Windows Analysis Report VjLfUM5cMx
Overview
General Information
Detection
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 29 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnifv3 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnifv3 | Yara detected Ursnif | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: |
Networking: |
---|
Performs DNS queries to domains with low reputation | Show sources |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 | |
Source: | Code function: | 0_3_03641991 |
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Path Interception | Process Injection2 | Masquerading1 | OS Credential Dumping | Query Registry1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion1 | LSASS Memory | Security Software Discovery11 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection2 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information2 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing12 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen7 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
haverit.xyz | unknown | unknown | true | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 480997 |
Start date: | 10.09.2021 |
Start time: | 07:26:27 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | VjLfUM5cMx (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal88.troj.evad.winEXE@7/29@8/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
07:28:22 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.7687952691507924 |
Encrypted: | false |
SSDEEP: | 192:rZZe9Zi2z1WzMtzJifzzU2zMzwOg62CBzMlpB:rPezBzMz4zmz+zlzq |
MD5: | E92FD7DF6802E331C7A855D3A78FEFEA |
SHA1: | 80610D98C43B9F68C370E37224AA9D5A25CC650A |
SHA-256: | D1E5051E0E89115F43C3EB87B41D8EE0272787B84AA7936A41CB4E39B031B4AD |
SHA-512: | 05E023DF86A9A6ADBA94FE937A96493B2B89FE69DACF871FC9F370D28CB0EFA12B5E8811B3D43427D55F7368F46080900F5F966F42FB61C88D6C93345EA1D91B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.7653733500022424 |
Encrypted: | false |
SSDEEP: | 192:rSZX9Za2IWRtJHifJ3jxvzM9353+6YjBxw34gpB:rOXzZ/jawYu |
MD5: | D24E24FB19663AB8E7C73D6587EFFF6C |
SHA1: | B82737BFA7A49BA4BCF3A0C81C14962DAEEDBAF1 |
SHA-256: | B08D2BC882D1E7ECCC639CD0054218DE9BF9B7DD213335A776E96D876A2CD96D |
SHA-512: | D2F202639C2A74152BC1DE4AA9F2AB33240A2C09E25D4196C6A2EEBD50EC0458A5680A35B05F46FC064EF2C87BBAE6421AF14E84DC4753798C74E31B6AD69621 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26240 |
Entropy (8bit): | 1.6585521788268434 |
Encrypted: | false |
SSDEEP: | 48:IwDGcprCjGwpaCG4pQqGrapbSAGQpBtcBGHHpct62TGUp8tdGzYpmtEOGopOzEyq:r5ZC9Qy6cBSojt2lWNMFk+V2A |
MD5: | 8C6512EF426D5BB96705D87CC986C2D3 |
SHA1: | F3EC5C5DF2C53E864807177BA6F9FDA27D3CFCD1 |
SHA-256: | 6999B248C19B53968E3EAB2BCB6D7DCB82D1263108B80FF236D032245D633799 |
SHA-512: | FD5798A38BB65D6975E9F59A8BBC0D6A0D2194D52798F67702DE11B97DD6DF68CACBBE2D050A11B39D3632B9982C1A767F0BE620B4364EE300EB91595DB52390 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26240 |
Entropy (8bit): | 1.6568915553272197 |
Encrypted: | false |
SSDEEP: | 48:IwXGcprqjGwpaeG4pQ6GrapbSZGQpByGHHpcrTGUp8kGzYpmb0GopOdyDCGqXpHR:rdZq9Qe6sBSzjJ2FWAMQkPVGA |
MD5: | 976CE6A118BC49942D4F83A41795AF60 |
SHA1: | 0886BB24D61554692CF98EB0DAEF152B8D82130C |
SHA-256: | C1363B5295C4FC934787D3D95811D426B5009EFCAE0004611A2F9FC9CE36C4D9 |
SHA-512: | 51ED9BB236F9FD16CBD91C63689B10EB504C61366F2B628CD43F27176E285F7619019DF2781F97C91F5213FD1D26291548EDB6857D01DE1A693124C83C431EF5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.097103490576207 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOEjwanWimI002EtM3MHdNMNxOEjwanWimI00OYGVbkEtMb:2d6NxOcwaSZHKd6NxOcwaSZ7YLb |
MD5: | 01FB138155392A0403F38515CE0F9A89 |
SHA1: | 3870F06CE96AA652A0E4291609CB3538AB309936 |
SHA-256: | 24D93C2842111FE151324DA082D5C8559AA307AF5F185AF9DA4E468956E4D585 |
SHA-512: | E9D30B7E77328CD6733E95C137A6996EEAF3FDEB8F317C6940D36A190DF0508D98EEDC1F5130F6E3B15677755E77724EE698656E775D151A3F1FEF2D208D99F1 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.119386841314523 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2kRqanWimI002EtM3MHdNMNxe2kRqanWimI00OYGkak6EtMb:2d6NxrGqaSZHKd6NxrGqaSZ7Yza7b |
MD5: | 78C567EB422B95A55974D3844C4E3A25 |
SHA1: | 4A043CD69791CB35A7BBE32E0A019B1024DA867C |
SHA-256: | DB54273546F218206DDCADD0D68EF38F3922184C700AE0F5180F22733C6A626E |
SHA-512: | 340977812B58FF75C72FB24707C819A1831D83F7D95D4740EA3D21735A28B20472966F2046BD458D3A9E58005AABC7547D729FE3BB54065D144BDFB0B8A61CD3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 662 |
Entropy (8bit): | 5.167162589928272 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvL1pSpanWimI002EtM3MHdNMNxvL1pSpanWimI00OYGmZEtMb:2d6NxvjYaSZHKd6NxvjYaSZ7Yjb |
MD5: | 95E9AFC9B0CA3948C096400220F6E2FC |
SHA1: | ED40EE9CBEF489E1A0937B55484C50004366147A |
SHA-256: | 2637059B1F09E429B62D3442314CC96CD1D0D031173BFE42C04790E26ED3F3C6 |
SHA-512: | 35F4FFFADAEC9EC48833FCE35C5B9B3BD9BAE7D14E22CED33FD549DB4A97B644603D92D79F3FAB26FFE2A3413C777AFC41E85AF4C3F7FB62DAE0271F30292DB2 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 647 |
Entropy (8bit): | 5.11260966532361 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxijwanWimI002EtM3MHdNMNxijwanWimI00OYGd5EtMb:2d6Nx2waSZHKd6Nx2waSZ7YEjb |
MD5: | 4ADAE51FDF242ACCBA0BA603E37F65C8 |
SHA1: | 096307D1C70E2E3AFE1651ECF0A009BB24062841 |
SHA-256: | A112CC8C0B606E3D96F3985A70B44BC93ED0CD87EA3C8A19A3F225B2B7BD6B71 |
SHA-512: | AAB1906DBE98B8F6C21A4C10EE06C82C93565B9CB5DD6E690BFD8D947650C0BE8A9665C36681E5FF1C9C312E39386DFF9102AD9D4F0FDCBEB7DA0C8038B5ED4E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.178861223167003 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGw1pSpanWimI002EtM3MHdNMNxhGw1pSpanWimI00OYG8K075EtMb:2d6NxQYYaSZHKd6NxQYYaSZ7YrKajb |
MD5: | A32AA08FE4957F980C25BA02B088C7A3 |
SHA1: | 9C0B720474A1BCFE89045161D504C6A1F19DCDD0 |
SHA-256: | 1C39487B76D89749483D67B722E091B8A159D75A7B0CFD126627218126A103F5 |
SHA-512: | 79638801E8F940CDD4FB7F98D4D54C74E0613BEDBD8BB6DC7C076635DCE08ED84FAD73D66C5358137AA88845630FDC1D1AD79FA730E7A2F2443516A9C19F3952 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.0983299559903665 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0njwanWimI002EtM3MHdNMNx0njwanWimI00OYGxEtMb:2d6Nx0jwaSZHKd6Nx0jwaSZ7Ygb |
MD5: | 30009857A260CBF0B20FAA19AEED39DC |
SHA1: | 31E15FD67D29A6BB7BA93456B319C1F311D1423D |
SHA-256: | 22E514DBB72F0368497D4E14279F41CEC6E42D5D1DEA55434C9D7849BC11DC77 |
SHA-512: | DD691F1D0820CCF54A52A8F1F6C520AC085514B305606F73E62814EDF041F47D8886CF08ED13301BE0A999ACDEA11CF38EB77DE932547120BB304A8676D49CDE |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.136738769904 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxxjwanWimI002EtM3MHdNMNxxjwanWimI00OYG6Kq5EtMb:2d6NxBwaSZHKd6NxBwaSZ7Yhb |
MD5: | 9443E152D8CB24CCE6B18B7FB82AF0CC |
SHA1: | A7A4916172C5A0FF545F1192057DA50246E2FD9C |
SHA-256: | F4ACB9872F7882249023FDFA21CA78B8267B0E277701467281EFFC6AE805AD03 |
SHA-512: | B348117CCFC016FD9FBB101EEC1E53899E4087C665F7B4A0E846E198D9838A71FB2DEC497EEA70A8576013174C2C95F581EF3663C38AD614883CF8D3FE9F6DE7 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.111475006436849 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxcjwanWimI002EtM3MHdNMNxcjwanWimI00OYGVEtMb:2d6NxEwaSZHKd6NxEwaSZ7Ykb |
MD5: | DE14F026220BC4AD975589A143D4862D |
SHA1: | D4B22718CF721228E0CDB1C10489148FD3DF0CBC |
SHA-256: | 696399FD8895D1AAE33915A14619DEC5B7C8744AD37E1C99E56DF656A9EFBF70 |
SHA-512: | E98BE0BFC148546AE0191E54C96931639D12DE30A9821A1C529002CF681B932DF1968A1D2CCC38B3B9F48C81D69810A7E389F20C4589E339144785EB89219BC0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.097923317006781 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfnjwanWimI002EtM3MHdNMNxfnjwanWimI00OYGe5EtMb:2d6NxLwaSZHKd6NxLwaSZ7YLjb |
MD5: | 2505F5CDDDEC582665E57DD8138AE8FE |
SHA1: | 580DF47543557FB9077349D0BA0ACAC798857786 |
SHA-256: | ED9E4F3EBF559EC0BBB0B52FC9E6E83EA099648AB523B97904A4E3F95A3729F7 |
SHA-512: | E233567EC2DE9325ED0AE16EA3B43721B67EA77ECD8F17B32746B94BE2C64A788542E91F4880EDFC8D8923673C53CBCC17AAE1921538CB3744EF3F7736367D78 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 89 |
Entropy (8bit): | 4.412554678800313 |
Encrypted: | false |
SSDEEP: | 3:oVXUpjHLTMW8JOGXnEpjHLTBn:o9UpLLVqEpLLV |
MD5: | C1257D744F3D940640B1C3A5B5AFD9E7 |
SHA1: | 9A590780CAC06216357B82052A64909D1C3C44B2 |
SHA-256: | DBDCE1B51B72E8776ECD1B4CAE2223360B2059257442B2CFE8EE031D0B18046B |
SHA-512: | 61B08C8D7975445BAFB761369756E2DA18AC35ED934AE61B690CE2CBCDCE0B7C86E60AD5A606F4D7ED2571AABC4B0FDC74C2B8718F0ED05C08E4443B53CE29E3 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38737 |
Entropy (8bit): | 0.3709746847672781 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKAuvScS+tVt7t5totEItEwzEyDZzEyDbzEyDU:kBqoxKAuvScS+j9PGNVRDc |
MD5: | 48B207ABB84ABD21E374BF3B0BC629E5 |
SHA1: | 9BA15FD9C6856628363D65CD9A28881F8BB17F7F |
SHA-256: | 8C3149638C6002175CFB043340B3CDDFD45176DDA6107DE00DAE2D7CD441E0EB |
SHA-512: | 483EC9170E76167B87E298712AC45E6F82DAF33B571A1486233C36DBE8B464207E53FF287D43281FDE824074558C86399483A08C7565DB34DFB653E5C739BABC |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.40524698605679654 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loha9lohK9lWhFR9qc9Yd2f:kBqoIhFhzhFR9qc9A2f |
MD5: | F20C0B95ECC352ED980E564C0785243D |
SHA1: | 6841084009F9D90222280DD230F23D1E1D42B7EB |
SHA-256: | 886BFFC3541110649828420D7529FEC5E40BA180BD48719B3C54E693E5DBDC16 |
SHA-512: | 57F02927448FDA4B144FF81A7A82A2632FB11D4DCEF1D1F3C8B02C30AFA8B05B16870BC3B10610FFA8CE0816AF03E073DF7AD2BAFC6B8CCA08ED4671DD4C5517 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.40712809719208554 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lo2A9lo2Q9lW26xiSHibOB:kBqoI272d26xiSHibOB |
MD5: | E8C95AF8D3A8F841CC5EA3B6E1BDC24E |
SHA1: | 7A6869487B6DC66DC8038E2790CCB35238E741F7 |
SHA-256: | A0D8599D0CFBE862CF3B689A7BBBC70B9DE9B6DE02DE139B27DB3AD9E9D89004 |
SHA-512: | AF8E65D1D7F61414D7260ABB7DCDDFD34DC50547EE48DA26BF002B1141B0C8166FF6CD3B0255738C4C89DCCDC475ABC270CC2D8B244429552C24330F5A344161 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38737 |
Entropy (8bit): | 0.37078044094891244 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKAuvScS+S0e3bIbwdyDZdyDbdyDU:kBqoxKAuvScS+S0e3Ec8GT |
MD5: | 122B6346770EE93D6C99E259ACAADEF4 |
SHA1: | 61DFF47B74EC6657F8103666A0142F372367155F |
SHA-256: | 11A757AA78EEFF90A2EC39FA8DE22BC95284EE5CF0F7A5813C553D11C967DA11 |
SHA-512: | 2335BE3DCB0C1A1470E076582F4DA12678992AC4017109ECF8B0C04B96BC562A816C3EAAA8B8931ADE41E2842EBED5C08C96DA7C84A4713A7775C9B979F23177 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.614337368439923 |
TrID: |
|
File name: | VjLfUM5cMx.exe |
File size: | 901960 |
MD5: | c07d4f7dcac497a3c06cbba9e6e9e711 |
SHA1: | f9910595a15ee0ca41871bda8f1a23a3aa7f9360 |
SHA256: | 82aabb70809394ec910ecdff3dfe4982d652c6d65f7fa65e7da16b83ebf87192 |
SHA512: | 0eafdb6efe6a117ed331d828613131509cd9d0d5b6be3bfc010b4af0cf809b5f8866dc0362cc853ba8d13fd2f15716e2e4d4d437b7a4503c064c2b15c653417d |
SSDEEP: | 24576:49PsA9vHAYobFGQdRGylSk61LXXhNxvZXmtk1/GqgLGr:VYLJk61bRLZXmWGGr |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Hl..Hl..Hl..../.Jl....*.Xl....+.Kl..Hl...l....].Ml....).Cl....+.Il....7.zl....-.Il....(.Il..RichHl......................... |
File Icon |
---|
Icon Hash: | f0b0e8e4e4e8b2dc |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1005725 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x1000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, NX_COMPAT |
Time Stamp: | 0x55E85856 [Thu Sep 3 14:25:26 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | e256626a548828ef6c76be7957372a60 |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB |
Signature Validation Error: | No signature was present in the subject |
Error Number: | -2146762496 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8AB6A86211EE700AA961C3292ADB312D |
Thumbprint SHA-1: | A533DFA7E6AED2A9FFBE41FCEC5A8927A6EAFBBB |
Thumbprint SHA-256: | 9E0611728595A506CC2A55486FDD88ECA0971EF0B08F74CB3B3B6F5F6F3C7E27 |
Serial: | 239664C12BAEB5A6D787912888051392 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007F1CF4E3F540h |
jmp 00007F1CF4E38455h |
push 00000014h |
push 0108A9F8h |
call 00007F1CF4E3D42Ah |
call 00007F1CF4E38C2Bh |
movzx esi, ax |
push 00000002h |
call 00007F1CF4E3F4D3h |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [01000000h], ax |
je 00007F1CF4E38456h |
xor ebx, ebx |
jmp 00007F1CF4E38485h |
mov eax, dword ptr [0100003Ch] |
cmp dword ptr [eax+01000000h], 00004550h |
jne 00007F1CF4E3843Dh |
mov ecx, 0000010Bh |
cmp word ptr [eax+01000018h], cx |
jne 00007F1CF4E3842Fh |
xor ebx, ebx |
cmp dword ptr [eax+01000074h], 0Eh |
jbe 00007F1CF4E3845Bh |
cmp dword ptr [eax+010000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007F1CF4E3D37Dh |
test eax, eax |
jne 00007F1CF4E3845Ah |
push 0000001Ch |
call 00007F1CF4E38577h |
pop ecx |
call 00007F1CF4E3E83Bh |
test eax, eax |
jne 00007F1CF4E3845Ah |
push 00000010h |
call 00007F1CF4E38566h |
pop ecx |
call 00007F1CF4E3F54Ch |
and dword ptr [ebp-04h], 00000000h |
call 00007F1CF4E3EE37h |
test eax, eax |
jns 00007F1CF4E3845Ah |
push 0000001Bh |
call 00007F1CF4E3854Ch |
pop ecx |
call dword ptr [0106A19Ch] |
mov dword ptr [010AC3A8h], eax |
call 00007F1CF4E3F567h |
mov dword ptr [01097A94h], eax |
call 00007F1CF4E3F124h |
test eax, eax |
jns 00007F1CF4E3845Ah |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8ccf8 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xad000 | 0x41028 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xda000 | 0x2348 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xef000 | 0x4d50 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x6a3b0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x87940 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x6a000 | 0x328 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x681b9 | 0x68200 | False | 0.62395192452 | data | 6.85141546298 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x6a000 | 0x23f8a | 0x24000 | False | 0.641872829861 | data | 6.36645327435 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x8e000 | 0x1e3ac | 0x7a00 | False | 0.527792008197 | data | 6.51367686644 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xad000 | 0x41028 | 0x41200 | False | 0.240744211852 | data | 5.36312234805 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xef000 | 0x4d50 | 0x4e00 | False | 0.730168269231 | data | 6.65913941378 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xad434 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xbdc5c | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 16580607, next used block 4294917888 | English | United States |
RT_ICON | 0xc1e84 | 0x25a8 | data | English | United States |
RT_ICON | 0xc442c | 0x10a8 | data | English | United States |
RT_ICON | 0xc54d4 | 0x988 | data | English | United States |
RT_ICON | 0xc5e5c | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc62c4 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xd6aec | 0x94a8 | data | English | United States |
RT_ICON | 0xdff94 | 0x5488 | data | English | United States |
RT_ICON | 0xe541c | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 520093696 | English | United States |
RT_ICON | 0xe9644 | 0x25a8 | data | English | United States |
RT_ICON | 0xebbec | 0x10a8 | data | English | United States |
RT_ICON | 0xecc94 | 0x988 | data | English | United States |
RT_ICON | 0xed61c | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_STRING | 0xeda84 | 0xbc | data | English | United States |
RT_STRING | 0xedb40 | 0x150 | data | English | United States |
RT_GROUP_ICON | 0xedc90 | 0x76 | data | English | United States |
RT_GROUP_ICON | 0xedd08 | 0x5a | data | English | United States |
RT_VERSION | 0xedd64 | 0x2c4 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetLastError, VirtualProtectEx, LoadLibraryA, OpenMutexA, SetConsoleOutputCP, DeviceIoControl, GetModuleFileNameA, CloseHandle, DeleteFileA, WriteConsoleW, SetStdHandle, GetStringTypeW, LoadLibraryW, WaitForMultipleObjectsEx, GetStartupInfoA, GetConsoleMode, GetConsoleCP, FlushFileBuffers, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, HeapReAlloc, CreateProcessA, Sleep, GetTickCount, SetFilePointerEx, GetCurrentProcess, UnregisterWaitEx, QueryDepthSList, InterlockedFlushSList, InterlockedPushEntrySList, InterlockedPopEntrySList, InitializeSListHead, ReleaseSemaphore, SetProcessAffinityMask, VirtualProtect, VirtualFree, VirtualAlloc, GetVersionExW, GetModuleHandleA, FreeLibraryAndExitThread, FreeLibrary, GetThreadTimes, OutputDebugStringW, FatalAppExitA, SetConsoleCtrlHandler, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCurrentProcessId, QueryPerformanceCounter, GetFileType, HeapSize, GetProcessHeap, GetModuleFileNameW, WriteFile, GetStdHandle, WideCharToMultiByte, MultiByteToWideChar, AreFileApisANSI, GetModuleHandleExW, ExitProcess, IsDebuggerPresent, UnregisterWait, RegisterWaitForSingleObject, SetThreadAffinityMask, GetProcessAffinityMask, GetNumaHighestNodeNumber, DeleteTimerQueueTimer, ChangeTimerQueueTimer, CreateTimerQueueTimer, GetLogicalProcessorInformation, GetThreadPriority, SetThreadPriority, SwitchToThread, SignalObjectAndWait, WaitForSingleObjectEx, SetEvent, DuplicateHandle, WaitForSingleObject, GetCurrentThread, GetCurrentThreadId, GetExitCodeThread, GetSystemTimeAsFileTime, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapAlloc, EncodePointer, DecodePointer, GetCommandLineA, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetProcAddress, CreateSemaphoreW, CreateThread, ExitThread, LoadLibraryExW, RaiseException, RtlUnwind, HeapFree, TryEnterCriticalSection, CreateTimerQueue, RtlCaptureStackBackTrace, CreateFileW |
USER32.dll | SetWindowTextA, CallNextHookEx, LoadBitmapA, GetClassInfoExA, EnumWindows, GetIconInfo, IsDialogMessageA, GetWindowLongA, CreateWindowExA, ReleaseDC, DefWindowProcA, CheckDlgButton, SendMessageA |
ole32.dll | CoUninitialize, OleSetContainedObject, OleInitialize, CoSuspendClassObjects, OleUninitialize, StgCreateDocfile, CoInitialize |
COMCTL32.dll | ImageList_LoadImageA, PropertySheetA, CreatePropertySheetPageA |
WINSPOOL.DRV | AddJobA, DeletePortA, SetPortA, SetPrinterDataA, DeletePrintProcessorA, AbortPrinter, GetPrinterDriverDirectoryA, ResetPrinterA, StartPagePrinter, ReadPrinter, FlushPrinter, DeletePrinterConnectionA, StartDocPrinterA, DeletePrinterKeyA, DeletePrintProvidorA, DeletePrinterDriverExA, GetPrintProcessorDirectoryA, FindClosePrinterChangeNotification, DeletePrinterDriverA, AddPrintProvidorA, OpenPrinterA, GetJobA, ClosePrinter, AddPrintProcessorA, AddPrinterA, PrinterMessageBoxA, SetFormA, GetFormA, DeletePrinter, AddPortA, SetJobA, AddPrinterDriverA, SetPrinterDataExA, DeletePrinterDataExA, DeletePrinterDataA, GetPrinterDataA, AddFormA, AddPrinterDriverExA, AddPrinterConnectionA, AddMonitorA, DeleteFormA, DeleteMonitorA, GetPrinterA, ConfigurePortA, ScheduleJob, GetPrinterDriverA, GetPrinterDataExA |
sfc.dll | SfcIsFileProtected |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | (C) 2011 Helpwould Use Corporation. All rights reserved. |
FileVersion | 14.1.55.63 |
CompanyName | Helpwould Use Corporation |
ProductName | Deathice |
ProductVersion | 14.1.55.63 |
FileDescription | Deathice The Certain |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 10, 2021 07:28:06.141274929 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:06.173835993 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:09.794151068 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:09.828183889 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:11.163975954 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:11.196463108 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:11.213056087 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:11.245542049 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:11.255109072 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:11.283317089 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:22.515371084 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:22.552726030 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:27.221208096 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:27.270185947 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:27.582804918 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:27.618233919 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:27.817651033 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:27.866524935 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:28.229381084 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:28.278403997 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:28.366758108 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:28.403283119 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:28.786196947 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:28.825587988 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:29.329730988 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:29.362298012 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:29.829440117 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:29.865679979 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:30.428303003 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:30.461085081 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:31.139528036 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:31.172951937 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:31.912934065 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:31.952032089 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:32.339919090 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:32.372539997 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:32.627718925 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:32.662878990 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:39.815841913 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:39.850405931 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:40.850609064 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:40.886810064 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:41.897170067 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:41.924233913 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:43.943135023 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:43.969206095 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:44.122525930 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:44.157752991 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:28:47.990400076 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:28:48.025816917 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:29:13.323084116 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:29:13.357377052 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:29:14.412585020 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:29:14.448110104 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:29:14.453455925 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:29:14.481364012 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:29:14.488106012 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:29:14.512888908 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:29:16.641024113 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:29:16.679554939 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Sep 10, 2021 07:29:18.316977978 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 10, 2021 07:29:18.352873087 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 10, 2021 07:28:11.163975954 CEST | 192.168.2.4 | 8.8.8.8 | 0xa173 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:28:11.213056087 CEST | 192.168.2.4 | 8.8.8.8 | 0xf9a7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:28:11.255109072 CEST | 192.168.2.4 | 8.8.8.8 | 0x35ab | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:28:22.515371084 CEST | 192.168.2.4 | 8.8.8.8 | 0x1438 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:28:32.627718925 CEST | 192.168.2.4 | 8.8.8.8 | 0x105 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:29:14.412585020 CEST | 192.168.2.4 | 8.8.8.8 | 0x2194 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:29:14.453455925 CEST | 192.168.2.4 | 8.8.8.8 | 0x24 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:29:14.488106012 CEST | 192.168.2.4 | 8.8.8.8 | 0x17ae | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 10, 2021 07:28:11.196463108 CEST | 8.8.8.8 | 192.168.2.4 | 0xa173 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:28:11.245542049 CEST | 8.8.8.8 | 192.168.2.4 | 0xf9a7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:28:11.283317089 CEST | 8.8.8.8 | 192.168.2.4 | 0x35ab | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:28:22.552726030 CEST | 8.8.8.8 | 192.168.2.4 | 0x1438 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:28:32.662878990 CEST | 8.8.8.8 | 192.168.2.4 | 0x105 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:29:14.448110104 CEST | 8.8.8.8 | 192.168.2.4 | 0x2194 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:29:14.481364012 CEST | 8.8.8.8 | 192.168.2.4 | 0x24 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 07:29:14.512888908 CEST | 8.8.8.8 | 192.168.2.4 | 0x17ae | Name error (3) | none | none | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 07:27:43 |
Start date: | 10/09/2021 |
Path: | C:\Users\user\Desktop\VjLfUM5cMx.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 901960 bytes |
MD5 hash: | C07D4F7DCAC497A3C06CBBA9E6E9E711 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 07:28:08 |
Start date: | 10/09/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cd730000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 07:28:09 |
Start date: | 10/09/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd90000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 07:29:12 |
Start date: | 10/09/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cd730000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 07:29:13 |
Start date: | 10/09/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd90000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|