uniqueness Score: -1.00%

Function 033F67CF, Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

p5[, xrefs: 033F6A4A

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: p5[
API String ID: 0-1446359564
Opcode ID: 826646c94695684dd860f70f06d2610325bf6b42fe815391f2ff18b07cca81e0
Instruction ID: b6a37bde027b542c808528cc28669bba10f5bd0a0d593066355cee7769f621ec
Opcode Fuzzy Hash: 826646c94695684dd860f70f06d2610325bf6b42fe815391f2ff18b07cca81e0
Instruction Fuzzy Hash: D5A10371D0121ADFCB04CFA9C985ADDBBB2FF89301F64856AD405AB315D735AA02CF91

Uniqueness

Uniqueness Score: -1.00%

Function 033FF1B0, Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

dk!, xrefs: 033FF25A

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: dk!
API String ID: 0-1452328463
Opcode ID: 155ce3b70d4876335d915629eb4814f5752aca0b4109ce0a01b79f42fd2254f5
Instruction ID: 13f1d76afdb44daf2d38796ff64ea44537d98b12a59141ae00087149b29e527e
Opcode Fuzzy Hash: 155ce3b70d4876335d915629eb4814f5752aca0b4109ce0a01b79f42fd2254f5
Instruction Fuzzy Hash: 0EA115B9D0521ADFDB04CFE5D5804AEFBF5FB89300F60952AC915BB328D7349A018B95

Uniqueness

Uniqueness Score: -1.00%

Function 033F6880, Relevance: 1.4, Strings: 1, Instructions: 165COMMON

Download Yara Rule

Strings

p5[, xrefs: 033F6A4A

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: p5[
API String ID: 0-1446359564
Opcode ID: 99931dd7e671f91f33533fc8d3c4c15bf1db7aaafce729a4ece0484f8fbf0e55
Instruction ID: 597764e5346ad43a9f9750cff8f6d306b376531168e527973a0b7d7dc27be4fc
Opcode Fuzzy Hash: 99931dd7e671f91f33533fc8d3c4c15bf1db7aaafce729a4ece0484f8fbf0e55
Instruction Fuzzy Hash: C371D1B4D00219DFCB04CFA9C985AAEFBB2FF89300F60816AD505BB254DB349A41CF55

Uniqueness

Uniqueness Score: -1.00%

Function 033F8598, Relevance: .4, Instructions: 385COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7474692c817bc4dc42408cb712d7ed37e350df88568781e46d1e3289232029bc
Instruction ID: f129398b6e98f0dc4c0833b897bc78396b8e44083157db908ceeda2501c9dad2
Opcode Fuzzy Hash: 7474692c817bc4dc42408cb712d7ed37e350df88568781e46d1e3289232029bc
Instruction Fuzzy Hash: F0F18D71D0520ADFCB09CFA4C9C48ADFBB6FF46311B648999C605BB614D334AA41CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 033F8680, Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5ef7b0ce64fe455039cd5b5a6636aa58a6cd468bff3d37963f6d5eb704b781f
Instruction ID: 0c84a00b878b2dcf92898d709b75edfbfda4abf6dd77e13329b8a32e971cf5a6
Opcode Fuzzy Hash: c5ef7b0ce64fe455039cd5b5a6636aa58a6cd468bff3d37963f6d5eb704b781f
Instruction Fuzzy Hash: E0C15A70D0520ADFCB08CFA4C1848AEFBB5FF4A311B609959D606BB654C334AB41CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 033FC4E8, Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6995d8d2a40494b624afe2489fb48c8338927a6301f6e40fee049b0d3eed0bab
Instruction ID: de6f5701799c586fb84bbd37cccbb7ec60f4b0360479c1f1983285a50da12c8e
Opcode Fuzzy Hash: 6995d8d2a40494b624afe2489fb48c8338927a6301f6e40fee049b0d3eed0bab
Instruction Fuzzy Hash: A99146B0D4421A8FCB04CFAAD5805AEFBF2FF89310F949169E515AB354D7349A02CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 033FC4D8, Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14616bb127387267200f9300dc770af336831b5134ef0dcd8ac3703f53f73707
Instruction ID: 543630b20258f2920aef16cf013d32aab0eb9e6f0ac2765f71891d842b6506b9
Opcode Fuzzy Hash: 14616bb127387267200f9300dc770af336831b5134ef0dcd8ac3703f53f73707
Instruction Fuzzy Hash: ED9146B0D4420A9FCB04CFAAD5805AEFBF2FF88310F949569E115AB354D7349A42CF91

Uniqueness

Uniqueness Score: -1.00%

Function 033FC900, Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76fc6a289a40f0697065fab1b15a27fc69e0926c5301d7f9de468530a31d1f4c
Instruction ID: 15fd53f38b2aaf124ca4bfb20896f649043c6972f255d466df65022666ef82f9
Opcode Fuzzy Hash: 76fc6a289a40f0697065fab1b15a27fc69e0926c5301d7f9de468530a31d1f4c
Instruction Fuzzy Hash: 29616A70D4520ECFCB04CFA9C6806AEFBF6FF89310F54A65AD511BB694D3349A408B65

Uniqueness

Uniqueness Score: -1.00%

Function 033FC910, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80be21011f68e89d2a682ef7f639b2747db40716dbc3cb63bfa1306136e2018f
Instruction ID: c510aba8f51ca822c445a0866f7e4d0599af18b26ac33017823b0d28d35465c1
Opcode Fuzzy Hash: 80be21011f68e89d2a682ef7f639b2747db40716dbc3cb63bfa1306136e2018f
Instruction Fuzzy Hash: 07616A70D4520ECFCB04CFA9C5806AEFBF6FF89310F54A65AD611BB694D3349A408BA5

Uniqueness

Uniqueness Score: -1.00%

Function 033F6F99, Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03878c94086c8f0d6cc091a44506208a0f234c01cc9024a030bd629224f99519
Instruction ID: eea712d9e6572e2a1959250f086dabe15afb317e4fc6a40c0f45319083d5e6e4
Opcode Fuzzy Hash: 03878c94086c8f0d6cc091a44506208a0f234c01cc9024a030bd629224f99519
Instruction Fuzzy Hash: 775108B1D0420ADFCB08DFAAC5849AEFBF2EF89341F14D16AD509B7254D7389A41CB64

Uniqueness

Uniqueness Score: -1.00%

Function 033FA9C0, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794a3aca12c34920474f2040644e40607ef169934f540c22d9e0ce3fa1c0a424
Instruction ID: ca35314ae4ecf6452da02c0686205530c68bdcc2c229c9d2d4565513aa6244a8
Opcode Fuzzy Hash: 794a3aca12c34920474f2040644e40607ef169934f540c22d9e0ce3fa1c0a424
Instruction Fuzzy Hash: 4E3104B1E006189FEB18CF6AD94479EBBF3EFC9300F18C1AA984CAA254D7745A418F51

Uniqueness

Uniqueness Score: -1.00%

Function 033F7848, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7f2bd03257a5dc1e4c5dc60ab280300600cfa43fd0c03efc59f0a6e88bb3061
Instruction ID: 914d2f90315750fa9d43feccbf5ffdcde6700c9c52f7997d39e3e73470d63f45
Opcode Fuzzy Hash: b7f2bd03257a5dc1e4c5dc60ab280300600cfa43fd0c03efc59f0a6e88bb3061
Instruction Fuzzy Hash: 4B21F6B1E016189BDB18CFAAD8442DEFBF7AFC9300F14C06AD509AA268DB341A45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 033F46E8, Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

X$(r, xrefs: 033F476A
X$(r, xrefs: 033F477A

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: X$(r$X$(r
API String ID: 0-250461778
Opcode ID: a285debc04fcb9dab00c5ca99b879f5a2d7e9cd5e3375db47eab41daf2139645
Instruction ID: 6d278c1e42dd88964475330be8baa84a53b9b8576c42766f4b0fa538199351bb
Opcode Fuzzy Hash: a285debc04fcb9dab00c5ca99b879f5a2d7e9cd5e3375db47eab41daf2139645
Instruction Fuzzy Hash: C621C374D00209DFCB44DFA9C984AEEBBB6BB89300F2080A9D911B7354DB75AE45CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0186AB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0186ABD5

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: b37a00a91e14a15f77f22e9135a7f47df3c0664258159d1f304697bbd48dfc10
Instruction ID: 9ade77c270c6b350350d61aa6f21cdedbc7b54d90d1d0238704020dd706c233d
Opcode Fuzzy Hash: b37a00a91e14a15f77f22e9135a7f47df3c0664258159d1f304697bbd48dfc10
Instruction Fuzzy Hash: 3831B4B25043846FE7228B65CC85FA7BFFCEF05710F08889AEE819B152D664A549CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0186AC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,6CC23E55,00000000,00000000,00000000,00000000), ref: 0186ACD8

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 90212ec59005de9525db7b766d4904efa01f945c6a5009295e0dc361e4d5afcb
Instruction ID: 700019daf59b03ba8bcaca92401a1e3e019d856098badf2ddb7930dc01d7f31d
Opcode Fuzzy Hash: 90212ec59005de9525db7b766d4904efa01f945c6a5009295e0dc361e4d5afcb
Instruction Fuzzy Hash: B4318F755093846FE722CF65CC84FA2BFBCEF06710F08849AEA85DB152D264E549CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0186B074, Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0186B10E

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: ConsoleCtrlHandler
String ID:
API String ID: 1513847179-0
Opcode ID: 695757b31961d4593fdc575d95b2d8693b30f70526812cd93893eff78653cb22
Instruction ID: cc41e919731dab5c20a0489c7169d05312da268c9011c9bf6e529330078021ab
Opcode Fuzzy Hash: 695757b31961d4593fdc575d95b2d8693b30f70526812cd93893eff78653cb22
Instruction Fuzzy Hash: EB21D87140D3C06FD3138B259C51B22BFB8EF47610F0A44DBE984CB593D224A919C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 0186AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0186ABD5

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 0646b88692cac61df4b0dc223ef0c987914ae3bb42481f053c634954c8212a2b
Instruction ID: 0aa23c0da38afee54359af44f0d777880fef7281d701c985666f9459787895b5
Opcode Fuzzy Hash: 0646b88692cac61df4b0dc223ef0c987914ae3bb42481f053c634954c8212a2b
Instruction Fuzzy Hash: 032181B2500604AFE7219B59DC85FABFBECEF04710F14885AEE45DB241D674E5488AB1

Uniqueness

Uniqueness Score: -1.00%

Function 0186AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,6CC23E55,00000000,00000000,00000000,00000000), ref: 0186ACD8

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 95845a6ff7e4a050f73a298cf527900dca807e472bf452fa7072e8c9bf68944d
Instruction ID: 30f54167bbda1c0f7b987abe0fe99d053c6340485998bde69a29775b1f3be65f
Opcode Fuzzy Hash: 95845a6ff7e4a050f73a298cf527900dca807e472bf452fa7072e8c9bf68944d
Instruction Fuzzy Hash: 41216DB5600604AFEB21CF59DC84F66FBECEF04710F08846AEA45EB252D764E508CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0186B46D, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0186B4E9

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: e9b0118b7d020185b3851bdd817cbd5d55727ccbc5f9786441d361e861f5277f
Instruction ID: 2cb0c451ef242b3386d030818f306e525e9d05e9364852bac03d7fce205c1193
Opcode Fuzzy Hash: e9b0118b7d020185b3851bdd817cbd5d55727ccbc5f9786441d361e861f5277f
Instruction Fuzzy Hash: A72193715093845FE7228A15DC85B62BFF8EF46714F08808AED85CB253D265E908C771

Uniqueness

Uniqueness Score: -1.00%

Function 05A30199, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05A3020D

Memory Dump Source

Source File: 00000000.00000002.250078505.0000000005A30000.00000040.00000001.sdmp, Offset: 05A30000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 1b0b1b8548ebfef89de1bbf9795240557584e20e2bbe60c2edb0394a6b3f5840
Instruction ID: 0dcdd69f23547919ea6c004067406b0aebcc089ee352c02717bbd334bcd683d9
Opcode Fuzzy Hash: 1b0b1b8548ebfef89de1bbf9795240557584e20e2bbe60c2edb0394a6b3f5840
Instruction Fuzzy Hash: 0D218C714093C09FDB138F25CC44A52BFB4EF07210F0984DAEA848F163D225A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0186A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0186A61A

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 705c08a0394bd9b73860feb809261439ed12196e0565e63619d972d832ddc882
Instruction ID: 109120ecc5d7b150f7eccac20160bc73bea4deae0ced26ad8072dc327dd78061
Opcode Fuzzy Hash: 705c08a0394bd9b73860feb809261439ed12196e0565e63619d972d832ddc882
Instruction Fuzzy Hash: F4117F72409380AFDB238F55DC44A62FFF8EF4A710F08849AEE858B563D275A518DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0186A65A, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0186A6CC

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 59431c6d15835542e4e8da7ff74bb9c74ab4ff62994aad62a26f7803c4fe95f8
Instruction ID: efcf5ac144985fb067a7a2c32de302a39593b93e4a1647e25f68f76cc71a711f
Opcode Fuzzy Hash: 59431c6d15835542e4e8da7ff74bb9c74ab4ff62994aad62a26f7803c4fe95f8
Instruction Fuzzy Hash: 66115C7540D3C45FDB138B25DC54652BFB4DF07220F0980DBD9859F1A3D2699948CB72

Uniqueness

Uniqueness Score: -1.00%

Function 05A3052B, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05A30595

Memory Dump Source

Source File: 00000000.00000002.250078505.0000000005A30000.00000040.00000001.sdmp, Offset: 05A30000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: de27a2b55bdd58072321459f8df75e5d3859ef112fc9790bdcf0ca2930474039
Instruction ID: 6b11d996ad518c57ec5deaa6135d402305f5a3dcbeec913a746f5092b6ce8586
Opcode Fuzzy Hash: de27a2b55bdd58072321459f8df75e5d3859ef112fc9790bdcf0ca2930474039
Instruction Fuzzy Hash: F3118E714093849FDB228B15DC45F62FFB4EF06224F08C49EED854B563D265A418CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0186A9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 0186AA4A

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: e31b50d5331604f85448ff90981513f71a049c63c58fc39f6d79e2ff207c3eaf
Instruction ID: 3ead2a3fdb41447029ac5116a3ec143ebe1989c9571454f9b6495588d26a8db2
Opcode Fuzzy Hash: e31b50d5331604f85448ff90981513f71a049c63c58fc39f6d79e2ff207c3eaf
Instruction Fuzzy Hash: AE1182354097849FD722CF15DC45B56FFB8EF05720F08C49AED858B262D375A518CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0186B49E, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0186B4E9

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 13df915a8b3c074e667503386d542ea695360a85659175cad3c5e36ab44abfda
Instruction ID: 73801a991ddd38072daba80022eeb8266222d37ea61ed34ee141eb06b9e5e7fd
Opcode Fuzzy Hash: 13df915a8b3c074e667503386d542ea695360a85659175cad3c5e36ab44abfda
Instruction Fuzzy Hash: A9018C716002049FEB20CE1AD885B66FFECEF44724F08849AEE49CB252D275E508CA72

Uniqueness

Uniqueness Score: -1.00%

Function 0186A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0186A61A

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7c1c2c069e7f37aa9844dcb17dd0c9dd3b07235f90129dea7d3cd29a0a4bba53
Instruction ID: 37655f6edb8dd57fa570c3ad667cc0309fbbdb00a0f05a9d8976f99097890955
Opcode Fuzzy Hash: 7c1c2c069e7f37aa9844dcb17dd0c9dd3b07235f90129dea7d3cd29a0a4bba53
Instruction Fuzzy Hash: D70180754007049FDB218F55D844B56FFE8EF48720F08C4AAEE499B652D375E518CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0186B0BE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0186B10E

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: ConsoleCtrlHandler
String ID:
API String ID: 1513847179-0
Opcode ID: 8f33835023d3c47be9c2e83e9090e8b838fc4e5b6f6f70370a1d528067737043
Instruction ID: 9de5905e4d598616d375c30531b4b6b1f652895da8b86e0131f5f4d155c2e43d
Opcode Fuzzy Hash: 8f33835023d3c47be9c2e83e9090e8b838fc4e5b6f6f70370a1d528067737043
Instruction Fuzzy Hash: E701D172500200ABD310DF1ADC86B26FBE8FF88B20F14815AED084BB45E635F915CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 05A3055A, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05A30595

Memory Dump Source

Source File: 00000000.00000002.250078505.0000000005A30000.00000040.00000001.sdmp, Offset: 05A30000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 6fe1a8c4ff484a45d0490a0367960c98089ce048b332b973f5e5c34d92a1f48a
Instruction ID: 5b2ba674db2e88e0d63d22dfb9a853ba4491e29a07254ba02c4fa8d54ce12f7e
Opcode Fuzzy Hash: 6fe1a8c4ff484a45d0490a0367960c98089ce048b332b973f5e5c34d92a1f48a
Instruction Fuzzy Hash: 6701BC71500200CFDB20CF55D889B66FFA4FF08324F08C4AAEE5A8B652D275E418CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 05A301D2, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05A3020D

Memory Dump Source

Source File: 00000000.00000002.250078505.0000000005A30000.00000040.00000001.sdmp, Offset: 05A30000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 29b4906b12ea114e2500bf51a320ec6a559036b32d9a9c9fe1163f815916dc8d
Instruction ID: 92ef24f4657bde60e26cbe95e6d1b1200b958dee7dfe3fb2b43aa99be1a8b28f
Opcode Fuzzy Hash: 29b4906b12ea114e2500bf51a320ec6a559036b32d9a9c9fe1163f815916dc8d
Instruction Fuzzy Hash: 3A018F35400744DFDB20CF55D849B26FFA4FF04324F08C49AEE590B652D275A418CF62

Uniqueness

Uniqueness Score: -1.00%

Function 0186AA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 0186AA4A

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 638fbcfbd9200b30afd16e75c84ce2eee9401c692b61b94d436833a92fd46552
Instruction ID: ef448887f4c075f391125daec63bf4d2488ce022047fd58fb5c874935cb164d8
Opcode Fuzzy Hash: 638fbcfbd9200b30afd16e75c84ce2eee9401c692b61b94d436833a92fd46552
Instruction Fuzzy Hash: A001D1754002048FDB218F09D984B1AFFA8EF04721F08C09BDE495B652D275A508CFB2

Uniqueness

Uniqueness Score: -1.00%

Function 0186A69A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0186A6CC

Memory Dump Source

Source File: 00000000.00000002.244504639.000000000186A000.00000040.00000001.sdmp, Offset: 0186A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 528ce9ca298179bf51bcf7bc770d70ffdadb0ee95b27d7079c4457724611a301
Instruction ID: a20443e12c9ab14f9ffbb8e4772ceb73b076430cc064fc18e851439a10827968
Opcode Fuzzy Hash: 528ce9ca298179bf51bcf7bc770d70ffdadb0ee95b27d7079c4457724611a301
Instruction Fuzzy Hash: ECF0C2744042448FDB10DF19E884766FFA8EF84720F08C09ADD499B356E279E948CEB2

Uniqueness

Uniqueness Score: -1.00%

Function 033F4D62, Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

@, xrefs: 033F4E91

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0a82448cc248668f35b1b3ddc1aa5eeb3f2ebcd8ef01e41d1291d87b025488ac
Instruction ID: 230bb57bc4de2ed52e30c9252aefe8236ec3aed5753e97d3a5da428bd186a907
Opcode Fuzzy Hash: 0a82448cc248668f35b1b3ddc1aa5eeb3f2ebcd8ef01e41d1291d87b025488ac
Instruction Fuzzy Hash: C1C18C74E042288FDB64CFA9C880B9DFBF5BB49304F5481AAE958E7311E7349A81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 033F05A8, Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

`5(r, xrefs: 033F072D

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: `5(r
API String ID: 0-3683955166
Opcode ID: b82861a17034cd8e855c0bb54f81b691e78473e2397bc55301890092dc46e96f
Instruction ID: c0f698242fb398cd9c0695856b15df626e06964b9506badbb94add7c569b3dcc
Opcode Fuzzy Hash: b82861a17034cd8e855c0bb54f81b691e78473e2397bc55301890092dc46e96f
Instruction Fuzzy Hash: B091E574E01218CFDB18DFA9C994BADBBF2BF49310F6041A9E505AB3A1DB319945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 033FB470, Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

;9d, xrefs: 033FBC27

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: ;9d
API String ID: 0-1194992636
Opcode ID: 89df8f262f4fef38b17184f09e0956fb9b6fc581107ec7beff3eadb04c6b7664
Instruction ID: 742b7ee244dbab5d23aaafe7700d981366cb09e3df4b7e6221e93c4525659065
Opcode Fuzzy Hash: 89df8f262f4fef38b17184f09e0956fb9b6fc581107ec7beff3eadb04c6b7664
Instruction Fuzzy Hash: 187126B4911208DFCB08DFA8E68989DBBF2FB58305F64C269E505AB714DB389D42CF54

Uniqueness

Uniqueness Score: -1.00%

Function 033F4800, Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

H'r, xrefs: 033F48B6

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: H'r
API String ID: 0-336914518
Opcode ID: eac8b8e04ad440dd60987136e6ecdd2cea6ffe1a71922c72a22e9ee5bbda5d40
Instruction ID: 99bcbbcd8d0e9cec387a24adbc86671746a589554bd6bcb882f4154971b6b289
Opcode Fuzzy Hash: eac8b8e04ad440dd60987136e6ecdd2cea6ffe1a71922c72a22e9ee5bbda5d40
Instruction Fuzzy Hash: 1951C2B4E042099FCB49DFAAD8845AEBFB2EF89300F14816AD814A7355EA755A41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 033F528F, Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

C, xrefs: 033F5295

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: c4434676383d37a6d98088c5e5b7feabbbe853af731c7b04db75b3b0d12ca575
Instruction ID: 1ff82957a95cc7ad359df7495b0184df206a43060e89bde88510a4a2e3caf9b2
Opcode Fuzzy Hash: c4434676383d37a6d98088c5e5b7feabbbe853af731c7b04db75b3b0d12ca575
Instruction Fuzzy Hash: 7F41D2B4E00218CFDB64DFB8C884A9CBBB1FB0A310F5486AAD559EB251DB349985CF14

Uniqueness

Uniqueness Score: -1.00%

Function 033F4810, Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

H'r, xrefs: 033F48B6

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: H'r
API String ID: 0-336914518
Opcode ID: b4293db24193f629fd16fe60509d7fcd02aeaf16e65fa0c52405e153a5dbc54b
Instruction ID: 80c91fbaeae349f1da84a763fd0dcd583c3b9b560322803d4d050e6d1b1f906a
Opcode Fuzzy Hash: b4293db24193f629fd16fe60509d7fcd02aeaf16e65fa0c52405e153a5dbc54b
Instruction Fuzzy Hash: E7314FB4E006199FDB08DFAAD8845EEBBB2BF89300F148169D804B7354DB755A429F54

Uniqueness

Uniqueness Score: -1.00%

Function 033F4C90, Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

$, xrefs: 033F4CEF

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 6d4caa4abeeb4807aa0a29c9ab0fbe430e53f97df273d05b86222354b07f92ff
Instruction ID: a19dc2d9487cd6d8474ccc56b4ab6a3d2079e6f530aedabfcf171cf911e625fa
Opcode Fuzzy Hash: 6d4caa4abeeb4807aa0a29c9ab0fbe430e53f97df273d05b86222354b07f92ff
Instruction Fuzzy Hash: F0315EB4D01219DFCB14DFA9D9896AEFBF4EB08314F6494A9E914E7340E7349A80CF60

Uniqueness

Uniqueness Score: -1.00%

Function 033F46D8, Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

X$(r, xrefs: 033F476A

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: X$(r
API String ID: 0-4092569815
Opcode ID: 310b959673e24268f1c9d2da4f3bd0672a4a0a7d145618f633c0b2f0526c7496
Instruction ID: 35995a596b2375839c601e5c73067a419a4c8b81aaff98f6d5cd4f827351a61e
Opcode Fuzzy Hash: 310b959673e24268f1c9d2da4f3bd0672a4a0a7d145618f633c0b2f0526c7496
Instruction Fuzzy Hash: AF21EFB4D00209DFCB05DFA9C984AEEBBB2FB49300F2080AAD810A7351D7765E45CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 033FB693, Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

"AO_, xrefs: 033FB6FB

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: "AO_
API String ID: 0-3591520497
Opcode ID: cf7a40bfe45df790bdfab24c41e23505792ecb9c6a5fccb617fe5928fb6ee399
Instruction ID: 7338098c13b9de0213740f0d4048edf8a478d29191f3825279f12b5a7989d0c6
Opcode Fuzzy Hash: cf7a40bfe45df790bdfab24c41e23505792ecb9c6a5fccb617fe5928fb6ee399
Instruction Fuzzy Hash: C301A2B092121DCFCB58DF64EA4AB88BBB6FB59301F50819A990DA6715DB345E818F10

Uniqueness

Uniqueness Score: -1.00%

Function 033F59E8, Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d99bb230790d041701ce4dd2c95105478f8c604f0d1ffd17d0d3b6344d40dea5
Instruction ID: 8b86a1b3781da2d9053832ea477a54a7a5ac587ce8b7fec3a22a052992b68c42
Opcode Fuzzy Hash: d99bb230790d041701ce4dd2c95105478f8c604f0d1ffd17d0d3b6344d40dea5
Instruction Fuzzy Hash: 7D812374D042098FDF00CFA9C9C49ADBBF5FF0A324FA886A9E555EB395D2309941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 033F56B1, Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5972be3a28cb9905d05f499fabf9cb191d5bedbd870ee1531912333ef3bc1ca9
Instruction ID: 14fd64c4d9437b846d2385b76e7da366d388a30935761462ff6bd49e3cba12ca
Opcode Fuzzy Hash: 5972be3a28cb9905d05f499fabf9cb191d5bedbd870ee1531912333ef3bc1ca9
Instruction Fuzzy Hash: 4F81E474E04229CFEB50CFA8C880B9DBBB6FF4A324F9485A5E518FB251D73199858F10

Uniqueness

Uniqueness Score: -1.00%

Function 033FB3D0, Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c53da74f8cbc5d9c0942bd29335193e2428726d1705dc3d2949a16e3f0361478
Instruction ID: 5ed190b9379a494c7080b8d98134fa26cf989eab6a20d3327d2bdf84e0be54ac
Opcode Fuzzy Hash: c53da74f8cbc5d9c0942bd29335193e2428726d1705dc3d2949a16e3f0361478
Instruction Fuzzy Hash: 4D618FB0912206DFCB04CFA8EAC598CBBF1FF49306B58C659E5059B725E734AA41CF94

Uniqueness

Uniqueness Score: -1.00%

Function 033F0599, Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d57347d3254e0d8e09547d7eadb0cfc9cc6b7123d183f7268bd67815a9dfae4
Instruction ID: a30becaaeb4b2e5b6765f18ca596da7612d2c963fb8bd7a8672763a87b345749
Opcode Fuzzy Hash: 3d57347d3254e0d8e09547d7eadb0cfc9cc6b7123d183f7268bd67815a9dfae4
Instruction Fuzzy Hash: 6E71F774E00218CFDB58CFA9C994BADBBF2BF49310F6481A9D505AB391DB319985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 033F0271, Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2d3262a0e8d9edba0c75ceb2a57b3ecadc5bccf99ac3c8faac6753d8b1ae964
Instruction ID: 5819aff372ad2d663411cfba9d556d02973f8b6ee1cbbf4b441b28ed724c2706
Opcode Fuzzy Hash: d2d3262a0e8d9edba0c75ceb2a57b3ecadc5bccf99ac3c8faac6753d8b1ae964
Instruction Fuzzy Hash: 3251AFB8A00618DFDB05CFA8C984A9DBBF1FF4D310F145496EA02BB361D635AA44DF61

Uniqueness

Uniqueness Score: -1.00%

Function 033F592E, Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5189394d48635b419afe5f8069042382734e1740592820d14771475cdf62943e
Instruction ID: 89b51105acfed3122f8115c54694c77278841c7f2fa9a43b9025a3bf32b44657
Opcode Fuzzy Hash: 5189394d48635b419afe5f8069042382734e1740592820d14771475cdf62943e
Instruction Fuzzy Hash: 5741E674E002298FDB50DF78C884B9DBBF5FF4A224F9485A5E558E7390E73099818F21

Uniqueness

Uniqueness Score: -1.00%

Function 033F0280, Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ec58ba1c16d5eb2ae2da0a8784d0c64c6dc389dc91bc6948fe681a45cf7fa9c
Instruction ID: a32ab7291732add922571a2b32eb9a36f9e6c9f2efcfadbbdeca92f4e9397434
Opcode Fuzzy Hash: 8ec58ba1c16d5eb2ae2da0a8784d0c64c6dc389dc91bc6948fe681a45cf7fa9c
Instruction Fuzzy Hash: 6A419EB8A00618DFDB14DFA8C884B9DBBF1FB4D310F145495E602BB361D635A944DF61

Uniqueness

Uniqueness Score: -1.00%

Function 0187A6EC, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27f5e98df2ea06545d959844443409aebcd33eb6079c7eaf84df83d7bee3c77c
Instruction ID: 20b7b4570918221444993ee1d458f58c9115f109a7e801a86fc4b502ffcbfb69
Opcode Fuzzy Hash: 27f5e98df2ea06545d959844443409aebcd33eb6079c7eaf84df83d7bee3c77c
Instruction Fuzzy Hash: 4D3191B6508340AFD311CF19DC41D57FBE8EB89620F08C96EFD499B211D275A804CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0187A944, Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b23111f45f83b0b5d7124b33da2fc512c5708e34c88fe70c4170c75ce27268b9
Instruction ID: 36ddcda908275674dabf5d7881dea6ae40262585df417e193d029e43a9466e62
Opcode Fuzzy Hash: b23111f45f83b0b5d7124b33da2fc512c5708e34c88fe70c4170c75ce27268b9
Instruction Fuzzy Hash: 263180B6508344AFD711CF09DC41A57FFE8EB89620F08C95EFD499B211E235A9148BB2

Uniqueness

Uniqueness Score: -1.00%

Function 0187A5C0, Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84df4bf83d6d2292cee93424b528c8c8fb68c8802d85c2d5e0841279c1f8e519
Instruction ID: cc269d3b9a03cfd459dc5f62813e730a40a183b0e9f2255dbc6046957b2e8f7e
Opcode Fuzzy Hash: 84df4bf83d6d2292cee93424b528c8c8fb68c8802d85c2d5e0841279c1f8e519
Instruction Fuzzy Hash: 4821A376504704BFD7118E59DC41D67FFECEB85670F18C86EFE499B211E236A8048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0187A824, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4292a2cf5b162e399bc58d12cd72e0682997c1015c63db7bb4cae0c94f69c6ed
Instruction ID: 8f0eb68842af515e46009c6bc1118f1ab8279c2601c0efd53aeae20c211df6e5
Opcode Fuzzy Hash: 4292a2cf5b162e399bc58d12cd72e0682997c1015c63db7bb4cae0c94f69c6ed
Instruction Fuzzy Hash: 98215EB6504304AFD310CF0AEC45E67FBE8EB89660F04C96EFD4997211D235E9148BB2

Uniqueness

Uniqueness Score: -1.00%

Function 033FE274, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5ed1547773d1d224381332a208f2f806da1992ad0ed7b6b972b3cf5886944e2
Instruction ID: 5dae4bf35eb20f8ffa48ec30b0f09cd5337914a84d8e180c38bcafc7e5d78d99
Opcode Fuzzy Hash: b5ed1547773d1d224381332a208f2f806da1992ad0ed7b6b972b3cf5886944e2
Instruction Fuzzy Hash: 4A311874D0520ACFCB04DFA4C899AEDBBB1FF49310F1481AAD905A7361E735AA54CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0187A3AC, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 948950a698e7eef970120a21252dad6523f66a552100eaa554093cb6e0a5d512
Instruction ID: 7f543f2034bbb1a2319aecae257afe15956cf7dfd9d7791817684b7a2371bd63
Opcode Fuzzy Hash: 948950a698e7eef970120a21252dad6523f66a552100eaa554093cb6e0a5d512
Instruction Fuzzy Hash: C221F4B6509300AFC7008F16EC41953FFE8EB85630F08C86EFD499B211D235A408CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0187AAC8, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60b7345864faed49d671fb0294f20bbd851e354ce2931131b53a2964d78af49c
Instruction ID: a61be4b9bfecd163b4b7ed33d5d617041b4836f4e22a4a0aea368662e862925d
Opcode Fuzzy Hash: 60b7345864faed49d671fb0294f20bbd851e354ce2931131b53a2964d78af49c
Instruction Fuzzy Hash: 20314DB550E3C19FD302CF298850956BFF4EF86614F0888DEE8C4DB252D2759908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0187A191, Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e856c722128165429e3f0f2baa7b0b9009c2d13d6d3c503abaaf754483b307
Instruction ID: aae71831378c600eee8a5a9b4f08c43c264fcb9871cf0f5343044c9167976a46
Opcode Fuzzy Hash: e5e856c722128165429e3f0f2baa7b0b9009c2d13d6d3c503abaaf754483b307
Instruction Fuzzy Hash: CB21B376505304BFD7118F0A9C41E67FFACEB85A30F08856EFD099B211D235B9148BB1

Uniqueness

Uniqueness Score: -1.00%

Function 033F0006, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86a494b884751e5019b173a5f6779ac1e71a96a3b5008591a5ddbf46869245e3
Instruction ID: a7076ee59dbb792ce761f2ee7b75b9cda4e386c6e1ea2369b7b9a03c6588eb23
Opcode Fuzzy Hash: 86a494b884751e5019b173a5f6779ac1e71a96a3b5008591a5ddbf46869245e3
Instruction Fuzzy Hash: 41216D3180E3C68FC356CB78CCA579ABFB1AF07201F1944DBC480EB293D2295815DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 033F7151, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7db7321a1efc319070313ec53b30f4515d14fdd58ec146786c164173510b8530
Instruction ID: 49221c318406f8d52675822c89a882c62ed13368742f7c6fbca107d95796e06d
Opcode Fuzzy Hash: 7db7321a1efc319070313ec53b30f4515d14fdd58ec146786c164173510b8530
Instruction Fuzzy Hash: D33114B4E0420ADFCB44CFA9C5849AEBBF1FB88341F5095AAD815A7714D338AA46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0187A716, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6187f4ab4b31d228eb47ed611f751cd3445c37b54817507546de51a4a7cd4a4
Instruction ID: acdb6caf809ce5b2f8278f50470aa8087bc6f4d80801cb113606cd39da3689e1
Opcode Fuzzy Hash: e6187f4ab4b31d228eb47ed611f751cd3445c37b54817507546de51a4a7cd4a4
Instruction Fuzzy Hash: 6D212FB6544304AFD710CF0AEC41A57FBE8EB88670F14C96EFD4997311D275E9148BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0187A842, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a05dff422556896550358e67d680134649096275f975a1aac5b7f74df6d1ae
Instruction ID: 75aa2f7c263c2efc9b52cfc32b0267f460ce0e816af0359a07bd7f5e8e4fd12b
Opcode Fuzzy Hash: 68a05dff422556896550358e67d680134649096275f975a1aac5b7f74df6d1ae
Instruction Fuzzy Hash: 852130B6544304AFD310CF0AEC41A57FBE8EB88670F14C96EFD4997311D275E9148BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0187A96E, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee250f7c8fd0916926d211c1a8f005a3c6d1bc71397e7101046327a410b23150
Instruction ID: 9493968692be5f72092cedab4fd9d3f462e5c274a79a21183bc8c47ce011319a
Opcode Fuzzy Hash: ee250f7c8fd0916926d211c1a8f005a3c6d1bc71397e7101046327a410b23150
Instruction Fuzzy Hash: C52130B6544304AFD310CF0AEC41A57FBE8EB88670F14C96EFD4997311E275E9148BA2

Uniqueness

Uniqueness Score: -1.00%

Function 033F7160, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab054d80517aa7760e1272e2a63ae6903027bd7669bd23b091f44b0dad73b7ed
Instruction ID: d453023ce91f92f5acff06dd4a919588283f9f52bcb4a8d8f46e522a7e69f496
Opcode Fuzzy Hash: ab054d80517aa7760e1272e2a63ae6903027bd7669bd23b091f44b0dad73b7ed
Instruction Fuzzy Hash: 473105B4E04209DFCB44CFA9C9849AEFBF5FB88341F5095AAD815A7714D334AA46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0187A3D2, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d429d901e553d96a6e883c8124ea8b1f05e301833bf6d587f5e3345f1499ca7
Instruction ID: 065e6a554f7c85cad7c39d503e8eec1156035c441418ab582e3a7e71b4d1842b
Opcode Fuzzy Hash: 1d429d901e553d96a6e883c8124ea8b1f05e301833bf6d587f5e3345f1499ca7
Instruction Fuzzy Hash: B2118176544204AFD7108F0AEC41A67FBACEB84A70F18C96EFD0D5B611D276A5148AA2

Uniqueness

Uniqueness Score: -1.00%

Function 0187A5EA, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7862eef76a67275f444e7e14274fdfa868e8a5b38a999844e3c62acca8b65d9d
Instruction ID: 1513e184ae1099f96679e3c079d4b683dce8d0fc69f57f973026e074a8184718
Opcode Fuzzy Hash: 7862eef76a67275f444e7e14274fdfa868e8a5b38a999844e3c62acca8b65d9d
Instruction Fuzzy Hash: 9011D372504200BFD3108F0AEC41E67FBADEB84A30F18C96EFD095B311D276B5148AA2

Uniqueness

Uniqueness Score: -1.00%

Function 033FC264, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48bc0dbdad83f3860da2e20e78629a0ff95e12e0fbf8f06629bf5bd271099123
Instruction ID: 9f0bd35f9e67eb640707e5a4271662cbe864b455e69827a02bbe49dffbf64c9f
Opcode Fuzzy Hash: 48bc0dbdad83f3860da2e20e78629a0ff95e12e0fbf8f06629bf5bd271099123
Instruction Fuzzy Hash: 242126B4D0020ADFCB04CFA9D98959EFBF6FF98300F1481AAD908A7354D734AA01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 033F4990, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8068e96f995d805532805aaff8e10656f6dfc2063bf6d731b63ae8b89221aafb
Instruction ID: a22dfc8665df57b285a0ae6f0aecb10bbd8ec184582c1e242ede2119486d7bf0
Opcode Fuzzy Hash: 8068e96f995d805532805aaff8e10656f6dfc2063bf6d731b63ae8b89221aafb
Instruction Fuzzy Hash: 90215874E09208EFCB15DFA9D840AAEFBBAEF49310F1440AAE904A3311D6761E51DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0187A640, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a275fd7d5f10804eb298039c3f59d70dd97f01e761e1f48a5b53c4a0bbd1e3d
Instruction ID: a11a4d69ca834b0677395eb2929a5e3aeea93a5b0f36f61c9a5cdc908fe9a53b
Opcode Fuzzy Hash: 6a275fd7d5f10804eb298039c3f59d70dd97f01e761e1f48a5b53c4a0bbd1e3d
Instruction Fuzzy Hash: D2218EB550D3806FD302CF25DC51956BFF4EF86620F0989DEF8889B252D234A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0187A1BA, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47af0abf5bd3a89ebfa1652da0dc6bb562986ce643e8eb69d184d431f1280272
Instruction ID: 0e2d1e85d194c48e811b6612690e744a706d37844eaf98cebdce308a4c11be40
Opcode Fuzzy Hash: 47af0abf5bd3a89ebfa1652da0dc6bb562986ce643e8eb69d184d431f1280272
Instruction Fuzzy Hash: F711C676640204BFD7108E0AEC41E67FBACEB84A70F08C56EFE095B601D276B5148BB1

Uniqueness

Uniqueness Score: -1.00%

Function 033F7278, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c89113480de40cc200cb70913c048bdc866d063cdf38ea32a44f12795cec80
Instruction ID: 1c579770824da9c79c08a6019b97f081536db72d6cc9791070e6b25e1f50921b
Opcode Fuzzy Hash: d6c89113480de40cc200cb70913c048bdc866d063cdf38ea32a44f12795cec80
Instruction Fuzzy Hash: 572118B0D0420AEFCB04CFA9C5849AEFBF5FF89300F5585AAD508AB214D330EA418F91

Uniqueness

Uniqueness Score: -1.00%

Function 032E075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245215452.00000000032E0000.00000040.00000040.sdmp, Offset: 032E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e15327e3ad1016eff76d423011519b5e2091d688a642a842fbbcfcfb4b50d843
Instruction ID: 09ad70ac5681699e93991797beef0105dd746f5d360da4c402d7a82583f75a4a
Opcode Fuzzy Hash: e15327e3ad1016eff76d423011519b5e2091d688a642a842fbbcfcfb4b50d843
Instruction Fuzzy Hash: CE113630214245DFD301CB25D881B26FB95EB88708F28C5ACE8891B743C7BBD843DE50

Uniqueness

Uniqueness Score: -1.00%

Function 0187AB09, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62ffd4ad2704929347662606e00504da2d946a183c6520cc60f4582a0ca2ab25
Instruction ID: 12cb47d26194871ec2d1ceb7216591d0c89d563d211c91de060097b4f8668a96
Opcode Fuzzy Hash: 62ffd4ad2704929347662606e00504da2d946a183c6520cc60f4582a0ca2ab25
Instruction Fuzzy Hash: 8711DAB5508301AFD340CF19D881A5BFBE8FB88660F04896EF99897311D335E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 033F00F7, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 846a53a3bec6c5cc711f7a34dcc27973aa970df382a93431e5a0915610a23896
Instruction ID: 46355014b79e377864ae70966cbb57aba08061e22c707dd07a0a6f82ada908ce
Opcode Fuzzy Hash: 846a53a3bec6c5cc711f7a34dcc27973aa970df382a93431e5a0915610a23896
Instruction Fuzzy Hash: B221477090050BCBDB04EFA8E68899D7BB2FB50305F2081A8D511A7295EF719F09CF62

Uniqueness

Uniqueness Score: -1.00%

Function 033F8D11, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8afdb58cf30e4ac92b5a9661a9a83cdd906c3b6536656fa6471229789ceb51d
Instruction ID: bea8fcc571465f753434b5751517b35182dc63a3ec510e8163a01d6b8312208a
Opcode Fuzzy Hash: d8afdb58cf30e4ac92b5a9661a9a83cdd906c3b6536656fa6471229789ceb51d
Instruction Fuzzy Hash: 0E211475D04208EFCB08DFA8C588A9EFBF5EF89314F54C4AAE515AB321C630AA10DB01

Uniqueness

Uniqueness Score: -1.00%

Function 033F8D20, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de698adc1f2bbac48f556df9a5e36a6ce249fd0a3b8bbf1e1d2d1ad5fc8e55e8
Instruction ID: 9452f76957f4b0ed4b1c6bd4e7e5ffb2b44534f02b7334174be87ce97655a22b
Opcode Fuzzy Hash: de698adc1f2bbac48f556df9a5e36a6ce249fd0a3b8bbf1e1d2d1ad5fc8e55e8
Instruction Fuzzy Hash: 5A111675D04208EFCB08DFA9C58899DFBF5EF89300F55C4AAE515AB264D730EA40CB41

Uniqueness

Uniqueness Score: -1.00%

Function 033F8C48, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 402604cdc111c338ecf3bff94fe326892a202ce334caef9cc9cecf36dc0c73dd
Instruction ID: f3c5bd3e39120513943eda6735de9a71bb1f53d4f0222ec40a27639e92e21bc9
Opcode Fuzzy Hash: 402604cdc111c338ecf3bff94fe326892a202ce334caef9cc9cecf36dc0c73dd
Instruction Fuzzy Hash: F6118BB0D0A249EFDB08CFA9C58459DFBF5EF49304F14859AD519AF215D3308741DB84

Uniqueness

Uniqueness Score: -1.00%

Function 033FC290, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9561174b55c32f5e942179edf23ebf28fc611e2e90fda2aa144535565055224a
Instruction ID: 1f82570053f5fdfa338dafde0110f6ec1c8fd29ae7fc66011467bdfad01097f7
Opcode Fuzzy Hash: 9561174b55c32f5e942179edf23ebf28fc611e2e90fda2aa144535565055224a
Instruction Fuzzy Hash: 0C21D3B4E0421DDFCB04CFA9D9885AEFBF6FB88300F20916AD909B7354D7349A418B94

Uniqueness

Uniqueness Score: -1.00%

Function 0187A118, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e64488e6abe58958fbecfe8b1f1fb97bccd83c24f495eef4cb3d8c1aa6a28d43
Instruction ID: 7fe9c1d418778b2c8ff246fd47235ec3d6b0a024357d42a69a3fcbf1c6532e2c
Opcode Fuzzy Hash: e64488e6abe58958fbecfe8b1f1fb97bccd83c24f495eef4cb3d8c1aa6a28d43
Instruction Fuzzy Hash: AE01B1B150E3C06FD31287655C55A92BF78DF43660F0C84CBE9849F193D21A6909C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 033F0108, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e376757077fb0426aef634d3b68bca5e925e41a837139404cbab53dcbaeec5c
Instruction ID: 41c8e628c8ba132c4b00213825b54755762cb21e90ec16a095b2088fe5a05b35
Opcode Fuzzy Hash: 4e376757077fb0426aef634d3b68bca5e925e41a837139404cbab53dcbaeec5c
Instruction Fuzzy Hash: 9B112B7090050BCBDB04EBA8E68889D7BB6FB40305F608068D515A7394EF709F05CF62

Uniqueness

Uniqueness Score: -1.00%

Function 032E05CF, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245215452.00000000032E0000.00000040.00000040.sdmp, Offset: 032E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3fa025276b21d10d37c3c5025b7ba2985d8e72038e6993e815e153a352c1aca
Instruction ID: 1a980ecf60635f931c0a6617b1e9cc8d71a3a7b3ff8657203d611271dd467838
Opcode Fuzzy Hash: e3fa025276b21d10d37c3c5025b7ba2985d8e72038e6993e815e153a352c1aca
Instruction Fuzzy Hash: E201F9B65083805FD7128F16DC40863FFACEB86620749C5AFED4D8B612E225B808CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 032E0747, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245215452.00000000032E0000.00000040.00000040.sdmp, Offset: 032E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe0b1a1010773e89cf44458c747616fff3292559a2330bfb7389b661a60172c
Instruction ID: af0813c80f6b95e152178f4322d83c15895fd06d24c42d977215a65eacb49488
Opcode Fuzzy Hash: cfe0b1a1010773e89cf44458c747616fff3292559a2330bfb7389b661a60172c
Instruction Fuzzy Hash: 1B1170351092859FD706CF21C890B15BFB1EB86704F28C6EED8895B693C37AD843DB51

Uniqueness

Uniqueness Score: -1.00%

Function 033FF108, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ff39cd7a9f1c0eb68655813e79ecc4269fe604ab1969a0ab923e16779430037
Instruction ID: 5106b547a7883ed035d1560ba1ec060fe520348e582940fbf75e1d0b02f642e9
Opcode Fuzzy Hash: 9ff39cd7a9f1c0eb68655813e79ecc4269fe604ab1969a0ab923e16779430037
Instruction Fuzzy Hash: F001B174D0520CEFDB08EFA8D58A5ADBFB6FB99300F1080AAD845A7344CB349A40CF94

Uniqueness

Uniqueness Score: -1.00%

Function 033FF118, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b494cb356942a0efd216b9f2bc31b0bee55ce7e038c199ea4c3502fd3842f42
Instruction ID: c23ff0bc71a81cfc901cda435de9e03e952629f7c741973f0748129d04545c47
Opcode Fuzzy Hash: 2b494cb356942a0efd216b9f2bc31b0bee55ce7e038c199ea4c3502fd3842f42
Instruction Fuzzy Hash: D9016274D1510DEFDB08EFA5D5895AEBBBAFB99300F60C1A9D80963344D7345A10CF94

Uniqueness

Uniqueness Score: -1.00%

Function 033F4667, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 700cfbf167c3e210f97e96e5d7a821fd5997141fb0762bb49212e29b22921fec
Instruction ID: ad210368444b5d6f5cd8b0d032533e12b84d1c0eb3bcb97bb5daf603bb305d5d
Opcode Fuzzy Hash: 700cfbf167c3e210f97e96e5d7a821fd5997141fb0762bb49212e29b22921fec
Instruction Fuzzy Hash: 6D01E2B4E092098FCB15CFA9C4405AEFBB2FF49300F5485AAD944A7362E6355A41CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 033F03E8, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5312ede188fab1410320a327ee783810cf09d3311b0e14a6304b70711df902e
Instruction ID: 4932e954eec29345956daa21678cfd44f12f19469860eab5cab5d4b661ee69db
Opcode Fuzzy Hash: f5312ede188fab1410320a327ee783810cf09d3311b0e14a6304b70711df902e
Instruction Fuzzy Hash: 6CF0BE30E4A308AFC709DBB4C550FAFB377DFC6204F6144A885002B286CF745E01DAA6

Uniqueness

Uniqueness Score: -1.00%

Function 033F4A12, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e79319c2dff6f304a3499dbbf95f2b2af56b3e6cc4a201bc6241c1469e869f5
Instruction ID: 3837fec60c1a2d54cdec2e9713727f3f329d45b46482167fcdffdcad843d9e87
Opcode Fuzzy Hash: 5e79319c2dff6f304a3499dbbf95f2b2af56b3e6cc4a201bc6241c1469e869f5
Instruction Fuzzy Hash: A8016970905249DFCB91DFB8E5485987BF0FB46204F2080EAE9018B224EB315E45CF61

Uniqueness

Uniqueness Score: -1.00%

Function 033F5C99, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d318b288b85ab4f9463fa9876d43563abacbbffb2412f8c7ff0c4d02189c689
Instruction ID: 887c061129bb07780946e56b0d2dd9265fe47399dcb6e9fc544e2a87f720a4be
Opcode Fuzzy Hash: 6d318b288b85ab4f9463fa9876d43563abacbbffb2412f8c7ff0c4d02189c689
Instruction Fuzzy Hash: 31F0AFB4D15306EFDB54CF78DA4C29CBFB1EB86321F1081AAD50AA2218D2349B549B00

Uniqueness

Uniqueness Score: -1.00%

Function 033F4678, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8fa9d5b47924206b024c488dad907fc7fa25bb1fbdd7af9cddad2cd5e3103c3
Instruction ID: 41ac75c26debfc70ccbc4e88de20ef4df65359419c01e0f8036f6fcf9854ab13
Opcode Fuzzy Hash: a8fa9d5b47924206b024c488dad907fc7fa25bb1fbdd7af9cddad2cd5e3103c3
Instruction Fuzzy Hash: 7001C4B4D04209DFCB04DFA9C4819AEFBB6FF48300F10846AD914A7355E7349A41CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 033F0070, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b2066e1430a1c0943444619c98bdb9f350074f0a16db34a0e85d5451307670d
Instruction ID: eb3232acfd6fd981b56aaf63750a9cbc52904f7ed4812d46232973d1e6beb80c
Opcode Fuzzy Hash: 9b2066e1430a1c0943444619c98bdb9f350074f0a16db34a0e85d5451307670d
Instruction Fuzzy Hash: 4FF08270D1110A9FDB58DF68C8597AFFAF5DB49300F501829D110B3341DA7959048BE5

Uniqueness

Uniqueness Score: -1.00%

Function 033F0532, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad23f9f36786ecdf8fc0619a61a9d5b79d49e2176da8eec72615924ded0c30d4
Instruction ID: 11486d60e8f527268221797542163d5f5c013621fdcb4781d757e4b9f0664823
Opcode Fuzzy Hash: ad23f9f36786ecdf8fc0619a61a9d5b79d49e2176da8eec72615924ded0c30d4
Instruction Fuzzy Hash: 690114B4905208DFCB01DFA8C5889ADBBF4FB09200F5485D9E844A7316E370EE00CB91

Uniqueness

Uniqueness Score: -1.00%

Function 033F03F8, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe34132448055989c33467cd76aa68512bd0e3f34de0325c4ce4545cb7b0713
Instruction ID: bada367c75c840d3037a243c0cf916bbcae88e3ec204ca5934f587fe1f611652
Opcode Fuzzy Hash: cfe34132448055989c33467cd76aa68512bd0e3f34de0325c4ce4545cb7b0713
Instruction Fuzzy Hash: E8F03034E462089BD708DBB5C540FAFB377DFC6204F6154988505333458E759F11DA65

Uniqueness

Uniqueness Score: -1.00%

Function 033F5CA8, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afe7f9d152c1aae18a1231feb8c3098863fb4fd55c40a8b2d2e9b1c9be96ab64
Instruction ID: a1b1645431f978607b0da1b35a9c2d97895d4d4b29c3bb414b7f90bf503e9928
Opcode Fuzzy Hash: afe7f9d152c1aae18a1231feb8c3098863fb4fd55c40a8b2d2e9b1c9be96ab64
Instruction Fuzzy Hash: D9F0B474D09209EFDB14DFA4D58C19CBBB9EF4A311F508099E60EA3318D7308B949B51

Uniqueness

Uniqueness Score: -1.00%

Function 032E0818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245215452.00000000032E0000.00000040.00000040.sdmp, Offset: 032E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
Instruction ID: 721714d5a4b89415c0a0c5fa689232d1d9c4834e336f49528ca43e489ac6c092
Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
Instruction Fuzzy Hash: E5F01D35104645DFC706CF40D941B15FBA6EB89718F28C6ADE9490B752C377E813DE81

Uniqueness

Uniqueness Score: -1.00%

Function 033FB732, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b423e62e7f68f4d2492499dfe98ba27e9d54713fdf1b0607921babc119155ed
Instruction ID: a1894f2ceb90a59948c6ff884fa69a4bcdfce7a343232c081a4104b5476019eb
Opcode Fuzzy Hash: 1b423e62e7f68f4d2492499dfe98ba27e9d54713fdf1b0607921babc119155ed
Instruction Fuzzy Hash: 59014FB4A11208DFDB14CF64E98AA9DBBB1FF49300F10C199D54997710DB389E81CF11

Uniqueness

Uniqueness Score: -1.00%

Function 03320ACF, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c8aca3c717b3ca5c05699375f6db701d732054927be47338f7dd4ca0924dde1
Instruction ID: 5b214d50523711d43bb3c3d001a911f39553c7c4d4af23a8450d0f456f5ccfa9
Opcode Fuzzy Hash: 0c8aca3c717b3ca5c05699375f6db701d732054927be47338f7dd4ca0924dde1
Instruction Fuzzy Hash: 3C01BD75900228DFCB54CFA8CC85BD8BBB4FB88305F5081DAD949EB641D735AA86CF10

Uniqueness

Uniqueness Score: -1.00%

Function 033FF578, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02201aa3add562d7c29877d4d7dbb27a9cddaf7923057314e955b2ad753d5023
Instruction ID: 5f33a48b10389c824f159b5bd7bf8dfef153dc0c1cc9855aa096425d7df7c701
Opcode Fuzzy Hash: 02201aa3add562d7c29877d4d7dbb27a9cddaf7923057314e955b2ad753d5023
Instruction Fuzzy Hash: 5DF05871C0420CAFCF11EFB8D9496ADBFB1EB08300F00829AE858A2250D7359A60DB91

Uniqueness

Uniqueness Score: -1.00%

Function 033F4A20, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef24ec4f6cbefb803bf65cd4b3204a0e54ecc116a17621d341e17068330a8604
Instruction ID: 0ed6efb0b3f66ea629b3ee7e6ac0120910b34a8e84bc520ced84df416083cb82
Opcode Fuzzy Hash: ef24ec4f6cbefb803bf65cd4b3204a0e54ecc116a17621d341e17068330a8604
Instruction Fuzzy Hash: E8F05E7091010ADFCB94EFB8E54D59C7BF5FB85304F208198E90593218EB305E45CF61

Uniqueness

Uniqueness Score: -1.00%

Function 033FBB22, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3252590d99d6525bb8f5f010fa49d709d5f2498aa5395c75910995cc31a4cfb5
Instruction ID: 80f3488983146095ce06f5382f590354c4da989e03748b19a7e57e3b5dcf2971
Opcode Fuzzy Hash: 3252590d99d6525bb8f5f010fa49d709d5f2498aa5395c75910995cc31a4cfb5
Instruction Fuzzy Hash: D5F058B8D05286AFC701CBA8D69448CFFB5EB12211B948499CA529B612D2B49601EB40

Uniqueness

Uniqueness Score: -1.00%

Function 033F5102, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9945e0b6ced1d2d06a7d5ba81144dfdd1473aee61f665b861354b9c435d031d6
Instruction ID: e0627a38d9d4b649cb62adc4cfb9d3f6991770c8f64ad1cc0d909b50782df7d5
Opcode Fuzzy Hash: 9945e0b6ced1d2d06a7d5ba81144dfdd1473aee61f665b861354b9c435d031d6
Instruction Fuzzy Hash: 32F0A030809308EFC716EFA0D8085ADBF32EB03200F10819ED84067251D632AA04CB61

Uniqueness

Uniqueness Score: -1.00%

Function 032E05F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245215452.00000000032E0000.00000040.00000040.sdmp, Offset: 032E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84c911ab6af52b4c4425bd3b4f0f528b9080353bf73335474a87f2fe7d2da4d7
Instruction ID: 7e2c46e06ce857f151472a97a26d40f05d2b20c1d9408ea9dadb03f1305afab0
Opcode Fuzzy Hash: 84c911ab6af52b4c4425bd3b4f0f528b9080353bf73335474a87f2fe7d2da4d7
Instruction Fuzzy Hash: 76E06DB66006004BD750CF0AEC81452F7D8EB84630718C46BDD0D8B701E139B5088EA5

Uniqueness

Uniqueness Score: -1.00%

Function 0187A6A3, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03566f2c1986388b1de1dcec59c4a309c27c8be3bd982684c15b0bc530fa5c92
Instruction ID: 87e439a4f382860d9ecd9fa467cc82b47a227086768dd50d80670b895a3ed45d
Opcode Fuzzy Hash: 03566f2c1986388b1de1dcec59c4a309c27c8be3bd982684c15b0bc530fa5c92
Instruction Fuzzy Hash: DBE0D8B254130067D210CF0A9C46F23FB5CDB54A30F08C56BED081B701E175B5148AF1

Uniqueness

Uniqueness Score: -1.00%

Function 0187A7CF, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26fe642ac5966055dbfa9ff4e17eda876ec29e698b2bc86f65185087be084bec
Instruction ID: 73ddf69ecbcdc7d41be3065e7d6d524cd135d0119b8ec2ccb1d84fa2d995d4d7
Opcode Fuzzy Hash: 26fe642ac5966055dbfa9ff4e17eda876ec29e698b2bc86f65185087be084bec
Instruction Fuzzy Hash: B9E0D8B254130067D210CF0B9C86F53FB5CDB50A30F08C46BED081B701E175B5148AF1

Uniqueness

Uniqueness Score: -1.00%

Function 0187A14C, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45df15c760d87059a6c14cb2ba93ef18cf528c482c1b4b7400f57632b8991aac
Instruction ID: 35f308afa09561a48162875a11ad6937e64fe1757170dab6eb7384433ec4906a
Opcode Fuzzy Hash: 45df15c760d87059a6c14cb2ba93ef18cf528c482c1b4b7400f57632b8991aac
Instruction Fuzzy Hash: EDE0D8B164130067D2109E0A9C46B53FB5CEB40930F08C56BED081B701E175B5048AE1

Uniqueness

Uniqueness Score: -1.00%

Function 0187A363, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de4cafe47a9416a440f3a7c27335c2d9e898704e80ecba2969d2171465938358
Instruction ID: 770ee9987762444f4faa8771d5d72c1f274d4dd305b0354d6e3445f82b76bbdd
Opcode Fuzzy Hash: de4cafe47a9416a440f3a7c27335c2d9e898704e80ecba2969d2171465938358
Instruction Fuzzy Hash: BCE0D8B164130467D2108F0A9C46B13FB5CDB54930F08C46BED081B701E175B5048AE1

Uniqueness

Uniqueness Score: -1.00%

Function 0187AB6B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b2abd12957c603b8d97d1410a0193d2461633c4b760be3b7ff794118cc72f5
Instruction ID: 606b59aaba704fd09b5f9dfa79f24499dfeedad0eed4deaff6fc448b7315dbd4
Opcode Fuzzy Hash: a4b2abd12957c603b8d97d1410a0193d2461633c4b760be3b7ff794118cc72f5
Instruction Fuzzy Hash: 8CE0D8B25413006BD310CE0ADC46B13FB5CDB90A30F08C56BED081B741E175B5148AF1

Uniqueness

Uniqueness Score: -1.00%

Function 0187A57B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc2acb74725e0d6e9d3abc017854c5b6e0715af23a3d1fff52668ebe52cf965c
Instruction ID: 8bc46a8d89615f2926269cdbb750885a89b421616825818299d1d5392420d5da
Opcode Fuzzy Hash: cc2acb74725e0d6e9d3abc017854c5b6e0715af23a3d1fff52668ebe52cf965c
Instruction Fuzzy Hash: 35E0D8B164130067D2109E0A9C46B13FF5CDB40A30F08C46BED081B701E175B5048AE1

Uniqueness

Uniqueness Score: -1.00%

Function 0187A8FB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244532787.0000000001872000.00000040.00000001.sdmp, Offset: 01872000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57881693ee78610e0e6cdd01099716e31f2e95bc881539019ee00c592fe5118b
Instruction ID: 3c48a9eb072ec3a9322dc979e51668a5009dbcde005d12fac1c7487d552e2192
Opcode Fuzzy Hash: 57881693ee78610e0e6cdd01099716e31f2e95bc881539019ee00c592fe5118b
Instruction Fuzzy Hash: 1FE0D8B294130067D210CF0B9C46F53FB5CDB50A30F08C46BEE081B701E175B5148AF5

Uniqueness

Uniqueness Score: -1.00%

Function 033F0220, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2825bbf2a09a9dbfbc5431685122bf6c5e0a2f9006e45709d7cd6c6d4ff3aaa9
Instruction ID: ecc90620fa5f331c997dd6aab8be275e2e9edd922bee1ded454ac94846d60dc5
Opcode Fuzzy Hash: 2825bbf2a09a9dbfbc5431685122bf6c5e0a2f9006e45709d7cd6c6d4ff3aaa9
Instruction Fuzzy Hash: 0EF0A078809345EFCB15CF78E844598BFB2EB06311F5441EEC484933A2E7328E04CB21

Uniqueness

Uniqueness Score: -1.00%

Function 03320DB6, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3485b8f2bafd9b9b5e07a584dc5eefd2f27c48c0bef6236ecb7fc1559e2580c2
Instruction ID: 10e445e0c1f841b9dc7bdd2dad45a2ab586d127363373e3d7fd811b4faef341a
Opcode Fuzzy Hash: 3485b8f2bafd9b9b5e07a584dc5eefd2f27c48c0bef6236ecb7fc1559e2580c2
Instruction Fuzzy Hash: 3A01AB7484022A9FCB65CF60CA84BE9BBB9AB08318F1084E99429A7211C7315AC6DF00

Uniqueness

Uniqueness Score: -1.00%

Function 03320906, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09b30f06a0d0867abefe8d37238d3359ddb0e3b9b95a6f01be013c408ade2ed9
Instruction ID: beb3a929789fdf4d288c25c6d97658507fe60c1c59a8491c97208714e6ff24a8
Opcode Fuzzy Hash: 09b30f06a0d0867abefe8d37238d3359ddb0e3b9b95a6f01be013c408ade2ed9
Instruction Fuzzy Hash: 1EF05835A40329AFEB24CE60CD41FC9BBB8EB48304F108495A208BA2C1C371AA85CF00

Uniqueness

Uniqueness Score: -1.00%

Function 03320EF0, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc38855bd2c167ef2354dc44b8c10c462d037805df3a687ad1a26eefcbd1e039
Instruction ID: c18d331ba22a698dabb549cf4b7b4c41fc326272bf35699d92350fdd5394bc19
Opcode Fuzzy Hash: dc38855bd2c167ef2354dc44b8c10c462d037805df3a687ad1a26eefcbd1e039
Instruction Fuzzy Hash: 64F0F875D102189FCB54CF94C880BEDFBF8EB48304F0481AA9969E72A5DB34AA85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 033F0460, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71d79c9683be596875f6fded5292083924eea3bec5a5d30048f034121834b340
Instruction ID: 5e787298eeac9d2b5226116cc9435860347c99d5da42420050569fe8cdeb1e26
Opcode Fuzzy Hash: 71d79c9683be596875f6fded5292083924eea3bec5a5d30048f034121834b340
Instruction Fuzzy Hash: C8F06574C01208EFCB18EFB8C4485AEBBB1FF04300F2089A9C804A3300EB709A51CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 033F045F, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a6e44054568aecf6dc7b51ff77ed00bfb52ed3806acd15584bf692bc06066f
Instruction ID: 81203f9b2fcf32b8e2a80014eb4a8f152212f02600a193c815f7cce85dd7eb27
Opcode Fuzzy Hash: a8a6e44054568aecf6dc7b51ff77ed00bfb52ed3806acd15584bf692bc06066f
Instruction Fuzzy Hash: 18F01E74C41208EFCB68EFB8C0485AEBBB1FF45300F2089AAC804A3300EB718A51CF90

Uniqueness

Uniqueness Score: -1.00%

Function 03320332, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d8dd9d534736ae8018ebd14d19ff71a18b35797f02a1a242067b9cb97266602
Instruction ID: c384d7abd407a77487c6866bd35cdf9ba4ac0e3bcb5d96968832c5bce4938ba8
Opcode Fuzzy Hash: 5d8dd9d534736ae8018ebd14d19ff71a18b35797f02a1a242067b9cb97266602
Instruction Fuzzy Hash: F1F09D78952269CFDB29CF61DA80BD8BBB1FB48314F0085DAC84976240D7359F86CF50

Uniqueness

Uniqueness Score: -1.00%

Function 03320E35, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e6edcae918aa6b5043542ba8fcf27d4e48808198d76e492483d447cafa2f6eb
Instruction ID: 8be242019125790aa6656672b21a8e486a4b99510a994347ab2c69d24f084334
Opcode Fuzzy Hash: 0e6edcae918aa6b5043542ba8fcf27d4e48808198d76e492483d447cafa2f6eb
Instruction Fuzzy Hash: F7F0CF7688022DCECB64CF20C98A7D8FBB0EB14310F1045D9880DA7661CB715BCACF90

Uniqueness

Uniqueness Score: -1.00%

Function 0332096A, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb2044ec970903433a6278d30afa116f0deb61f25f250fc97b847d8bb69d7a9e
Instruction ID: 1890bd2b415965e947416fbd3b0c450edf097491cfe141e3aa9255280d6460d3
Opcode Fuzzy Hash: eb2044ec970903433a6278d30afa116f0deb61f25f250fc97b847d8bb69d7a9e
Instruction Fuzzy Hash: 9EF0D475D00228DFDB29CFA1C941BECFBB1FB88300F2080AAD559A7292D7355A82CF44

Uniqueness

Uniqueness Score: -1.00%

Function 033204CB, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e6187091707feaff891e7da47c5bd5a0ee0162c993bf2d15b687e7e111c34c
Instruction ID: a2fb6789efb7000f59d5676465cc3295dbcb93173d75e225d62c4340581c9441
Opcode Fuzzy Hash: 59e6187091707feaff891e7da47c5bd5a0ee0162c993bf2d15b687e7e111c34c
Instruction Fuzzy Hash: 79F0B235915129DFCBA4CFA4C980BD8BBB5FB48304F1485DAE41DA7251D735AA85CF00

Uniqueness

Uniqueness Score: -1.00%

Function 033FF588, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5c7c62da47ccd34a7d21358e04b67c61b99b32d6433eebaa0c5d4701d3a1e8b
Instruction ID: 6d18bfc0e9fdb2b4357d9c22d134fb00d161d58a5ea21d3ddb66b7141e7ca2a6
Opcode Fuzzy Hash: b5c7c62da47ccd34a7d21358e04b67c61b99b32d6433eebaa0c5d4701d3a1e8b
Instruction Fuzzy Hash: CBF0C975D0420CAFCF41EFA8D844AADBBB1FB48300F10855AE958A2250D7719660DF95

Uniqueness

Uniqueness Score: -1.00%

Function 033F53E6, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e041bbd55ff24ed65236db24a32456ee08554046ebdc20c4fcf253edb328c85
Instruction ID: 5a00289aa07e7082d4d8b2c399f0e3c613c360d5597959d95c39aaeffe52d5e7
Opcode Fuzzy Hash: 2e041bbd55ff24ed65236db24a32456ee08554046ebdc20c4fcf253edb328c85
Instruction Fuzzy Hash: 22E0DF3490801CDEDB10DB38EC80A2DFB31BB16224F1487DA866AE3290DE3189159F95

Uniqueness

Uniqueness Score: -1.00%

Function 033F5FE3, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef26769ea14c1ff8550e4cc0778848cea9c3076f4ee79d798f4e18938faf2f6
Instruction ID: 572e1a7b212ae70b79de8872eba14d28d6f93e1510b5518d1555b637aa679e14
Opcode Fuzzy Hash: 3ef26769ea14c1ff8550e4cc0778848cea9c3076f4ee79d798f4e18938faf2f6
Instruction Fuzzy Hash: 36F08C7082222ADEDB41CF28E980B89BBB0FF05210F2013E5D205AB194E7305A41CF81

Uniqueness

Uniqueness Score: -1.00%

Function 033F649C, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ecebab6b5b787cb98e5f1d27a95ffa6e5ba716a33d852ebd235411db7f31a08
Instruction ID: d2cf93ac91d188bb9f53988e3ea5fc8ea56364ce68b637ce58ebdb516eafcb25
Opcode Fuzzy Hash: 7ecebab6b5b787cb98e5f1d27a95ffa6e5ba716a33d852ebd235411db7f31a08
Instruction Fuzzy Hash: 22F08C74D0A22A8FDBA0CF68CC80A9EBBB6BF46200F2045CAD109EB251D6305E848F11

Uniqueness

Uniqueness Score: -1.00%

Function 033F5110, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0de8d2cd20054efd8d8d888e97b2654bc91c416ea6e185f4c728ad3f9f630b1b
Instruction ID: ac55e34d4cb0f1a454dfd7e7922905969b21b3c0f63c58bc8f258a5dac5ce879
Opcode Fuzzy Hash: 0de8d2cd20054efd8d8d888e97b2654bc91c416ea6e185f4c728ad3f9f630b1b
Instruction Fuzzy Hash: 94E0463080120CEFCB18EFA4E9499ADFB32EB42301F1091A9EC1423340DB70AA50DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 033F0230, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a47d2f23eddfe73532a74ae0c7c658fdca040044557df7230e291621836b9f9
Instruction ID: 2229541c1f568d240713d6fe6e8d6759f0721f736bbb3dbc332cd5fb19ce01e3
Opcode Fuzzy Hash: 4a47d2f23eddfe73532a74ae0c7c658fdca040044557df7230e291621836b9f9
Instruction Fuzzy Hash: 44E04F34909309EFCB18DFA8E54959CBBB6FB45301F5080A9D84553345EB719E50CB61

Uniqueness

Uniqueness Score: -1.00%

Function 033F7B5D, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c2c2467297d09624f1292fb2e69a338161c7c3b6aef63d42af1e01a1379a455
Instruction ID: 2d8c04aca04899b72cf966e7f5b765632fe59c2d249ea70b33eefe937c668acd
Opcode Fuzzy Hash: 5c2c2467297d09624f1292fb2e69a338161c7c3b6aef63d42af1e01a1379a455
Instruction Fuzzy Hash: 7FF074749053A9CFDB61CF64C984BD8BBB0AB48315F1110DAE809AB354DA359E80CF10

Uniqueness

Uniqueness Score: -1.00%

Function 033F641C, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e39fd24fde833a64c89a85ad1ddc86e774f5c5b9927c46e220a48251f1ae45d
Instruction ID: b77fcca2d73cfdc3641010e832d35c740884891c4dca255b4e65298f61e8e6a7
Opcode Fuzzy Hash: 6e39fd24fde833a64c89a85ad1ddc86e774f5c5b9927c46e220a48251f1ae45d
Instruction Fuzzy Hash: 87F01C74D0562A8FEBA4CF59CC80B9EBBB6BF85300F108599D00DEB250D6305A808F11

Uniqueness

Uniqueness Score: -1.00%

Function 033F6712, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b5842fc4001a99a42489b31688bf5b4d8491fc18cf35f4aa0e30b340deb3053
Instruction ID: 6afe7decf8e5a055740c510427f753c55d03c8c0da3e387c13b07c411c48a0f2
Opcode Fuzzy Hash: 8b5842fc4001a99a42489b31688bf5b4d8491fc18cf35f4aa0e30b340deb3053
Instruction Fuzzy Hash: 79E06570D002189FEB20CB68C444B9EB7F2FB81360F8554A4A509AB281C734AE80CF12

Uniqueness

Uniqueness Score: -1.00%

Function 033F7BB8, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32667f3c50dc4ab5a448423139bdbc8c0357cb40109b6ad73fc585f385bb367d
Instruction ID: 7efa06a2306c3e2d82d3f4601bd6c3c1cb27880e73d5766f73256610a8fb0309
Opcode Fuzzy Hash: 32667f3c50dc4ab5a448423139bdbc8c0357cb40109b6ad73fc585f385bb367d
Instruction Fuzzy Hash: 55F09B78E00218CFCB15CFA4C9849DDBBF2AB89321F6091A9D804B7344C731AE85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 033F09D8, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1041d0245af8157ef830d054e455e51813b741c11eee2f04beb0f0e52dd06330
Instruction ID: 377c00aaac9c226896328eafa2da2e55068d1c6d653d41d74af968c2332805c3
Opcode Fuzzy Hash: 1041d0245af8157ef830d054e455e51813b741c11eee2f04beb0f0e52dd06330
Instruction Fuzzy Hash: ACE0863158924ACFC719EAB0D96A75DB7719F42300F0405EAD440562A1E7692E54C756

Uniqueness

Uniqueness Score: -1.00%

Function 033F00ED, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eb5aa0675b858647a663d000c2c77f0425b7d1bdbcfd42c243a66d2683fd9a7
Instruction ID: f4bbc5f501455b90a969fc6850fe2294031461237af25ebfe69781ead08bf670
Opcode Fuzzy Hash: 8eb5aa0675b858647a663d000c2c77f0425b7d1bdbcfd42c243a66d2683fd9a7
Instruction Fuzzy Hash: 29D01735D01209CFCB00CFA8E0882ECBBB0EB89325F20842AC614A3200C73585458F50

Uniqueness

Uniqueness Score: -1.00%

Function 033F807F, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3efe93f391c07b4e26cf5bf9182e963ada90b4a3585433bb0dbefc693be95d7
Instruction ID: e3983dc3c131cc735547065e461fb250d77647cb576a5df60b58ff51fdbc3f64
Opcode Fuzzy Hash: d3efe93f391c07b4e26cf5bf9182e963ada90b4a3585433bb0dbefc693be95d7
Instruction Fuzzy Hash: 5FE0123181625ADFCB46CBA8C48498DB7B4AB49310F9044A9D10AEF258C7358A85CB40

Uniqueness

Uniqueness Score: -1.00%

Function 033F7B35, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41bfc6c495db00dc8f381794aeee2f62b4f825838adf9eae66371245281da34
Instruction ID: 63bd2c6728bb687cee592f6e021facb2dd12ae12441ea1971b6eb88d00d58b86
Opcode Fuzzy Hash: b41bfc6c495db00dc8f381794aeee2f62b4f825838adf9eae66371245281da34
Instruction Fuzzy Hash: 43E08C74C1A29ECECB02CFE8808024CBFF0AB09344F60049B8946EA204E6341A40CF20

Uniqueness

Uniqueness Score: -1.00%

Function 033F09E8, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f36d0c897569c4d67432f6454ac473fdb2a5b707a9ef12041c905b1b0c8c779c
Instruction ID: be2805c0dc95c00bdd2c0ef76a552ebf647cde7252ffc418d646cf6e8184c761
Opcode Fuzzy Hash: f36d0c897569c4d67432f6454ac473fdb2a5b707a9ef12041c905b1b0c8c779c
Instruction Fuzzy Hash: 0DD0A73084510CDFC708EB98D94575DB32ADB01301F5001A8980423350DF716F00C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 018623F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244493704.0000000001862000.00000040.00000001.sdmp, Offset: 01862000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 958d712f8d5ed7c5cb956154da76f35638d7dcfb17f8e4e4fd2d191df56f5a8f
Instruction ID: 106dab9d873575eaa8998b8660ae4dd23a5f79a2e4ebf53abd25cf5921194690
Opcode Fuzzy Hash: 958d712f8d5ed7c5cb956154da76f35638d7dcfb17f8e4e4fd2d191df56f5a8f
Instruction Fuzzy Hash: 2AD05E79205A814FE326CA1CC1A8BA53FA9FF52B04F4644F9E800CB663C768D681D200

Uniqueness

Uniqueness Score: -1.00%

Function 033F5F71, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbdecdee6e3222fa7a06d7b3d756bd794a77e06cbb65ad6665365b3b5f90ceb7
Instruction ID: 104e4a2c68a05c19156832ead1d05dc77f5265194ca086e1fb13b03d5c629ede
Opcode Fuzzy Hash: cbdecdee6e3222fa7a06d7b3d756bd794a77e06cbb65ad6665365b3b5f90ceb7
Instruction Fuzzy Hash: B3E09AB0A22129DFDB54DB24DD94B98BBB1FB45210F0046A5D509A7254DB305E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 033F00CD, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 964342c48e06b75f4398ef2b5f55d4ffb78576c57c5296eac1a45fe08a4c1522
Instruction ID: a15e8deeb71cbed65e099f1a171b11d356954797616a0a9e0d1015df21d57029
Opcode Fuzzy Hash: 964342c48e06b75f4398ef2b5f55d4ffb78576c57c5296eac1a45fe08a4c1522
Instruction Fuzzy Hash: DCD0C93AE41208CFCB108FA8E0480DCF7B1EB8E225B21906AC614B3300CB319556CF50

Uniqueness

Uniqueness Score: -1.00%

Function 018623BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.244493704.0000000001862000.00000040.00000001.sdmp, Offset: 01862000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e6ececdd70b2b35182b7f84c766d0241833170f1fe544d9f298dee2ee31a0a
Instruction ID: 3d521dc7be56de83a3b6c0ab63313bd1d8821e124adcd47e2e9218bf41c0c2ae
Opcode Fuzzy Hash: 16e6ececdd70b2b35182b7f84c766d0241833170f1fe544d9f298dee2ee31a0a
Instruction Fuzzy Hash: 6AD05E342012814BD715DB1CD294F593BD9AB41B00F0644E9AC00CB272C7A4E981C600

Uniqueness

Uniqueness Score: -1.00%

Function 033F8092, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e563526f09f2b96c1d1ed0844857e376c8471b2c4e520cb76f7bb27b6d26c67b
Instruction ID: 61c99ac2ee187565a74f897c58edeab8133c863eda2fd8c0e06a21d62438b265
Opcode Fuzzy Hash: e563526f09f2b96c1d1ed0844857e376c8471b2c4e520cb76f7bb27b6d26c67b
Instruction Fuzzy Hash: 44E01735912354CFC764DF64C18888CBBB5FF4A326F5108A8E00AAB268CB39DA80CF00

Uniqueness

Uniqueness Score: -1.00%

Function 03320B6B, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6f48e246ca0dae17688036264b4c968d95cedc5e589e2a5045b5044d9c99c22
Instruction ID: 01569ccbf6339c3daf04b4ec5e9389aa2c01ce88f219dec148c56437798396a4
Opcode Fuzzy Hash: e6f48e246ca0dae17688036264b4c968d95cedc5e589e2a5045b5044d9c99c22
Instruction Fuzzy Hash: 8FE01238910224CFCB58CF20C9806D8BB70EB59320F2082DB881973280DB319EC6CF00

Uniqueness

Uniqueness Score: -1.00%

Function 03320D79, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2eb315685113bc3b45204931b79f3f46ec8d409813b60485a1d13dede665ffd
Instruction ID: 1075b36a0a3e5963d15e17fb3a375edf194adf39e99a6037a3f3db71405ceb4a
Opcode Fuzzy Hash: b2eb315685113bc3b45204931b79f3f46ec8d409813b60485a1d13dede665ffd
Instruction Fuzzy Hash: 8CD06778D0922ACBCF65CF59C885799F7B5BB65300F5055DA8409A6604E3746E809F11

Uniqueness

Uniqueness Score: -1.00%

Function 033FED23, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2553ae1075d7fbf3cce1971b25ed15c7fae13147806cdca38cf4fd61b9947ac3
Instruction ID: f614b5ab4f0a05b3700191c121526b4b051d014cb1e8ee4c25b231db85a77e18
Opcode Fuzzy Hash: 2553ae1075d7fbf3cce1971b25ed15c7fae13147806cdca38cf4fd61b9947ac3
Instruction Fuzzy Hash: 05C08074904245CFC754CFD0D49A95D77B5F749301F105448C0075F118C7349D55CF10

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 033F73A0, Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

|@n, xrefs: 033F74A7

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: |@n
API String ID: 0-4174990204
Opcode ID: 7ca3dc0a8ed125688d6a249c08f5966eae489415058bbcdfafd6acb67c4a6669
Instruction ID: eb2db6e06290bda3f6bf5f66958d34c8c26f64bdbcb16a3c25b8bf750420d9f8
Opcode Fuzzy Hash: 7ca3dc0a8ed125688d6a249c08f5966eae489415058bbcdfafd6acb67c4a6669
Instruction Fuzzy Hash: 28512274D1420ADFCB04CFA9C5809AEFBF5FB48380F6485AAD905BB614D334AA45CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 033F9E58, Relevance: 1.4, Strings: 1, Instructions: 135COMMON

Download Yara Rule

Strings

"U, xrefs: 033F9F0B

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: "U
API String ID: 0-2696025330
Opcode ID: a6b6b0be410b25fe9456373ad767578cf9fa53464e9d7c9cc4efc030c41afec2
Instruction ID: 1a242a56b086f4d02065bd39d50c4e37a7c70cb7fdeb9cd7fb5e25631745cf37
Opcode Fuzzy Hash: a6b6b0be410b25fe9456373ad767578cf9fa53464e9d7c9cc4efc030c41afec2
Instruction Fuzzy Hash: 0051C274D1420ADFCB04CFA8C5C0AAEFBF5FB59310F54855AD915AB225D334AA80CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 033F9E48, Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

"U, xrefs: 033F9F0B

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID: "U
API String ID: 0-2696025330
Opcode ID: 2cfff524f319d984ea4a6c543c4c0398e9dee43b49fc8bb45ed449ca3a1fc0d6
Instruction ID: 133e91953245948c790610c0618a57575e1a3e7444f9cda2435a7ac29d35f1c3
Opcode Fuzzy Hash: 2cfff524f319d984ea4a6c543c4c0398e9dee43b49fc8bb45ed449ca3a1fc0d6
Instruction Fuzzy Hash: 2551C274D1420ADFCB04CFA8C4C0AAEFBF5FB59310F94855AD915AB224D331AA80CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 03320006, Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46ca18b0665e28fd22c5e5d8819f7c8ef62cb7fb6489b2199f245f9b948b33df
Instruction ID: 02f1b372de950451e935aa5768664e4b7f76a9cc59c1b0974d6d21a521c00818
Opcode Fuzzy Hash: 46ca18b0665e28fd22c5e5d8819f7c8ef62cb7fb6489b2199f245f9b948b33df
Instruction Fuzzy Hash: F3715D70D493A98FDB29CF65DD84799BFB2AF8A300F0580EAC408EB656D7345A85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 033FBD1C, Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 727c36aaebbe8ca365bb7e968d575f63930df0f457843bbd53358566b881a003
Instruction ID: d3af62b967d586defab1bbe9456aea746deb246922c1e0ea6c9b2bea8d574209
Opcode Fuzzy Hash: 727c36aaebbe8ca365bb7e968d575f63930df0f457843bbd53358566b881a003
Instruction Fuzzy Hash: 58711374E04219DFDB14CFA9C98059DFBB6EF89304F24C2AAD508AB315D734AA42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 03320070, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 802806539253f79ea66cfc293f37ece23cac9beced4aadca83d832317366d3e1
Instruction ID: cae57442ed51a54830aa643ea469b492ec924109c74b68623b9a0e73cbad8dea
Opcode Fuzzy Hash: 802806539253f79ea66cfc293f37ece23cac9beced4aadca83d832317366d3e1
Instruction Fuzzy Hash: 5C513A70D452298BDB68CF6AC9847AEFAF6BB89301F0080FAC50DA7614E7345A85CF14

Uniqueness

Uniqueness Score: -1.00%

Function 03320202, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bedb82492267e2b6da83f5f8002351877afd8e5dcb7222e8dab4346d8b13ed3
Instruction ID: 81acd42605a5c200dc5b37dd838cd6b707c71be35b47336821762ed01dd6c311
Opcode Fuzzy Hash: 9bedb82492267e2b6da83f5f8002351877afd8e5dcb7222e8dab4346d8b13ed3
Instruction Fuzzy Hash: BA51F3B4D4522ACFDB64CF68D984BADBBB2FB89301F0180EAC509A7641E7345A94CF54

Uniqueness

Uniqueness Score: -1.00%

Function 033FA7F8, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06c62f4467d2daeddddb7c9934466bf03813b463b5a089e96c53c941f0c85a71
Instruction ID: 8b44e09c8b99f7c86e88dcf51d1f70874aafa0beaacc3f30eb800d94c3f7412c
Opcode Fuzzy Hash: 06c62f4467d2daeddddb7c9934466bf03813b463b5a089e96c53c941f0c85a71
Instruction Fuzzy Hash: 4641F5B4D1520ADFCB04CFA6C5819AEFFF6FB89300F60956AC909BB214D3749A418F95

Uniqueness

Uniqueness Score: -1.00%

Function 033FA808, Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b00d051ce84e4ac072d3ab3b201f6c627a1cdb4c12078283496ece795897d96
Instruction ID: 1e6f4ec83e027ce4aef8b4d667f92c9e3afcaa37608f77a779866435d4c0cb1f
Opcode Fuzzy Hash: 4b00d051ce84e4ac072d3ab3b201f6c627a1cdb4c12078283496ece795897d96
Instruction Fuzzy Hash: B7410875D0520ADFCB04CF96C5815AEFBF6FF88301F60956AC919BB204D3709A418F95

Uniqueness

Uniqueness Score: -1.00%

Function 033FA410, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cb61b8c8fe7561f7fcbd9456ddefc639f0d82d104b89afe8cb35a4d02ba0235
Instruction ID: dc7b0b07df84f5cbf558c010613eebb019ea51f385f84bb9d313ad166b9e9ff2
Opcode Fuzzy Hash: 8cb61b8c8fe7561f7fcbd9456ddefc639f0d82d104b89afe8cb35a4d02ba0235
Instruction Fuzzy Hash: 05412671D0060ADFCB08CF9AC4855AEFBF1FF88300F50946AD51ABB610D73496828F94

Uniqueness

Uniqueness Score: -1.00%

Function 033FA401, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d62402fb0fe7061a8afb339b303d12459b0440f317f9b0f63967ed52fb656f6
Instruction ID: 228cd8a95b5da78db201b3a97efcac1005deeda7de8a445333ad820eac05732f
Opcode Fuzzy Hash: 1d62402fb0fe7061a8afb339b303d12459b0440f317f9b0f63967ed52fb656f6
Instruction Fuzzy Hash: C1411271D0060ADFCB08CFAAC5855AEFBF1FF88300F54946AD51AAB610D73896828F94

Uniqueness

Uniqueness Score: -1.00%

Function 03321670, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0049ae84b0498f5332700c93bc4335db69f789171f7ff94625970029c3b4c668
Instruction ID: 20a97616a91594d7124dcc838c7f7351be88d4c1bed11d361adeee440a512139
Opcode Fuzzy Hash: 0049ae84b0498f5332700c93bc4335db69f789171f7ff94625970029c3b4c668
Instruction Fuzzy Hash: 90310670E052299EDB50DFB9DA88BEEFFF5AB49310F289466E405F3240D2348640CF64

Uniqueness

Uniqueness Score: -1.00%

Function 03321662, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e5fd46fb5d4bb6bba7616283818df9cd8964668620a7cdfcb7797c93a8c7138
Instruction ID: 0438d91a5a5073701ed1585b1dc66d6a0740061be0bbbc83668ea084a8b0a619
Opcode Fuzzy Hash: 8e5fd46fb5d4bb6bba7616283818df9cd8964668620a7cdfcb7797c93a8c7138
Instruction Fuzzy Hash: 9131C570E012199ECB54DFB8DA897EEBFF5AB49310F24546AE805F3240D3348A80CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0332176A, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6054ef846c5914211ce3cd4cc3ec5ecdca75b0a89066f7b19036f04aee74e093
Instruction ID: b9221e6110b9155844d546e6cd3bf06997581c06f609567d43543bb524c327c7
Opcode Fuzzy Hash: 6054ef846c5914211ce3cd4cc3ec5ecdca75b0a89066f7b19036f04aee74e093
Instruction Fuzzy Hash: F4115BB0C042698ECB10DFA9EA98BFEBEF4AF4A301F245069E404F3241D3348640CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 033F5D28, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 045dcd0f9c368a87c72de6d13f901d9fa8a578ea2183f9c45f5adb0df5fa4f45
Instruction ID: d9e9b98e251a7400866ed5c4726c492ac5be2f0c93b2c01f77d784ec5804449d
Opcode Fuzzy Hash: 045dcd0f9c368a87c72de6d13f901d9fa8a578ea2183f9c45f5adb0df5fa4f45
Instruction Fuzzy Hash: F011F9B1E056189FEB18CFABD84569EFAF7AFC9300F18C17AD508A6214E7350545CB51

Uniqueness

Uniqueness Score: -1.00%

Function 03321778, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245231633.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ac8ca0bc9b6b530819689c600736f49a5fb351ab812f4ae3325f033cb3e4af3
Instruction ID: 183f978a821b73efcfa0b61b7aac127827747734100a96340448f2ccb0777672
Opcode Fuzzy Hash: 7ac8ca0bc9b6b530819689c600736f49a5fb351ab812f4ae3325f033cb3e4af3
Instruction Fuzzy Hash: 13110670D052299ECB54CFAAD988BEEFEF5AF4A301F149069E405F3241D7388644CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 033FD140, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83ac20a1da4ba6906f54f89cc88ec6efe564833c3bf2af2ff031be5fb4cc45ec
Instruction ID: e215c6bbbbef6c25ece0d166d471b22e7f78e456807d02e63ecae30ecc9d453e
Opcode Fuzzy Hash: 83ac20a1da4ba6906f54f89cc88ec6efe564833c3bf2af2ff031be5fb4cc45ec
Instruction Fuzzy Hash: F111E3B0E00608DBDB18DFAB854459EFBF7AFC9300F24C26A8818AB258EB3446018F50

Uniqueness

Uniqueness Score: -1.00%

Function 033FDD08, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 524d909d6131a389633f6a7bfb228304561e508148e882de3bbb7d844573215e
Instruction ID: 098e33fdb7b8e3a8ae2f24d89c77e15802806bdcd3ab2add32c1e64262789f32
Opcode Fuzzy Hash: 524d909d6131a389633f6a7bfb228304561e508148e882de3bbb7d844573215e
Instruction Fuzzy Hash: 2F112371D0520CDFEB18CFABC94459EFBF6AF89300F64C56A8418AB228EB3446029F41

Uniqueness

Uniqueness Score: -1.00%

Function 033FCBC0, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f98d8ab28e132caa0baaab27363d2e1550f5b396e81331a7150553b39c9dc05
Instruction ID: 72cde6318681022aef92571230439dc12b7b6e08d6d8a02e3552a6edfa816bfa
Opcode Fuzzy Hash: 6f98d8ab28e132caa0baaab27363d2e1550f5b396e81331a7150553b39c9dc05
Instruction Fuzzy Hash: 3B11C9B5D046099BDB18CFBBD9456DEFBF7AFC8600F24C03A8414AB658DA3856428F51

Uniqueness

Uniqueness Score: -1.00%

Function 033FD738, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b245d01a69ef72df064a5b9ac7cf9b19231555419bda58eb349a05f6c16859
Instruction ID: 4626cff8f89379bc8b21cdafed9843de1ab599ee99846d61846a0122d3f9b116
Opcode Fuzzy Hash: f9b245d01a69ef72df064a5b9ac7cf9b19231555419bda58eb349a05f6c16859
Instruction Fuzzy Hash: 001109B0D00209CFEB18CFAB894419EFBF7ABC9300F54C17A9508AB219EB3456429F51

Uniqueness

Uniqueness Score: -1.00%

Function 033FCBD0, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.245310210.00000000033F0000.00000040.00000001.sdmp, Offset: 033F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c904f911fc5a3b0877b0c2b85c05295a97a606ae96caf2b2a721eb4d75ecd16
Instruction ID: 1124524b4a2e1b3b65a92969161562d24ebb0d77b8b98b09b4bb481e98b3d9f3
Opcode Fuzzy Hash: 4c904f911fc5a3b0877b0c2b85c05295a97a606ae96caf2b2a721eb4d75ecd16
Instruction Fuzzy Hash: CA11C9B0E04609CFDB18CFAB898459EFBF7ABC8600F24C16A8418A7214DA3856528F51

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Quotation From Asia Tianjin Steel Co.Ltd.exe PID: 1900 Parent PID: 5476 Quotation From Asia Tianjin Steel Co.Ltd.exeCOMMON

Executed Functions

Function 0598DE60, Relevance: 23.6, APIs: 1, Strings: 12, Instructions: 829libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0598E5B5

Strings

X1(r, xrefs: 0598E737
X1(r, xrefs: 0598E4A1
X1(r, xrefs: 0598E699
X1(r, xrefs: 0598E4D8
X1(r, xrefs: 0598E482
X1(r, xrefs: 0598E708
X1(r, xrefs: 0598DF76
X1(r, xrefs: 0598E4FE
X1(r, xrefs: 0598E7BA
X1(r, xrefs: 0598E66F
X1(r, xrefs: 0598DF3E
X1(r, xrefs: 0598DFE2

Memory Dump Source

Source File: 00000004.00000002.502067557.0000000005980000.00000040.00000001.sdmp, Offset: 05980000, based on PE: false

Similarity

API ID: InitializeThunk
String ID: X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r$X1(r
API String ID: 2994545307-3976764176
Opcode ID: 22bc1e6714a94f964d213f022a2ead0a7be1681ca7488c0606946f8dd86d66a1
Instruction ID: b0de6e6afb3a1875aa35496474fd66c00aaf42969c094246b9da9e569b78e75b
Opcode Fuzzy Hash: 22bc1e6714a94f964d213f022a2ead0a7be1681ca7488c0606946f8dd86d66a1
Instruction Fuzzy Hash: AF624075E002188FCF65DF68C854BADBBF6BF89300F1584A9E909AB261DB71AD41DF40

Uniqueness

Uniqueness Score: -1.00%

Function 01070070, Relevance: 5.2, Strings: 3, Instructions: 1458COMMON

Download Yara Rule

Strings

X1(r, xrefs: 01070C2E
X1(r, xrefs: 01070CB8
X1(r, xrefs: 01070C9B

Memory Dump Source

Source File: 00000004.00000002.496529116.0000000001070000.00000040.00000001.sdmp, Offset: 01070000, based on PE: false

Similarity

API ID:
String ID: X1(r$X1(r$X1(r
API String ID: 0-663849328
Opcode ID: bb4fa63fa6a62fb7690618a1b80831793be82c8601fa5ef2b98c250281ce463c
Instruction ID: 4c71e71cbfb3cae6288d5c84b57200e58733675d4af97d4c8d44944253fd97b2
Opcode Fuzzy Hash: bb4fa63fa6a62fb7690618a1b80831793be82c8601fa5ef2b98c250281ce463c
Instruction Fuzzy Hash: 64D29B70A042498FDB11DB78C884A9EBBF2BF85304F2585A9E148DB396DB34ED46CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01070006, Relevance: 4.7, Strings: 3, Instructions: 901COMMON

Download Yara Rule

Strings

X1(r, xrefs: 01070C2E
X1(r, xrefs: 01070CB8
X1(r, xrefs: 01070C9B

Memory Dump Source

Source File: 00000004.00000002.496529116.0000000001070000.00000040.00000001.sdmp, Offset: 01070000, based on PE: false

Similarity

API ID:
String ID: X1(r$X1(r$X1(r
API String ID: 0-663849328
Opcode ID: 97191093aa3c1645a697e8563759f1b3dee7f2e0fe97ae6519eedda9beea0544
Instruction ID: d56f5129025059f2bd2f8b73f8b2fe417331b55293eb4e7831cb8b986287664f
Opcode Fuzzy Hash: 97191093aa3c1645a697e8563759f1b3dee7f2e0fe97ae6519eedda9beea0544
Instruction Fuzzy Hash: 6A920A70A00219CFCB54DB68C984A9EFBF2FF84704F248699E509AB255DB74ED81CF94

Uniqueness

Uniqueness Score: -1.00%

Function 04ED30B8, Relevance: 4.2, APIs: 2, Instructions: 1178libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: d6ca903ec01ecb95c88701cea0d63fdacdbf3c05ef7884cfb4b4fe341e42ade0
Instruction ID: 5429f20a0ab5c2b4926603e7fd15f9201d2c10cb4aeafa5d5e82c2a6fe385b39
Opcode Fuzzy Hash: d6ca903ec01ecb95c88701cea0d63fdacdbf3c05ef7884cfb4b4fe341e42ade0
Instruction Fuzzy Hash: 40C2B4B4A006288FCBA5DF68DC54BADBBB6BF48301F1091E5D909A3354DB31AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 00EFAF07, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 00EFAF87

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 3dbe07e518694dfd68e87b84c960ac601576dda9d8023252ec32886bc84515ba
Instruction ID: fb5d70e7246d26e5819207b2c94b0c6cac6043dc765c4a72598763d305b54c7f
Opcode Fuzzy Hash: 3dbe07e518694dfd68e87b84c960ac601576dda9d8023252ec32886bc84515ba
Instruction Fuzzy Hash: AD21A3B65097849FDB228F25DC40B52BFB4EF16314F0884EAE9858F163D270D908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB089, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 00EFB0F5

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 831a66fa8a85eeaa343c8e7fe512707feaf496124a24eaebe50ef0568de986a5
Instruction ID: 150a939ceac9dd69caff9568586dee95bdd3c291f13c23172287a10a6a1e42ef
Opcode Fuzzy Hash: 831a66fa8a85eeaa343c8e7fe512707feaf496124a24eaebe50ef0568de986a5
Instruction Fuzzy Hash: D61190724093C49FDB228F25DC55A62FFB4EF16314F09C0DAE9848F163D275A918CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00EFAF3E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 00EFAF87

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: a06cb94d1a1fd80822c84b83b797fde8dec726dfb515ba98eced5384c19c523a
Instruction ID: 0286110cc4962a87ce76be8f98b6e3f96cd101563cf70bc338b64692693e1704
Opcode Fuzzy Hash: a06cb94d1a1fd80822c84b83b797fde8dec726dfb515ba98eced5384c19c523a
Instruction Fuzzy Hash: B71151B66002049FDB20CF55D844B66FBE4EF04710F08C47AEE499F652D271E414DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA09A, Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 00EFA0D5

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: a44b2d6358a5ca7cbe95f7ed6975a323be36fbef1c3ea4b072c4c297e7c00440
Instruction ID: 1b6f9bdde339f96899e520cc41bff0b81f30f811395309181ff70cf5f372f65f
Opcode Fuzzy Hash: a44b2d6358a5ca7cbe95f7ed6975a323be36fbef1c3ea4b072c4c297e7c00440
Instruction Fuzzy Hash: A001B1B18002449FDB20CF55E844B66FFA4EF48720F18C4AADE499F252D375A408CF72

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB0BA, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 00EFB0F5

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 3bbfb93dc37d8b20fa473db187ccd64a844fb27aa17ba197c8dcb579e5084012
Instruction ID: c78f4cefaf6d90f7996a3d64727c5e99f580cd6554543b8d0a56f5889f1e11ee
Opcode Fuzzy Hash: 3bbfb93dc37d8b20fa473db187ccd64a844fb27aa17ba197c8dcb579e5084012
Instruction Fuzzy Hash: B9018B71800248DFEB208F55D884B66FFA4EF48720F18C0AADE995B252D375A418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 04ED30E8, Relevance: 3.6, APIs: 2, Instructions: 644libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: f893cb37d9e9af4634b574571e0cf292e77a70deea5d1e44ee1e0d9283bca283
Instruction ID: 0f0be0fab4d9b074823d44cc022c769f6cf182ba9fc417cfca4e6d6d8b64ad00
Opcode Fuzzy Hash: f893cb37d9e9af4634b574571e0cf292e77a70deea5d1e44ee1e0d9283bca283
Instruction Fuzzy Hash: F36282B4E106288FCBA5DF68DC54BADBBB5BF48211F1091E69909A3350DF30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED313C, Relevance: 3.6, APIs: 2, Instructions: 632libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: abb19f0c0f1157e463d0819f369a55517586d9c631499198ee6936d6e4ac8b6a
Instruction ID: 73c8d14c8f8111a7304eec83b86f531ad1b44c32c1f6f51ac2bd2215d56684cc
Opcode Fuzzy Hash: abb19f0c0f1157e463d0819f369a55517586d9c631499198ee6936d6e4ac8b6a
Instruction Fuzzy Hash: 7C6282B4E106288FCBA5DF68DC54BADBBB5BF48211F1081E69909A3350DF30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED3193, Relevance: 3.6, APIs: 2, Instructions: 621libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: 04aced218799f86163f996e0ac626ca5677fe3e0486c5865e2a37257368373b6
Instruction ID: 2d3174e6be7f7cd76a625d414618d16c68c764c1c47d71adfdc3479b63a912f7
Opcode Fuzzy Hash: 04aced218799f86163f996e0ac626ca5677fe3e0486c5865e2a37257368373b6
Instruction Fuzzy Hash: 0C6292B4E106288FCBA5DF68DC54BADBBB5BF48211F1081E69909A3350DF30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED31E7, Relevance: 3.6, APIs: 2, Instructions: 611libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: 68d259b66223182c917b326e512be75d40fb46d15bab22ea3381487f73cb24c2
Instruction ID: b425195062c808db2a179bf82f121492e000042c5fead630417ab416f7060f98
Opcode Fuzzy Hash: 68d259b66223182c917b326e512be75d40fb46d15bab22ea3381487f73cb24c2
Instruction Fuzzy Hash: 0D6291B4E106288FCBA5DF68DC54BADBBB5BF48211F1091E69909A3350DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED323B, Relevance: 3.6, APIs: 2, Instructions: 601libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: dd6d8b38c222947940dd82d1a1e1c44916ca05c1f2e3b1901f563f566cdc9187
Instruction ID: 95badbe811544ed7142efec4097f293fab73100a2b3dbb8fce7be78bfcf9c7d8
Opcode Fuzzy Hash: dd6d8b38c222947940dd82d1a1e1c44916ca05c1f2e3b1901f563f566cdc9187
Instruction Fuzzy Hash: 926292B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3350DB30AE81DF55

Uniqueness

Uniqueness Score: -1.00%

Function 04ED328F, Relevance: 3.6, APIs: 2, Instructions: 591libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: ced8a9277cad4f7ca0f4f0a19132404f3dbcea07d62c02962593442f4c07df1b
Instruction ID: d70950f7ff9167bc1c37c41dad5abe78882c58aad3ec31c80524a7573e24dc61
Opcode Fuzzy Hash: ced8a9277cad4f7ca0f4f0a19132404f3dbcea07d62c02962593442f4c07df1b
Instruction Fuzzy Hash: 4E5282B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3354DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED32E3, Relevance: 3.6, APIs: 2, Instructions: 581libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: 96365115f59309b0e2b4299a2b62a6a003e6f2f7a3645d684ef0b663d6346cf2
Instruction ID: 944f6de31336ec1e0135620c733e4921651b101e2be42bc8c190998aeaa343b6
Opcode Fuzzy Hash: 96365115f59309b0e2b4299a2b62a6a003e6f2f7a3645d684ef0b663d6346cf2
Instruction Fuzzy Hash: D65282B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3354DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED3337, Relevance: 3.6, APIs: 2, Instructions: 571libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: e7c3a2fd10e787cdc8bac47491f8dd580b89b2d097959ebd0af5b8b9df277671
Instruction ID: 03931e9c72e65e6abb51423c011f3078d79ea418ca67d0fce9b14811bebcbd37
Opcode Fuzzy Hash: e7c3a2fd10e787cdc8bac47491f8dd580b89b2d097959ebd0af5b8b9df277671
Instruction Fuzzy Hash: C85282B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3354DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED338B, Relevance: 3.6, APIs: 2, Instructions: 561libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: 4121926c559a4c1ccfd76370e761752d594051cec28b2fdcf9ff17ff9dd1d1c4
Instruction ID: 76d365d193a0e7cbd3fd2ff5ca39535f5db61415bc306bdeed3d208e1ed9f1ce
Opcode Fuzzy Hash: 4121926c559a4c1ccfd76370e761752d594051cec28b2fdcf9ff17ff9dd1d1c4
Instruction Fuzzy Hash: 4D5292B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3354DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED33DF, Relevance: 3.6, APIs: 2, Instructions: 551libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 04ED3403
LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: eddf46c2610860366d1df6fa63f50f24911e7f52f885f2c027ba56966030dba9
Instruction ID: 121d14a1336340f2090c147472d85138226ca92a223433bb7fea027374b88867
Opcode Fuzzy Hash: eddf46c2610860366d1df6fa63f50f24911e7f52f885f2c027ba56966030dba9
Instruction Fuzzy Hash: 065292B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3354DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED3433, Relevance: 2.0, APIs: 1, Instructions: 541libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1721c3e26a306e7b2c91031abfab834c79724b824c18a0ad0685857da7a542d3
Instruction ID: 136409eca5adc23cc0d9a85c7fe0f035ecf26865e8c3fcd891e88dc9d9ae2f5f
Opcode Fuzzy Hash: 1721c3e26a306e7b2c91031abfab834c79724b824c18a0ad0685857da7a542d3
Instruction Fuzzy Hash: 024293B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3354DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED3487, Relevance: 2.0, APIs: 1, Instructions: 531libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5013d602957199420a0c51bd49b0220a4956fd8140f3a7ae8011f04c128b507e
Instruction ID: 090c39cab046c189b4e7e4cbe1ec261ac28ec910ddcfd6667421d714f0e69234
Opcode Fuzzy Hash: 5013d602957199420a0c51bd49b0220a4956fd8140f3a7ae8011f04c128b507e
Instruction Fuzzy Hash: ED4293B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3354DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED34DB, Relevance: 2.0, APIs: 1, Instructions: 521libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f9c43086dc0dbddfae6f9f805908acd92dcd422377bcd851d2842097892c55c2
Instruction ID: b43b421c38496094e97643c62343c0fca3b42040210ab1e84dc7b5a2bdc1c845
Opcode Fuzzy Hash: f9c43086dc0dbddfae6f9f805908acd92dcd422377bcd851d2842097892c55c2
Instruction Fuzzy Hash: 8A4293B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3354DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED352F, Relevance: 2.0, APIs: 1, Instructions: 511libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2e1e7a4bd86e9aa50e0ffc2538a9296e1de318fcec4cf1f00a3f10e9810e1c05
Instruction ID: b96c5f17c54de98259d00d844fa4f3f03e2c9fe09c0ce6c683a5f1d9780d7d39
Opcode Fuzzy Hash: 2e1e7a4bd86e9aa50e0ffc2538a9296e1de318fcec4cf1f00a3f10e9810e1c05
Instruction Fuzzy Hash: 834293B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3354DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED3583, Relevance: 2.0, APIs: 1, Instructions: 501libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 703ac5c4dd25c3e7150bd7869a6772bd15dab3ed7b20c9c8f280bf5de0906b9c
Instruction ID: 0e1aa3b6845d00e7fc62b049fe63ae77e6d36a90d4df6db8af763cf54333ac4a
Opcode Fuzzy Hash: 703ac5c4dd25c3e7150bd7869a6772bd15dab3ed7b20c9c8f280bf5de0906b9c
Instruction Fuzzy Hash: 934294B4E106288FCBA5DF68DC54BADBBB5BF48311F1081E69909A3350DB30AE81DF55

Uniqueness

Uniqueness Score: -1.00%

Function 05989820, Relevance: 2.0, APIs: 1, Instructions: 498COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.502067557.0000000005980000.00000040.00000001.sdmp, Offset: 05980000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b2043add0171d332d39d7055d94293e05f18a61a1707bfcb7f087806d7fe398
Instruction ID: 8a128be50a96d2620f1a097203e83b1e407f0fcb50685bdd99b26564c410cdf7
Opcode Fuzzy Hash: 7b2043add0171d332d39d7055d94293e05f18a61a1707bfcb7f087806d7fe398
Instruction Fuzzy Hash: 76024A70B002099FCB15EBB8D884ABEBBF6BF84304F248569E506DB295EB75DC418B51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED35D7, Relevance: 2.0, APIs: 1, Instructions: 491libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bbedb864213b19b76c3d1f89ea033d7e27ce049245917dcaa54aed14fc4c41a5
Instruction ID: 63b66389409f5962a76352d75dc17fd5a02d4f945ad24ec0d6bd784cda23315c
Opcode Fuzzy Hash: bbedb864213b19b76c3d1f89ea033d7e27ce049245917dcaa54aed14fc4c41a5
Instruction Fuzzy Hash: 7C3284B4E106298FCBA5DF68DC54BADBBB5BF48311F1081E69909A3350DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04ED362B, Relevance: 2.0, APIs: 1, Instructions: 481libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04ED3763

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d6a398ceb0f7e19bd639ee93c43fc1d61b26ceaa9f3b512417f1eb5cfd8322ed
Instruction ID: bf9bb2bd401a7c3efdcb218f192e621bbdb427680e60e84ec1e3b620e5880dcb
Opcode Fuzzy Hash: d6a398ceb0f7e19bd639ee93c43fc1d61b26ceaa9f3b512417f1eb5cfd8322ed
Instruction Fuzzy Hash: D13285B4A106298FCBA5DF68DC54BADBBB5BF48311F1081E6D909A3350DB30AE81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 04EDA310, Relevance: 1.7, APIs: 1, Instructions: 202libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04EDA350

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5613302e3e9264443f6c173d4a924ce81d25847787d236a60937005e554daa7b
Instruction ID: 192ed9b2cb1e4649a1c5aef244406569ef290503f85e98f5657b0bb768aeed56
Opcode Fuzzy Hash: 5613302e3e9264443f6c173d4a924ce81d25847787d236a60937005e554daa7b
Instruction Fuzzy Hash: E9712974A00209CFDB14DFB8D458AAEBBF2BF88315F159939E505AB250DB74A942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 057B1C2D, Relevance: 1.6, APIs: 1, Instructions: 106networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 057B1CF6

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 8b8cb626b78cef98e51e31591d82c0031e64cfa15b5b6377f9cb73f900c7b070
Instruction ID: 5da5f6c8e40e3fbab1def6b2743ce8b72a8bdb76348ffcfcef2c95fac38fc697
Opcode Fuzzy Hash: 8b8cb626b78cef98e51e31591d82c0031e64cfa15b5b6377f9cb73f900c7b070
Instruction Fuzzy Hash: D3416D7140D7C09FE7138B659C64BA6BFB4AF07310F1984DBE9C48F1A3D265A809DB62

Uniqueness

Uniqueness Score: -1.00%

Function 057B2A07, Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 057B2ADB

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: f5f1ece384fe4968eb82372fbc007004e99be7f498fedf7ed6d7aa5d2775f424
Instruction ID: 6187e4f847218dd962fd6355f717e529e641fadae222071000442a25a26cab05
Opcode Fuzzy Hash: f5f1ece384fe4968eb82372fbc007004e99be7f498fedf7ed6d7aa5d2775f424
Instruction Fuzzy Hash: 5A31C3B1504381AFEB228F65CC84FA6BFBCEF05310F14859AFA849B182D675A509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 057B11FE, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 057B12B1

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: db0e02a76c6c9f54c8df3b19552e99fbeff99bb4b749f0cb030a7b83a6ee89d2
Instruction ID: 201f2d3ba3936845a0e7765472e0b3c645be3948df29b438d47bc869c6fa25ad
Opcode Fuzzy Hash: db0e02a76c6c9f54c8df3b19552e99fbeff99bb4b749f0cb030a7b83a6ee89d2
Instruction Fuzzy Hash: 73315075509380AFE722CF65DC94F96BFF8EF05310F0984AAE9858B252D375E809CB61

Uniqueness

Uniqueness Score: -1.00%

Function 057B2CB9, Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B2D6D

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 3b9f76388e43a8baa4d05f9ee047950e58cfcb3b30ab79af7fc5dddc546b25ab
Instruction ID: 7cecaa7834c8bccf955bf69bbd3d0cfb86d51bfe4f05cf1b2c229fb8add0308f
Opcode Fuzzy Hash: 3b9f76388e43a8baa4d05f9ee047950e58cfcb3b30ab79af7fc5dddc546b25ab
Instruction Fuzzy Hash: B6319475509780AFE7228F65CC84F92BFB8EF06710F08849AE9858B163D374A409DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA8D9, Relevance: 1.6, APIs: 1, Instructions: 90registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 00EFA989

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: bb0dfafdb78e6c511714161c2704da5f19d91e63c676c6bac6862d979ea3d3e5
Instruction ID: c9a992a93dc72e5045079ce2e60c6a4b738959f6a807b4efb4388ee0d5f22c5b
Opcode Fuzzy Hash: bb0dfafdb78e6c511714161c2704da5f19d91e63c676c6bac6862d979ea3d3e5
Instruction Fuzzy Hash: 353186B2408744AFE7128F55DC84F67FFBCEF05710F0885AAEA859B152D264A948CB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B206C, Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 057B2103

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: ce1432b8422c11ec1dc67a501a7f9c12116d74a1374017abfb9bb325110e29d2
Instruction ID: 89e9c93eac44e6d53d2629fc9a1d41fea102192fee2b0c82be9454441ed83e66
Opcode Fuzzy Hash: ce1432b8422c11ec1dc67a501a7f9c12116d74a1374017abfb9bb325110e29d2
Instruction Fuzzy Hash: A731C3715053456FEB11CF65DC45FA7BFECEF05320F0884AAE985CB152D364A809CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA9D1, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 00EFAA8C

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 97550adfa4fa364ba6fa769f3a6df6884f453847ad63f4a3e696b56308eea476
Instruction ID: a9114b1ab2659aa8d6f152d35ca995b5e907ce86fad346d2639ec8a2343cb480
Opcode Fuzzy Hash: 97550adfa4fa364ba6fa769f3a6df6884f453847ad63f4a3e696b56308eea476
Instruction Fuzzy Hash: 8431B7B15057846FD721CF25CC84F62BFB8EF06710F08849AE949DB152D264E94DCB61

Uniqueness

Uniqueness Score: -1.00%

Function 04EDA2B0, Relevance: 1.6, APIs: 1, Instructions: 88libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04EDA350

Memory Dump Source

Source File: 00000004.00000002.500445762.0000000004ED0000.00000040.00000001.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9d1f54096a97dbda8848affee0f6174d9473a2f1758e3b75b6421d4bc518a0a8
Instruction ID: 10ef1983e3c8c909422e187b4a4bd9b7539ccb34c8a7d80092e43c9795cfd193
Opcode Fuzzy Hash: 9d1f54096a97dbda8848affee0f6174d9473a2f1758e3b75b6421d4bc518a0a8
Instruction Fuzzy Hash: 88317E30A01248DFDB15DF74C854AAD7FB2BF4A304F2484BAD005EB251DB76E986CB51

Uniqueness

Uniqueness Score: -1.00%

Function 057B1F6E, Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B2018

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c147a310a2b5004d97f115c1a302f664e3dacd6fb742e7340f33c2c3007a353f
Instruction ID: 43337808508027b3a07eb02d4083adb0d00204672cf1204ebc906b9fbaa9bfac
Opcode Fuzzy Hash: c147a310a2b5004d97f115c1a302f664e3dacd6fb742e7340f33c2c3007a353f
Instruction Fuzzy Hash: EC3181B65093806FE7228F65DC40F92BFB8EF06710F0884DAE9859B163D264A509DB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B2304, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 057B23B6

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: a0fc7a15f348b77ef3d510f58234a9983ba6f0f7095aa1bc72fedd832b7ea90a
Instruction ID: 2e1593dd9a902285fcac3eea5a3549209eb4ec58c6f22d7248f34742f281ea51
Opcode Fuzzy Hash: a0fc7a15f348b77ef3d510f58234a9983ba6f0f7095aa1bc72fedd832b7ea90a
Instruction Fuzzy Hash: 4D31C4B2405780AFE722CF55DC85F96FFF8FF05320F04859AE9849B152D364A509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 057B2DB7, Relevance: 1.6, APIs: 1, Instructions: 87networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B2E5E

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: ab709f6cbbb6bb3a182b4fc7734ff101fe945416f91037041b6bc20117127a1e
Instruction ID: 2e8f14cd1a36d701cb2648ea0c88a3c1dca93923254855677045051d68fb581a
Opcode Fuzzy Hash: ab709f6cbbb6bb3a182b4fc7734ff101fe945416f91037041b6bc20117127a1e
Instruction Fuzzy Hash: 5A31C1B64093846FE7138B65DC94F96BFB8EF06314F0884EBEA849F153D264A509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA120, Relevance: 1.6, APIs: 1, Instructions: 86networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00EFA1C2

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 56e7b5c033f35f3c623d88878bdd76aea068f3b5c0cfe6999c42f9c5a1b3711f
Instruction ID: 12b7946c47e2fc4e562040041ed778e4f74a24dab5b5bb42cb84ee4d53ad6daa
Opcode Fuzzy Hash: 56e7b5c033f35f3c623d88878bdd76aea068f3b5c0cfe6999c42f9c5a1b3711f
Instruction Fuzzy Hash: 0131C37140D3C05FD7028B768C54AA5BFB4EF47620F1981DBD9848F193D225A819CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB21C, Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

TerminateProcess.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 00EFB2B0

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 36851a754778e3296cd71f13ac37e5f9a37bf738fea375793f227db0535fdea7
Instruction ID: 293c88e39dd0396cbe2a13798421a21719f987987a61c6d1fdd9465c75a8e19d
Opcode Fuzzy Hash: 36851a754778e3296cd71f13ac37e5f9a37bf738fea375793f227db0535fdea7
Instruction Fuzzy Hash: 3921D6B15093846FE7128B65DC85BA6BFB8EF46320F0884EAE984DF193D264A905C761

Uniqueness

Uniqueness Score: -1.00%

Function 057B25B9, Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 057B2659

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: dc2071bf16b05fb24c9466ff4ada9eeabfa5a7180839bf6af50721d46edcda8d
Instruction ID: 4f0902d3624a275ac98984d0606d18c5790050b715a5a669e10b6019a07db16a
Opcode Fuzzy Hash: dc2071bf16b05fb24c9466ff4ada9eeabfa5a7180839bf6af50721d46edcda8d
Instruction Fuzzy Hash: C73184B5509380AFE712CF25CC45F56FFF8EF05214F0884AAE9858B252D364E904CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB309, Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(?,00000E2C,?,?), ref: 00EFB3B6

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 5ff269ae1e533aa0b57cab6cd5d98623db595220996b3b4e8c0586183d811bc3
Instruction ID: 8bd97bb9915c4d26200e0556800b330db0763410bb9b90486db84de3538e850a
Opcode Fuzzy Hash: 5ff269ae1e533aa0b57cab6cd5d98623db595220996b3b4e8c0586183d811bc3
Instruction Fuzzy Hash: 4731917250D3C05FD7138B258C55A66BFB4EF47710F0980DBD885CF2A3E624A909C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 057B1070, Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B110C

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9c507b407ae82eb4ce45e62a1147b0fd01107e1cd245d75e0386a467ae43ce7b
Instruction ID: d79848b1f0b587e9a845004bff7336d37dbb95ef24aa634ca9fba8b9f847aea0
Opcode Fuzzy Hash: 9c507b407ae82eb4ce45e62a1147b0fd01107e1cd245d75e0386a467ae43ce7b
Instruction Fuzzy Hash: 51217172509384AFE7228F65DC54F97BFB8EF06610F0884ABE985DB152D264E848CB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B2A36, Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 057B2ADB

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: e66f4336b21a4d0306a276a03c54e5cf796030243fcc5962c75b7d3ae7adae65
Instruction ID: 01fba2c4d54e5cf1580801260d681bbf0221c6ad4c135f711697f2e4d180eab5
Opcode Fuzzy Hash: e66f4336b21a4d0306a276a03c54e5cf796030243fcc5962c75b7d3ae7adae65
Instruction Fuzzy Hash: B421B5B1500205AFFB21DF65DC85FAAFBACEF04710F14886AFE459A181D6B4A5448BB1

Uniqueness

Uniqueness Score: -1.00%

Function 057B0F6E, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 057B1002

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 1e0c3e9bd6ba7d5e26448ca1da901a88681a44482eb832bca040a2ef85f6e5fd
Instruction ID: 382321c8757e6b95a205082f22adb1627dbcbf978cf9d0a03cc31c7e77c0078d
Opcode Fuzzy Hash: 1e0c3e9bd6ba7d5e26448ca1da901a88681a44482eb832bca040a2ef85f6e5fd
Instruction Fuzzy Hash: AB21B1B2504340AFEB218F65DC84F6BFFBCEF05710F0884AAED459B152D264A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB711, Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 00EFB7A2

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 34bb1600b1a5196c2cd988f97381bdb050b744a044f114842cb9b37210cb1b20
Instruction ID: b83d2c31331c55aef00c566cc43ec1af8878907cd45be916c5236c31c877b2b4
Opcode Fuzzy Hash: 34bb1600b1a5196c2cd988f97381bdb050b744a044f114842cb9b37210cb1b20
Instruction Fuzzy Hash: C42182715053846FE7128F65CC45F66BFA8DF45310F0884AAE945DB192D764E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB808, Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 00EFB8AE

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 4ad057e3a31c72e7e3bf17c24e6a906b0e3f02f7cedfe4f84f578c917b187b29
Instruction ID: 79777472208579fa8678a962402c2ace43a9acb16dfda580053c608e6174de6d
Opcode Fuzzy Hash: 4ad057e3a31c72e7e3bf17c24e6a906b0e3f02f7cedfe4f84f578c917b187b29
Instruction Fuzzy Hash: 9F21A0715093C06FD3128B65CC55B66BFB4EF47710F0980DBD8848B193D624A909CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 057B2794, Relevance: 1.6, APIs: 1, Instructions: 79timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B281D

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 17b17d7bba274ebd3a7ff3e79996b03f4499302d444827ee685b93528d290b6f
Instruction ID: 05742754c851e6044907ffdf15a818ca033df596154ebeac79647a06f178d1ea
Opcode Fuzzy Hash: 17b17d7bba274ebd3a7ff3e79996b03f4499302d444827ee685b93528d290b6f
Instruction Fuzzy Hash: 9421C471505340AFEB228F65DC84FA7FFB8EF06710F0884AAFA859B152D374A409DB65

Uniqueness

Uniqueness Score: -1.00%

Function 057B2222, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 057B22AD

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 8e617a946f13022f35f68db6b370358ff3d8360641d38c533329c2e9c9237cff
Instruction ID: 8a04c112a61c5374f5e384d517623fb4b1c06a7ab9884a7d52aacddf2345fb93
Opcode Fuzzy Hash: 8e617a946f13022f35f68db6b370358ff3d8360641d38c533329c2e9c9237cff
Instruction Fuzzy Hash: 6021A3B1505380AFE711CF65DC44FA6FFE8EF05310F1884AAED859B252D375A508CB61

Uniqueness

Uniqueness Score: -1.00%

Function 057B3CF7, Relevance: 1.6, APIs: 1, Instructions: 78encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B3D7E

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: da3d0804168debc396d893c13b321098a3d8ae4047b452599279a789b9146c10
Instruction ID: 754c92cc9eccbd965a9a4c5cba1e7d499583718cc9d631945c6c2ef0767f6e6f
Opcode Fuzzy Hash: da3d0804168debc396d893c13b321098a3d8ae4047b452599279a789b9146c10
Instruction Fuzzy Hash: 4121A4715083806FEB11CF65DC85FA6FFB8EF06310F0884AAED859F152D364A448DB61

Uniqueness

Uniqueness Score: -1.00%

Function 057B0E9C, Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E2C,?,?), ref: 057B0F42

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 8afd662e2bd62717cdbe4cdc2765962f460ae6b5a3903da5228328db99012a5d
Instruction ID: ddc042b93bba90c7531a5c904d162f72e3c17def6909068dd8b857d3296ae821
Opcode Fuzzy Hash: 8afd662e2bd62717cdbe4cdc2765962f460ae6b5a3903da5228328db99012a5d
Instruction Fuzzy Hash: D121837550E3C06FC3138B358C55A15BFB4EF47A10F1D81DFD8858B5A3D225A919C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 057B1232, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 057B12B1

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 3d21c3b564f4edb7d65095d4e98851c064984c3bdf27cb2f888f431ae5c2ca5a
Instruction ID: 80d493a1538e027bb8c75800ac321a2ceb3b8494944c5bec77dbab091dd45f4c
Opcode Fuzzy Hash: 3d21c3b564f4edb7d65095d4e98851c064984c3bdf27cb2f888f431ae5c2ca5a
Instruction Fuzzy Hash: 6D217C75A04240AFEB21DF6ADC84FA6FBE8EF08720F148469E9459B652D771E404CB61

Uniqueness

Uniqueness Score: -1.00%

Function 057B069C, Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E2C), ref: 057B0737

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 11e32d85d44d719f0dd88806fcbaa1f46a494a236f711d71531fa5b14103026b
Instruction ID: 366e2c38620e454b906a63765f31171075e822d8a8f8655a9428db0fec222c5b
Opcode Fuzzy Hash: 11e32d85d44d719f0dd88806fcbaa1f46a494a236f711d71531fa5b14103026b
Instruction Fuzzy Hash: 3421F8710083806FE7228F25CC85FA6FFB8EF06720F1480DAE9859F192D2646849CB61

Uniqueness

Uniqueness Score: -1.00%

Function 057B2092, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 057B2103

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 9274d71db9a45eb6e1d954cd6108a568bcd438f2253ffc563619b150be4139dc
Instruction ID: 8a0843d837d7d4cdc63631f7e491adb1fd45d2b0279382c7d9102342403b4647
Opcode Fuzzy Hash: 9274d71db9a45eb6e1d954cd6108a568bcd438f2253ffc563619b150be4139dc
Instruction Fuzzy Hash: 5321D475501204AFEB20DF29DC85FAAFBACEF04720F14846AED45CB242D670E4048B71

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB570, Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,?,?), ref: 00EFB60A

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: aba291fc44caf0b77ef5a0a843eefa06af1cbc9fb4d09a42cdad407d11db40dd
Instruction ID: f2f24b11acb255dcbe5778e68e8226e1275a71d232e0b9c990773c9f6a4377a7
Opcode Fuzzy Hash: aba291fc44caf0b77ef5a0a843eefa06af1cbc9fb4d09a42cdad407d11db40dd
Instruction Fuzzy Hash: AE21C8755093C06FD3138B25DC51B62BFB4EF47A10F0981DBE9848B653E225A919C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 057B146C, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B14FD

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 2a79334e4e1d78f846e3c5daf44a91cae12c5733aaa2aa2f2c01277f6d41eaa8
Instruction ID: 5ea0ec6d19a180e709f5c6bc381ee8408aecf5f379f3d70437b989c5f4b4969f
Opcode Fuzzy Hash: 2a79334e4e1d78f846e3c5daf44a91cae12c5733aaa2aa2f2c01277f6d41eaa8
Instruction Fuzzy Hash: 6221A471409380AFE7228F65DC44F96BFB8EF06710F0884ABE9859F153D264A509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B2BE6, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B2C6F

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: cff18aa8959797955dcb0d2060b613cfb5caf1257946e3f0cbd77e43c304bbbc
Instruction ID: ad4efddd28e2460ad72cba9a5952f77c94fefc7115cc897ece0dfc8e58805986
Opcode Fuzzy Hash: cff18aa8959797955dcb0d2060b613cfb5caf1257946e3f0cbd77e43c304bbbc
Instruction Fuzzy Hash: DA21B3B54093846FE7128F65DC84F96BFB8EF46310F0884EBE9849F153D364A509C762

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA90A, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 00EFA989

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 3d352e2feac3cc515c543f8fe8fe6b29fa8842e2d7d6e6c6aa28743c553ebbf6
Instruction ID: 3d89eba12ce47ba210645f9edfea25206af28b3bcc48c48a617c6953db8001a8
Opcode Fuzzy Hash: 3d352e2feac3cc515c543f8fe8fe6b29fa8842e2d7d6e6c6aa28743c553ebbf6
Instruction Fuzzy Hash: 0F21C6B2500204AFE7219F55DC84FABFBECEF58710F18846AEE459B241D670E504CB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B2EA8, Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B2F3D

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: e16f304150e7d88952d93618cc170b2b0e1c49c899a28dd1096164dc53c1261e
Instruction ID: 2dc31a529c2745af1c8fff89f32a5e1da29fbb992e27d837b84db87886bcfce4
Opcode Fuzzy Hash: e16f304150e7d88952d93618cc170b2b0e1c49c899a28dd1096164dc53c1261e
Instruction Fuzzy Hash: D021D6B54093846FEB228F15DC44FA6FFB8EF06310F08849BF9849B153D264A508DB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B0F8E, Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 057B1002

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: f8ee4f9d9f2692f401f450b4d1eb47e28960edd034ed27c05aadf3b54278c3dd
Instruction ID: 6be11373b9b559b3cfa23100da0bb5c6067be192f045ce973adeee0b98045f4d
Opcode Fuzzy Hash: f8ee4f9d9f2692f401f450b4d1eb47e28960edd034ed27c05aadf3b54278c3dd
Instruction Fuzzy Hash: 242193B2500304AFFB21DF55DC85FABFBACEF04710F14886AED459B241D674A504DA71

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB636, Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 00EFB6B2

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 9d082302a39d9774e7e387dc74ce9d6b9cd1d9c5f365a06747ef0498e42979dc
Instruction ID: e25942c054db3ba3cd533f53963387dd103d228df9097c09310f58daaa9dba01
Opcode Fuzzy Hash: 9d082302a39d9774e7e387dc74ce9d6b9cd1d9c5f365a06747ef0498e42979dc
Instruction Fuzzy Hash: DE21C2B15043846FEB228F65DC84F66FFB8EF45320F0884AAFA45DB152D364A808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B2CF2, Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B2D6D

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: c8c9a54df19baebf916e762f83784a323b0174551b1efaa62d53592de0754918
Instruction ID: 6fcf7df97eeb37c752c7febbab434a87c5208bb71d052095f76fa03e129f1ce2
Opcode Fuzzy Hash: c8c9a54df19baebf916e762f83784a323b0174551b1efaa62d53592de0754918
Instruction Fuzzy Hash: BC216DB5501604AFEB21CF55DC84FA6FBE8EF48710F08896AEE858B252D774E404DB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B25E6, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 057B2659

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 2ec931450f69fd65f45c1dd2550c0ce7656cdd45b49dda8c9f19eb00b5e51361
Instruction ID: 47739ad354b3f840c10d8271c59811bded247df9777a8cdef1800a373fdeb312
Opcode Fuzzy Hash: 2ec931450f69fd65f45c1dd2550c0ce7656cdd45b49dda8c9f19eb00b5e51361
Instruction Fuzzy Hash: E3218EB5505240AFF720DF69DC85BA6FBE8EF04724F14846AED458B642D7B0E404CA65

Uniqueness

Uniqueness Score: -1.00%

Function 057B3DDE, Relevance: 1.6, APIs: 1, Instructions: 72encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B3E66

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 70687164eab60e07cc22ff79cf2efd0974bde2e6f3423cb8b1cfdd1db51419f8
Instruction ID: 9ee8d2bb16d0ae1c74ff0660d61b645af56d2e20d49ad6e0f9990c7c442b5835
Opcode Fuzzy Hash: 70687164eab60e07cc22ff79cf2efd0974bde2e6f3423cb8b1cfdd1db51419f8
Instruction Fuzzy Hash: 5C217FB1408384AFE7228F65DC84FA6FFB8EF45710F0884ABE9849B152D365A448CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00EFACEF, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 00EFAD6A

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 87c5e640f57cb21931ed2824c6c6279110004baa781b8a2ddd9f10e0d09905aa
Instruction ID: 3302c1484dff408852cca7164b112b92785740da598a73bf93c7ef8d3fb70740
Opcode Fuzzy Hash: 87c5e640f57cb21931ed2824c6c6279110004baa781b8a2ddd9f10e0d09905aa
Instruction Fuzzy Hash: A721B3B55093845FD7128F25DC45B92BFB8EF06314F0D80EAE989CF253D225D808C762

Uniqueness

Uniqueness Score: -1.00%

Function 057B2F7A, Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 057B2FFE

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: c2a2077e481352b6fb70b0bf75f7dcceeba4612c357b37e49872007f01873410
Instruction ID: cf14331b71df79cc62152e98b1d31b9c591772e4c90dba90d0ababc557dc0591
Opcode Fuzzy Hash: c2a2077e481352b6fb70b0bf75f7dcceeba4612c357b37e49872007f01873410
Instruction Fuzzy Hash: F12190754093C09FDB228F61DC44B92FFB4EF0A310F0984DEE9858B163D275A449DB61

Uniqueness

Uniqueness Score: -1.00%

Function 057B109A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B110C

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: fc846e4ddb58d735c79c6149509fcbc4f0e0c71606135bef79261dcd58faec30
Instruction ID: 69a4ab7d0bd47db27f06f8886756d3f72c82041dd7b6ae8474131c07d3bdfa99
Opcode Fuzzy Hash: fc846e4ddb58d735c79c6149509fcbc4f0e0c71606135bef79261dcd58faec30
Instruction Fuzzy Hash: 25215CB2904204AFEB21CF55DC84FA6BBE8EF44710F14846AED499B251D7B4E404DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00EFAAFB, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E2C,?,?), ref: 00EFAB7E

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: 4b605c0cff6fe4abc84dfd050dc6de014893c3fb0fc7605f1d5e321aa4e1c123
Instruction ID: 5be3749d77dfe338d2a9198dabe8cad2a82aa59fb08da451aca6aa2cf93ebfd3
Opcode Fuzzy Hash: 4b605c0cff6fe4abc84dfd050dc6de014893c3fb0fc7605f1d5e321aa4e1c123
Instruction Fuzzy Hash: DC21D8715083806FD3128B25CC41F72BFB8EF87710F0981DAED848B652D224A915CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00EFAA12, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 00EFAA8C

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 5c0c9f1d8483f242213b88679d178a9f7e834a032f2c360242286e3840eedb18
Instruction ID: d2e1c7b5aa3a4563c7f0a703236b8bbdff84261f2e31204760c75be7d36493a9
Opcode Fuzzy Hash: 5c0c9f1d8483f242213b88679d178a9f7e834a032f2c360242286e3840eedb18
Instruction Fuzzy Hash: CC2160B1600608AFE720DF55DD84FA6FBECEF04710F18946AEA499B251D764E908CA72

Uniqueness

Uniqueness Score: -1.00%

Function 057B2242, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 057B22AD

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: ac0a4aa048937e70bd3e161bd754fe27126df6a3bfc4876755bc7066da8f7530
Instruction ID: 87a6d14ecd2e06419bca337ff3c40ad20ea485f2e92a06c77fc80ec747b16e7c
Opcode Fuzzy Hash: ac0a4aa048937e70bd3e161bd754fe27126df6a3bfc4876755bc7066da8f7530
Instruction Fuzzy Hash: DE21C3B5501240AFFB21DF69DC45FA6FBE8EF08720F14846AED458B242D7B5A404CA75

Uniqueness

Uniqueness Score: -1.00%

Function 057B1A87, Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B1B08

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 0265ac93952112c463e9e1a1c73d927a015c642067d648f560530c9777b7bb8a
Instruction ID: fd1947d31e7eabf25695e16735f6a6bfe35184337965a162d559ac9fe22d931c
Opcode Fuzzy Hash: 0265ac93952112c463e9e1a1c73d927a015c642067d648f560530c9777b7bb8a
Instruction Fuzzy Hash: EF21A2B14083846FEB128F55DC84FA6FFB8EF46720F0884DAE9849F153D264A549DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00EFAFD4, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNEL32(?,E17C1B06,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 00EFB040

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 7093d13ebd2aa7c57b1720e05ea9af6a1b8bec75878842829b9eaa117efaad2a
Instruction ID: 47816e9fc33aae6bb3224d7b728962a1f47e765d6f0f72f6433b41ef3f92afa1
Opcode Fuzzy Hash: 7093d13ebd2aa7c57b1720e05ea9af6a1b8bec75878842829b9eaa117efaad2a
Instruction Fuzzy Hash: 5121C3725093C49FDB128F25DC54A92BFB4EF17724F0980EAED858F263D2649908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00EFAC3B, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNEL32(?,E17C1B06,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 00EFACA8

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 052326a5a3ad28876aaee5c702337239b053d508c131a7167e627f37f96fd192
Instruction ID: 9621ad70c107e3057fdb20fd4bbfe3bfc95e8c58c3a791336f94f843b6fa4c07
Opcode Fuzzy Hash: 052326a5a3ad28876aaee5c702337239b053d508c131a7167e627f37f96fd192
Instruction Fuzzy Hash: 0A219DB550E3C05FDB138B25D891A92BFB4EF07320F0984EBEC858F153D2649948CB62

Uniqueness

Uniqueness Score: -1.00%

Function 057B2342, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 057B23B6

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 68e1cb53f9f67364e123b9d9131f7e92b2c46d058b8a3d130d2eceb5afc1a72b
Instruction ID: 8f55146b9c23a85b285cbc6ab248b1cb1a1761d3ecee0aa826c21223a9aa68d8
Opcode Fuzzy Hash: 68e1cb53f9f67364e123b9d9131f7e92b2c46d058b8a3d130d2eceb5afc1a72b
Instruction Fuzzy Hash: C621C071500244AFEB21CF59DC85FAAFBE8EF08320F04855EEA859B252D771B508DB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B1C8A, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 057B1CF6

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: d2be182cadc369f19cf9afedeaca9c7c2444b00849801d731f5cf4fe608613ff
Instruction ID: 912f3074608adb3cc3f4774f8235ac6f348344c12ce586dfac81f203f04bbda8
Opcode Fuzzy Hash: d2be182cadc369f19cf9afedeaca9c7c2444b00849801d731f5cf4fe608613ff
Instruction Fuzzy Hash: 8721DE71500600AFEB21DF65DC84FA6FFE9EF08320F14846AED858B242D3B1A408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB73E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 00EFB7A2

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: b2899fd9b8cacde44c6fa7366ed75dc236bde26c333314d47f3d1a96d280489a
Instruction ID: 4fbc02ac29a520b816e88d06305ce5855ea6f516eb79cd50a31446c302a5cb50
Opcode Fuzzy Hash: b2899fd9b8cacde44c6fa7366ed75dc236bde26c333314d47f3d1a96d280489a
Instruction Fuzzy Hash: 6C11AFB1500204AFEB20DF65DC85FAABBA8EF44710F1484AAEE45DB281D760E804CB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B1FA6, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B2018

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 847be47682236c403c9496bc1056226756ff70f5cca937a6d86ea0d7c9ca1bc3
Instruction ID: 7f305c9933b2b23505c3938c37f63b7735d49bc72bf4cbac17fc11fde16b87af
Opcode Fuzzy Hash: 847be47682236c403c9496bc1056226756ff70f5cca937a6d86ea0d7c9ca1bc3
Instruction Fuzzy Hash: 2B1181B6501204AFEB21CF55DC80FA6FBECEF04710F08846AEA469B252D7A4E504DB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B27BE, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B281D

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 46f2e358f9a367d5fb55a0c629c62f223409d767d0f7187cf38de914f6d884d6
Instruction ID: ec036448b5f2b45d242aa29fcee24e9abbdb0fbee90c95dc82022b7013ebeb68
Opcode Fuzzy Hash: 46f2e358f9a367d5fb55a0c629c62f223409d767d0f7187cf38de914f6d884d6
Instruction Fuzzy Hash: 7D11C4B5901200AFEB21CF65DC85FAAFBA8EF44720F14C46AEE45CB252D774A404DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 057B3D22, Relevance: 1.6, APIs: 1, Instructions: 63encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B3D7E

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 2b6de5b6c321ba2497593888f73d5ce00d13e0792990abcad386f63ff3b92f14
Instruction ID: bfc21ecb452edbc65d1610b823ba202021b37a780f3db5b711e03827d1d94667
Opcode Fuzzy Hash: 2b6de5b6c321ba2497593888f73d5ce00d13e0792990abcad386f63ff3b92f14
Instruction Fuzzy Hash: BF11EBB1504200AFFB21CF65DC85FA6FBA8EF44710F14886AED458B241D774A444DB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B2DFA, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B2E5E

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 70d41c96016d9b86a2293df58e281058f24a3224d17f7db1acd039cb3829ed20
Instruction ID: b6a467f5dbbfafc345a71f2cce7180a81e75b137039ad0765ddce7782c3f6651
Opcode Fuzzy Hash: 70d41c96016d9b86a2293df58e281058f24a3224d17f7db1acd039cb3829ed20
Instruction Fuzzy Hash: 5A11B6B1800204AEEB11DF55DC84FAAFBACEF44710F14846BEE459B241D774A404DB71

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB656, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 00EFB6B2

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 0eb41db4ed3ff102c207d6a1ac164e39100ab9d5780438b7fbd26be85185a30a
Instruction ID: 0961e575461c257447e070a5505cb662c3c489144b706075906e2c391741d068
Opcode Fuzzy Hash: 0eb41db4ed3ff102c207d6a1ac164e39100ab9d5780438b7fbd26be85185a30a
Instruction Fuzzy Hash: A211C1B1900204AFEB21CF69DC85FAAFBA8EF44720F14846AFE45DB241D774A404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B13BE, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B1431

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 3727a8319e256bd69a4c1c28fe4f2793fb60083e5418b08dbfd5fd129fa6a833
Instruction ID: 14190c056fac695d782b8636c6c0024c3e508b4de89dd5d962637368b92c25b4
Opcode Fuzzy Hash: 3727a8319e256bd69a4c1c28fe4f2793fb60083e5418b08dbfd5fd129fa6a833
Instruction Fuzzy Hash: 0B11B2B15093846FE721CF15DC85FA6FFB8EF46720F08809AEE849F152D364A548CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA836, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,E17C1B06,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 00EFA8A8

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 9ace7e6f54932de8d8ca03b44c9a58c102e144976538ecb7f3ecb1d2ae7bdf7c
Instruction ID: c13007e0c098125fff802b6c88bc466ef45761db4c997a4ef723566b073440ce
Opcode Fuzzy Hash: 9ace7e6f54932de8d8ca03b44c9a58c102e144976538ecb7f3ecb1d2ae7bdf7c
Instruction Fuzzy Hash: CD2158B14093C49FDB138B258C54A62BFB4DF07624F0980DAED859F1A3D2695909DB72

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB25A, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

TerminateProcess.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 00EFB2B0

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 2db57111e273522922c6f693f807a88a02ccb1f277559e194f175f16340c71d0
Instruction ID: 2eeb63b713133f44909ec1038e065b6d090dd7bf47e3c18bb18ad3d5e35bed1f
Opcode Fuzzy Hash: 2db57111e273522922c6f693f807a88a02ccb1f277559e194f175f16340c71d0
Instruction Fuzzy Hash: D211E3B1900204AFEB108F69DC85BAAFBACEF45720F14846AEE05DB251D774A4048BB1

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA78B, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00EFA7F6

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 4a37d8070db109642bb69304cf59a1337bcc1ebee354979e19a60d2fd063eb60
Instruction ID: 43b91338587ac78538d7905865b8f8d3e5dab092cdae672fec4b201d04104372
Opcode Fuzzy Hash: 4a37d8070db109642bb69304cf59a1337bcc1ebee354979e19a60d2fd063eb60
Instruction Fuzzy Hash: 82117271409384AFDB228F55DC44A62FFF4EF4A710F08849AED898B152D275A419DB61

Uniqueness

Uniqueness Score: -1.00%

Function 057B149E, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B14FD

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: ee04524b0a8b347c5fec8727dd2164ee08337f5e22981cb0ab7585adf5522cec
Instruction ID: 977ceb923dc8d1ae545e8c9ce5226f84010956d1bd3aff8abcf0e4b379ef5140
Opcode Fuzzy Hash: ee04524b0a8b347c5fec8727dd2164ee08337f5e22981cb0ab7585adf5522cec
Instruction Fuzzy Hash: E111A7B2500204AFEB21CF55DC84FAAFBA8EF44710F14846AEE459B251D774A504DB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B1839, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,E17C1B06,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 057B1898

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 4210c87d0b77d7e144e3dfa720c833b8df39b1e956275726e364cdc3f0800732
Instruction ID: 5a10a5e301dd2a1e3137960212f182d1093e2466211792713d5dbd8267cdb764
Opcode Fuzzy Hash: 4210c87d0b77d7e144e3dfa720c833b8df39b1e956275726e364cdc3f0800732
Instruction Fuzzy Hash: 9E118E719093C49FDB128F25D854B92BFB4EF07220F0884EBEC858F163D274A948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 057B3E0A, Relevance: 1.6, APIs: 1, Instructions: 59encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B3E66

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: c990ff00c816379eadc756baf875b9a98d1b4a10af0c69b7b9ac46d1a1197e38
Instruction ID: a9d19047f8a51f9cf13dfe4641b20cceec56cc659c6cee03909816fab5f15a11
Opcode Fuzzy Hash: c990ff00c816379eadc756baf875b9a98d1b4a10af0c69b7b9ac46d1a1197e38
Instruction Fuzzy Hash: B61106B1900204AFFB21CF55DC84FA6FBA8EF44720F14886BEE459B241D775A444DB71

Uniqueness

Uniqueness Score: -1.00%

Function 057B2C16, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B2C6F

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: fe456602a288b0076d8f55e2629e1b3d5e1990f09c88b67f8b80f7feddc84557
Instruction ID: 8424d7522888fe2965500f0907329d4975b7632daf0c6dce4052a259081cd7f4
Opcode Fuzzy Hash: fe456602a288b0076d8f55e2629e1b3d5e1990f09c88b67f8b80f7feddc84557
Instruction Fuzzy Hash: 1311E9B5901204AFEB21CF55DC84FA6FBA8EF44720F14C46AEE459F242D774A404DB75

Uniqueness

Uniqueness Score: -1.00%

Function 057B2EDE, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B2F3D

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 0f5cffa5938bbf336fbf24d9f2b3e5e06839a67f9016ae72a00a327b190b3a3c
Instruction ID: d982ab59c7e84a799f8aeffb67c14321f13cee94f91f5a1bd29d9a7ad54d9df8
Opcode Fuzzy Hash: 0f5cffa5938bbf336fbf24d9f2b3e5e06839a67f9016ae72a00a327b190b3a3c
Instruction Fuzzy Hash: E41125B5400200AFEB218F55DC80FA6FFA8EF04720F04845AFE458B252D3B4A408DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 057B06CE, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E2C), ref: 057B0737

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 38aacec6e97f982ac3ade4d23ffe10e991cf89f1c856bdb72a522b58f0b95cd7
Instruction ID: 4cf7defa84b7d6dd8495b96a39a540793abad6ebcc568d6b1ed65abcb909c2ca
Opcode Fuzzy Hash: 38aacec6e97f982ac3ade4d23ffe10e991cf89f1c856bdb72a522b58f0b95cd7
Instruction Fuzzy Hash: 8411E571500200AFFB20DF15DC89FAAFBA8DF44720F14C45AEE455A281D2B4A544CEB5

Uniqueness

Uniqueness Score: -1.00%

Function 057B1166, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(?,E17C1B06,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 057B11C4

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 0ebb277674ae284a57ff951cda8ba5565b71a6ce75ce4cd67861ca0044160263
Instruction ID: 28e14d707e0f39047a479ddec99b06962d9fbdfe9d980d9094785c2ce7d97243
Opcode Fuzzy Hash: 0ebb277674ae284a57ff951cda8ba5565b71a6ce75ce4cd67861ca0044160263
Instruction Fuzzy Hash: E01191755093C49FD7128F29DC55B52FFB8EF06220F0C84DAED858F262D275A848CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA078, Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 00EFA0D5

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 4e7001c689e09fe6cb6b49b72c514445669a9ce554eadad0ed2e69b9034f72eb
Instruction ID: f6f6ed89434e2c9ca4c30e9968e6259f2a41e75f974b922079de7783864b57f6
Opcode Fuzzy Hash: 4e7001c689e09fe6cb6b49b72c514445669a9ce554eadad0ed2e69b9034f72eb
Instruction Fuzzy Hash: E7118F75409384AFDB22CF15DC44B52FFB4EF59324F08C4AAED898F152D275A818CB62

Uniqueness

Uniqueness Score: -1.00%

Function 057B1AB2, Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B1B08

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: ae8dedd0a370d59fdc8077e10153be24fd5bd1e5fb1c6b535d58fa9d41e4051d
Instruction ID: 93489356aa96068b97fdacfcf830a36562e3501b8f24ee5cfa753f130a342344
Opcode Fuzzy Hash: ae8dedd0a370d59fdc8077e10153be24fd5bd1e5fb1c6b535d58fa9d41e4051d
Instruction Fuzzy Hash: F901C4B1500204AEEB21DF55DC85FA7FBA8EF44720F1484AAEE459B241E6B4A404DAB1

Uniqueness

Uniqueness Score: -1.00%

Function 00EFAD22, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 00EFAD6A

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 100652b0021f71860ba80b5d3962fafb01bb3e3a5a5076271093fac0539ca535
Instruction ID: 847624b66de545e95a6dc993aa9270e1baa5331ec4e1613a4935eebc87a2217c
Opcode Fuzzy Hash: 100652b0021f71860ba80b5d3962fafb01bb3e3a5a5076271093fac0539ca535
Instruction Fuzzy Hash: 6B118EB5A002058FDB60DF29D884B66FBE8EF44725F08D07ADD49DF642D675E804CA62

Uniqueness

Uniqueness Score: -1.00%

Function 057B13DE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E2C,E17C1B06,00000000,00000000,00000000,00000000), ref: 057B1431

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 884a1f4d09160acf43b0f377f45dcafa1575905fe4ed1787096f7335a03eba63
Instruction ID: 029989bf4f0dcf3264d4c69ef465175cc7542b24a302ee4f5f59e6c97ab9d2bf
Opcode Fuzzy Hash: 884a1f4d09160acf43b0f377f45dcafa1575905fe4ed1787096f7335a03eba63
Instruction Fuzzy Hash: 7801D2B1900204AEF720DF19DC85FA6FBA8EF44720F14C0AAEE459B241D6B4A404DAB2

Uniqueness

Uniqueness Score: -1.00%

Function 057B2FB2, Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 057B2FFE

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: c3a91e1e566cc87e7092d39038cfb090226e4bcc411116d93796497ec65a28c5
Instruction ID: 7527237aba9bd0001f5489d63f157d0ff0d4f73f8ed242894d235a774320d069
Opcode Fuzzy Hash: c3a91e1e566cc87e7092d39038cfb090226e4bcc411116d93796497ec65a28c5
Instruction Fuzzy Hash: 6811AC754002409FEB20CF55D844BA2FBE5FF08710F0888AAED4A8B212D375E448EF61

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB366, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(?,00000E2C,?,?), ref: 00EFB3B6

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 56f642bf3a014c605f1e588129b7acf4fb4b30eafcb08e0beed26fe29b231ead
Instruction ID: a4e43e330696f421405bfff7bad541b63a8129fced86c3246417a6fbc1dd3da3
Opcode Fuzzy Hash: 56f642bf3a014c605f1e588129b7acf4fb4b30eafcb08e0beed26fe29b231ead
Instruction Fuzzy Hash: BC01B172900200ABD310DF1ADC85B26FBE8EB88B20F14812AED098B645E631F515CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00EFA1C2

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: e04ee705fadb3306d145c9e4c77fab0fa84ef09ddcbeb15490837659ccf14a23
Instruction ID: df8f38ac413e0620b7b78351542e499ed218dd64b7e9926ec8338036c47020d5
Opcode Fuzzy Hash: e04ee705fadb3306d145c9e4c77fab0fa84ef09ddcbeb15490837659ccf14a23
Instruction Fuzzy Hash: C501D471900200ABD710DF1ADC85B26FBE8FF88B20F14816AED088B745E635F515CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB85E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 00EFB8AE

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: dd75a664b367472cece5d24ea730bf3e2515b9c293c84989db8e8225d05a8e2e
Instruction ID: b3b4926fb5a034fc7f1333c290c6f11f198937f827a7de415a12e54f2247142f
Opcode Fuzzy Hash: dd75a664b367472cece5d24ea730bf3e2515b9c293c84989db8e8225d05a8e2e
Instruction Fuzzy Hash: 1C01B172900200ABD310DF1ADC85F26FBE8EB88B20F14812AED088B645E631F515CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA7B2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00EFA7F6

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6d6b708d9992ff974507f1cb9d6e6bf9d455feddc48a39833d10c7f8baed75d8
Instruction ID: e7893280f918dc8abf451cfbb03163a075780d8e587f726519809e6763c586fc
Opcode Fuzzy Hash: 6d6b708d9992ff974507f1cb9d6e6bf9d455feddc48a39833d10c7f8baed75d8
Instruction Fuzzy Hash: 5D01AD718002449FDB218F55D844B66FFE0EF08720F08C4AAEE495A652D371A415DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 057B1866, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,E17C1B06,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 057B1898

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 077ba143a1eab6700aa4531993f856cde5d8a4bd249b45cb6624fd99591f231d
Instruction ID: 801334d60984bcbca616e11c6028f79aaa7372aabbb9a2dda1fcd0f14fb9b756
Opcode Fuzzy Hash: 077ba143a1eab6700aa4531993f856cde5d8a4bd249b45cb6624fd99591f231d
Instruction Fuzzy Hash: CA01A2759002449FEB20CF2AE885BA6FFA4EF44731F18C0BADD498F242D2B5A404CF61

Uniqueness

Uniqueness Score: -1.00%

Function 057B0EF2, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E2C,?,?), ref: 057B0F42

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: fe192c63166fdd921bf970c585eddbd44500071437de00c3754cc193b2724dff
Instruction ID: 49e0558810585fd64bd3da29f322a7ad8d399b66fdc9e6f79e5bc1de74c23bfc
Opcode Fuzzy Hash: fe192c63166fdd921bf970c585eddbd44500071437de00c3754cc193b2724dff
Instruction Fuzzy Hash: AB01A272500201ABD210DF1ADC86F26FBE8FB88B20F14811AED094B745E631F515CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00EFAC76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNEL32(?,E17C1B06,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 00EFACA8

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 3fb0629fbd7a33240f3b6aa2132706b8faa6e2231dd3394bfc8860b8c053eb77
Instruction ID: dd65156cdf6ca180aa6d178875d534d48af478d567af259fbca4b729ab09bf01
Opcode Fuzzy Hash: 3fb0629fbd7a33240f3b6aa2132706b8faa6e2231dd3394bfc8860b8c053eb77
Instruction Fuzzy Hash: 8501A2B5A002448FDB10CF29D8847A6FFA4EF44721F1CD0BADD499F252D274A804CF62

Uniqueness

Uniqueness Score: -1.00%

Function 00EFAB2E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E2C,?,?), ref: 00EFAB7E

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: ab5fa3ce5b5c9413d1b5660109728676f5c8671d6d6b24024c09a24978e60603
Instruction ID: 17d63ac0de7429208273a3b3f7bf0388a07604b3247261697ac08b9f2f23b43d
Opcode Fuzzy Hash: ab5fa3ce5b5c9413d1b5660109728676f5c8671d6d6b24024c09a24978e60603
Instruction Fuzzy Hash: 3001A272500201ABD210DF1ADC86F26FBE8FB88B20F14811AED084B745E631F515CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB5BA, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,?,?), ref: 00EFB60A

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 7e7171d8cfb9c31e60c5c6a4b476d7f15a216fae27ca63b8df7a8300c73d5ff2
Instruction ID: 4bdc6a8c4be71aecdf649e383dad4dc1413b37d2a012bf7dbd807d414b5e8075
Opcode Fuzzy Hash: 7e7171d8cfb9c31e60c5c6a4b476d7f15a216fae27ca63b8df7a8300c73d5ff2
Instruction Fuzzy Hash: 2501A272500201ABD210DF1ADC86F26FBE8FB88B20F14811AED094B745E671F515CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00EFB00E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNEL32(?,E17C1B06,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 00EFB040

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 09897fd18a71c07b930ac6774a8c9b639b4ffaf2910d28ece460af0fbe318231
Instruction ID: 043d0b802b6c30317539fb55cab871273070e2a33ca3c64d6b3bea4c29d00de7
Opcode Fuzzy Hash: 09897fd18a71c07b930ac6774a8c9b639b4ffaf2910d28ece460af0fbe318231
Instruction Fuzzy Hash: 4301DF75900204CFDB10CF29E884BA6FBA4EF44720F18C0BADD5A9B642D774E408CB72

Uniqueness

Uniqueness Score: -1.00%

Function 057B1192, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(?,E17C1B06,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 057B11C4

Memory Dump Source

Source File: 00000004.00000002.501852320.00000000057B0000.00000040.00000001.sdmp, Offset: 057B0000, based on PE: false

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 214d58ed6e3ae56934075bafb75ad49ca8a1c1e3cc7e4e709ad1b7ddec6f9210
Instruction ID: da702e11afb36b07f82cb5b201800e4580795cd05017f93586ffd38bf0aa2829
Opcode Fuzzy Hash: 214d58ed6e3ae56934075bafb75ad49ca8a1c1e3cc7e4e709ad1b7ddec6f9210
Instruction Fuzzy Hash: 7E01F4755102448FEB10CF1AD884BA6FFA4EF04720F08C0AADD498B352D2B4E408DEA2

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA47A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 00EFA4AC

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: ee7a9290fe414b1fb697d002681d1cd260b659e102c2c0aa4956165aee4a57ba
Instruction ID: d01e95d0dd3e8db6fd7175fea14dd30c2680186c7ce1a67a29e0385a22681a5a
Opcode Fuzzy Hash: ee7a9290fe414b1fb697d002681d1cd260b659e102c2c0aa4956165aee4a57ba
Instruction Fuzzy Hash: 1501A2B48002448FDB10CF15D888765FFA4EF44721F18D0BADD5D9F242D2B4A404CA62

Uniqueness

Uniqueness Score: -1.00%

Function 00EFA876, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,E17C1B06,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 00EFA8A8

Memory Dump Source

Source File: 00000004.00000002.495960258.0000000000EFA000.00000040.00000001.sdmp, Offset: 00EFA000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 2f8924b67b60a0722b416ca694f7ed80f433fa93a430615054c0dce0def223e8
Instruction ID: 9f8c3fbac98a75f876d23ef1e22ab924bd1f3aa647dddca3a7edfc7235be2957
Opcode Fuzzy Hash: 2f8924b67b60a0722b416ca694f7ed80f433fa93a430615054c0dce0def223e8
Instruction Fuzzy Hash: D0F0A4B4800644DFDB208F15D888765FFA4DF44761F18C0AADE495F252D3B5A809DF62

Uniqueness

Uniqueness Score: -1.00%

Function 029B025D, Relevance: .4, Instructions: 441COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.497031623.00000000029B0000.00000040.00000040.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 629de8f0b7906907381259f9517c87af7264e2595470bfa4c85fbefa6ae2024e
Instruction ID: 13b9e58c97412bbd8b4f5e4543155d5d7aee91f266a0ebf723ce7ce3c8e8b6a7
Opcode Fuzzy Hash: 629de8f0b7906907381259f9517c87af7264e2595470bfa4c85fbefa6ae2024e
Instruction Fuzzy Hash: 6C31CB6550E3C15FD3138B359C649A2BFB4AE43221B1E81EBD8C8CF1A3D269590AC773

Uniqueness

Uniqueness Score: -1.00%

Function 01071E28, Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.496529116.0000000001070000.00000040.00000001.sdmp, Offset: 01070000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe5a0b5120e5a51dc3cf8e24408c96840693bbb2590a613e979005990bf55bcc
Instruction ID: beefca35a4a4716ac3c07295d37347d4513deae609704cb0ab687d20d11d1cff
Opcode Fuzzy Hash: fe5a0b5120e5a51dc3cf8e24408c96840693bbb2590a613e979005990bf55bcc
Instruction Fuzzy Hash: 7EA1BF35B002499FCB05ABB8C8546AE7BF2BF88300F248469E506DB3A5DF35DD46DB51

Uniqueness

Uniqueness Score: -1.00%

Function 01071AA8, Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.496529116.0000000001070000.00000040.00000001.sdmp, Offset: 01070000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82e8a616f862a0dbe0778168aadb2bcf420f073ea70a96311ab340a14807fa38
Instruction ID: c5649f201c68ebc538de49cba10e4b41d506fa794fc4a2323f802cf85f8e0847
Opcode Fuzzy Hash: 82e8a616f862a0dbe0778168aadb2bcf420f073ea70a96311ab340a14807fa38
Instruction Fuzzy Hash: AC913171F042448FC755A7B884556BD3FE29B85304F2880BEDA8AEB3D2EA35CC078B51

Uniqueness

Uniqueness Score: -1.00%

Function 0107177F, Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.496529116.0000000001070000.00000040.00000001.sdmp, Offset: 01070000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bbee242c6a237c1461fc7dfbc7bc580024fe17727984b9e1f92dd33a3b71b84
Instruction ID: 9e7946827108798c711a90fca02ebc44b853dd43af6f3b50d0715d9a0af3ac5f
Opcode Fuzzy Hash: 2bbee242c6a237c1461fc7dfbc7bc580024fe17727984b9e1f92dd33a3b71b84
Instruction Fuzzy Hash: 3471A071F000455BEFA5ABBCC84076E3AEAEB8D700F10447AE14AD73D2CA79DD429766

Uniqueness

Uniqueness Score: -1.00%

Function 01071790, Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.496529116.0000000001070000.00000040.00000001.sdmp, Offset: 01070000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 324677d44f4b8cbe00228d8e33b037a6166076a1a355b5c88a5e1e7b31a22f63
Instruction ID: d229b2c16007bcbbff8d4ce1fa6c9b7b68530b767e554581716b300679899d13
Opcode Fuzzy Hash: 324677d44f4b8cbe00228d8e33b037a6166076a1a355b5c88a5e1e7b31a22f63
Instruction Fuzzy Hash: AF71AF71F000455BEFA5ABBCC84076E3AEAEB8D700F10447AE14AC73D2CA78DD4197A6

Uniqueness

Uniqueness Score: -1.00%

Function 029B072C, Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.497031623.00000000029B0000.00000040.00000040.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfa48b7c9e371fcbb834fa0b20148398496080b340d2684d2366b0050e730b89
Instruction ID: 73c5a331253f85228835a4066c73b040365d2bb02b7a5e9e849c837339a02f79
Opcode Fuzzy Hash: cfa48b7c9e371fcbb834fa0b20148398496080b340d2684d2366b0050e730b89
Instruction Fuzzy Hash: 6B31B1341093C59FD707CB24DD90B96BFB5AF46608F1881DEE9889B6A3C33A8806CB51

Uniqueness

Uniqueness Score: -1.00%

Function 057C300E, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.501881634.00000000057C0000.00000040.00000001.sdmp, Offset: 057C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 141978482c3c1ef8e1ea7515476f2cec514b2aef913ab6036d214365d0343639
Instruction ID: 067cf57ab2c131adcec5ebe9d205639b92aeef064a82b35e9eb433073685a076
Opcode Fuzzy Hash: 141978482c3c1ef8e1ea7515476f2cec514b2aef913ab6036d214365d0343639
Instruction Fuzzy Hash: 6B21B4B5508341AFD340CF19D880A5BFBE4FB89664F14896EF88897311E275E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 057C3A80, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.501881634.00000000057C0000.00000040.00000001.sdmp, Offset: 057C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b3b1189b7c926a847ff1f055b7c3c25ddef0695fefcf029d9fa7f344388a0c4
Instruction ID: 759697279f396c5d93b298f462f55d80c5e7382561d69453b2da41c7a302eaf8
Opcode Fuzzy Hash: 1b3b1189b7c926a847ff1f055b7c3c25ddef0695fefcf029d9fa7f344388a0c4
Instruction Fuzzy Hash: 2611B8B5908341AFD350CF19D880A5BFBE4FB88664F14896EF89897311E231E9148FA2

Uniqueness

Uniqueness Score: -1.00%

Function 029B075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.497031623.00000000029B0000.00000040.00000040.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77ed2b882c50c4873b0785701b36f883d0be6496555abff3c6658636f7370b37
Instruction ID: 8bfd19e830a7f2134b8733d16d7934730aca97a87c3a4a3995be75a620bac9b7
Opcode Fuzzy Hash: 77ed2b882c50c4873b0785701b36f883d0be6496555abff3c6658636f7370b37
Instruction Fuzzy Hash: E811B435204244DFD716CB24DE84B66FB99EF88708F24C99CE9495BA52C77BD803CE51

Uniqueness

Uniqueness Score: -1.00%

Function 029B0700, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.497031623.00000000029B0000.00000040.00000040.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 996fcded6053188e813082b672af7b47dd976425c8a47fb20bb530c261784425
Instruction ID: 51a9643101df166c969ce191610c01b9ad07bdd6991a3e7d2eaeb171d0fdcb58
Opcode Fuzzy Hash: 996fcded6053188e813082b672af7b47dd976425c8a47fb20bb530c261784425
Instruction Fuzzy Hash: B8214F3450D3C18FD703CB20CD94B65BFB5AF46204F1986EED4898B6A3C33A8816CB52

Uniqueness

Uniqueness Score: -1.00%

Function 057C3924, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.501881634.00000000057C0000.00000040.00000001.sdmp, Offset: 057C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8899f73e6a52b00ee6e9390578cb16e2696e680180c24e76d193db4f790e1055
Instruction ID: f33759f898d85bb8353fe54425d7513a71478ed7538c491e7c796fdcd475d713
Opcode Fuzzy Hash: 8899f73e6a52b00ee6e9390578cb16e2696e680180c24e76d193db4f790e1055
Instruction Fuzzy Hash: 8C11ACB5509301AFD350CF19D881E57FBE8EB88660F14892EFD5997311E271E9148FA2

Uniqueness

Uniqueness Score: -1.00%

Function 029B05CF, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.497031623.00000000029B0000.00000040.00000040.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba7aba2bbd80674731581ad4417bb8d030ca5eed92b8b585de4568ca010f6a4b
Instruction ID: 0db4dfafe282bb23cbf23e2c1b08415da6939eef7c215f54eabe0581602a3edd
Opcode Fuzzy Hash: ba7aba2bbd80674731581ad4417bb8d030ca5eed92b8b585de4568ca010f6a4b
Instruction Fuzzy Hash: 7501D6B25093806FD7128F16EC41862FFB8DF86620748C4DFEC498B613D225A809CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 01071D76, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.496529116.0000000001070000.00000040.00000001.sdmp, Offset: 01070000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71dc2147c3f579f7e4e864e12356caa32d526b02d8963961d6006ead30f5e459
Instruction ID: 614cae7a2d73a446033b63ede61e181376582ba29cd2835322db2e6010a7c6ba
Opcode Fuzzy Hash: 71dc2147c3f579f7e4e864e12356caa32d526b02d8963961d6006ead30f5e459
Instruction Fuzzy Hash: 13F0F632F045188BC7507B7CF04422CB7E1EB88211F21487DD79993284DF324E2597C6

Uniqueness

Uniqueness Score: -1.00%

Function 029B0818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.497031623.00000000029B0000.00000040.00000040.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
Instruction ID: d5a9ccea4f24cfdda9342395c482030bd3b3c430d62fc65057337f72d56a8e7f
Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
Instruction Fuzzy Hash: 71F01D35104645DFC706CF40D980B66FBA6EB89718F24C6ADE9490BB52C737D813DE81

Uniqueness

Uniqueness Score: -1.00%

Function 029B05F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.497031623.00000000029B0000.00000040.00000040.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d159b8c3f07661baf750c6fd7b686036146b2b6ae6b6eaf777c3af58694e1b9c
Instruction ID: 8ba86c0b0e1992d8e2c3fbcb4426d2736704df14824f41c85f368db4cf2c3180
Opcode Fuzzy Hash: d159b8c3f07661baf750c6fd7b686036146b2b6ae6b6eaf777c3af58694e1b9c
Instruction Fuzzy Hash: 08E06DB6A006008BD650CF0AEC81852F7E8EB88B31718C47BDC0D8B701E135B505CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 057C3973, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.501881634.00000000057C0000.00000040.00000001.sdmp, Offset: 057C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3318f30ad35ddfd7d84f7ac723bba4a3c03e7c57bf5265edb8b46cc44dfb4f8
Instruction ID: 41148dc8bb65fc8aeb2c90d744859c8ddb8ede9f4e7402d06b8b8ae3c84ec7e4
Opcode Fuzzy Hash: a3318f30ad35ddfd7d84f7ac723bba4a3c03e7c57bf5265edb8b46cc44dfb4f8
Instruction Fuzzy Hash: D8E048B2941204A7D2509E0AEC85F53FF98EB44A70F14C567ED095B702E176B5148AF5

Uniqueness

Uniqueness Score: -1.00%

Function 057C3AEB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.501881634.00000000057C0000.00000040.00000001.sdmp, Offset: 057C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e522a4f82d6e1f48c768c8909f6682232dd8dc234643b5ee4b3f231686ffbcd0
Instruction ID: d4d1a5f6ff95e2defef463dbc64b5b94a67a2318efad1f442dfb43bad389b248
Opcode Fuzzy Hash: e522a4f82d6e1f48c768c8909f6682232dd8dc234643b5ee4b3f231686ffbcd0
Instruction Fuzzy Hash: D4E0D8B294120067D2108E0ADC41F12FF98DB84A30F14C567ED081B301E071B5148AE1

Uniqueness

Uniqueness Score: -1.00%

Function 057C3397, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.501881634.00000000057C0000.00000040.00000001.sdmp, Offset: 057C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a60746ba2524dac37ad8c98993c705aa0870e71aeaa0439c419fc5ed2ddf9f9
Instruction ID: f5d2b96d8b3d73b1a53d7db832669e78ec98df1786b29350862f515987644da5
Opcode Fuzzy Hash: 8a60746ba2524dac37ad8c98993c705aa0870e71aeaa0439c419fc5ed2ddf9f9
Instruction Fuzzy Hash: 56E0D8B294120067D210DE0ADC41F13FF98DB84A30F14C567ED091B301E072B514CEE1

Uniqueness

Uniqueness Score: -1.00%

Function 057C3083, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.501881634.00000000057C0000.00000040.00000001.sdmp, Offset: 057C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 901a5d9466aa69e17cd97517daf530a4075a4845f07e1c9ea9c87455995dd16c
Instruction ID: 4ce6581b02b114e68aefb36dcc456fab61e02392788f105520916141b2c5c501
Opcode Fuzzy Hash: 901a5d9466aa69e17cd97517daf530a4075a4845f07e1c9ea9c87455995dd16c
Instruction Fuzzy Hash: 45E0D8B290120067D2108F0ADC41F12FB98EB84B30F14C567ED081F302E071B5148AE1

Uniqueness

Uniqueness Score: -1.00%

Function 00EF23F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.495938330.0000000000EF2000.00000040.00000001.sdmp, Offset: 00EF2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a256913b8684966511d636dafd65dc8648fd4c348c5f083f3cab5e854809c4
Instruction ID: ed5201f3937a1f3e9161d89ead72c20d96ec21994891d17c37de5bd216af7507
Opcode Fuzzy Hash: 07a256913b8684966511d636dafd65dc8648fd4c348c5f083f3cab5e854809c4
Instruction Fuzzy Hash: FAD05E79205A854FD3278A1CC1A8BA53B94EF51B08F4644FEE9008B663C3A8D981E210

Uniqueness

Uniqueness Score: -1.00%

Function 00EF23BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.495938330.0000000000EF2000.00000040.00000001.sdmp, Offset: 00EF2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b872b08343cb5843a46e7b098ce48b6c70e17fb2fe915eed0992cb3b4761f805
Instruction ID: 3e2499c930a149fc961e8e157f183161a78968b95efc538c60b7dfe2bf5a6bdd
Opcode Fuzzy Hash: b872b08343cb5843a46e7b098ce48b6c70e17fb2fe915eed0992cb3b4761f805
Instruction Fuzzy Hash: 20D05E742026864BC715DF1CC594F6937D4AB41B04F0654ECAD008B262C3A8EC81C600

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Quotation From Asia Tianjin Steel Co.Ltd.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

SMTP Packets

Code Manipulations

Statistics

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre