Windows Analysis Report PiSUfsy.exe
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 29 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnifv3 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnifv3 | Yara detected Ursnif | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: |
Networking: |
---|
Performs DNS queries to domains with low reputation | Show sources |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Mutant created: |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 | |
Source: | Code function: | 0_3_035D1991 |
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Path Interception | Process Injection2 | Masquerading1 | OS Credential Dumping | Query Registry1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion1 | LSASS Memory | Security Software Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection2 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information2 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing12 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
21% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen7 | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
6% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
haverit.xyz | unknown | unknown | true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
true |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 481080 |
Start date: | 10.09.2021 |
Start time: | 10:18:13 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | PiSUfsy.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 30 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.troj.evad.winEXE@7/29@8/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:19:46 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.767910827582747 |
Encrypted: | false |
SSDEEP: | 96:rcZrZTl2TQWTLMtTLDfTL+7FMTLSzT8IB:rcZrZTl2TQWTYtT3fTS7FMT+zTJB |
MD5: | 5549613A0C3CFA300203D29B4DA079C4 |
SHA1: | C7BA0471338AFE8208E3A70D6C4A726542B08C88 |
SHA-256: | 058D9040EA75C9689E469353DFFB464D8F099632F034F35388487EC162D9A365 |
SHA-512: | D964FE88EA0B338272504B84F7C75C10C2ECDE21F482A694A203EEFCB946084899E79C45D751CD3A461E3CA0CC3BD608B62311FF305EC59692C2A22C7E8814A8 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.7716211254875913 |
Encrypted: | false |
SSDEEP: | 48:IwsGcprZGwpL2G/ap8OGIpckHGvnZpvkfTRGolqp9kfHTQGo4RpmkxFHbGWvlDGF:rwZTZ02eWk4tkGfkvRMk+fhpB |
MD5: | 8B850AF47A1244F545B93C681F4CD253 |
SHA1: | 642DDAEAB6F619FB6F1EFAE0466F1B2A6E60C39B |
SHA-256: | 16F648C8C6903C9227C3A178884E22F7322C5620E2A4DB0F43D8BCCE62D9E2BE |
SHA-512: | F3900E9959AEC3FBEFF9630F1A2EA5224E6CDEF681E345B0221E388D0D52DB8EA682B8B6C3A842E90959EE7E08363611EEB28895EFA3A76634719D27A3CC8113 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26240 |
Entropy (8bit): | 1.653277117903397 |
Encrypted: | false |
SSDEEP: | 48:IwBGcprwGwpa8G4pQwGrapbS9GQpBSGHHpcjTGUp8ZUGzYpmMRvGopOCyDZbGqXT:r3ZYQc6OBSHjp29WmMqkrVSA |
MD5: | C1EDC282B7A921C386333D54A46398E9 |
SHA1: | 03384AA0B051C2ACDC50C017BFDA53A86C72C853 |
SHA-256: | C32C0F328992520DEB9EF5EA7878F089CD33D32493C73A4333A2C26B0A9B1282 |
SHA-512: | 483C64003A05B6AB77B6C9171F82B82AF38AC959D789941B51EB39013E4ACAD76996BEFEEE6B94C9EF8F564AA2EB90E726634706FAA6B73596A808525E7D741E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26240 |
Entropy (8bit): | 1.6552452588590398 |
Encrypted: | false |
SSDEEP: | 48:IwFGGcprfNGwpaCGG4pQ4UGrapbS2GQpBOGHHpcMcTGUp8yGzYpmG3GopOQyDOBl:rUZvQT6RBSOjd2JWOMykWtVQ3A |
MD5: | A5C53BAC5AE42F54F85199F3BB95F93B |
SHA1: | 1C6A24BFF7EEBB0F4B8DC962C3F7D4363A44411C |
SHA-256: | 1BA8F54AE85DFCE6FFAC476163993B9A13511D7A22DBE8DC6B13E286FC6AAB17 |
SHA-512: | 1004E172D6FDD453F4D8AE0816C7BFBA11F4BB6BEEC6748CB11917FC1B18A4D96B7D5A14028393945D01B713D239ED73F94D470F7EF18BC3E2893432969E2CAB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.104721476385179 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOEWenWimI002EtM3MHdNMNxOEWenWimI00ObVbkEtMb:2d6NxOESZHKd6NxOESZ76b |
MD5: | 9409A50D4C91701ABDBACBE17E214EE2 |
SHA1: | 6C8858E4A0A0775D72D0B80CDC59BCAE4D0F16F6 |
SHA-256: | 79D278F1F8326FE65B250508E9078FE171F0D1459FDAD28CE5E5350EA29D1719 |
SHA-512: | 36245447F8F6745366CCC11C809581BF5202DA8F28842E9273A20F13B0AE7ECFC8B88E05A9C05977BF98B553119798AF03C62E735170F5FF326DFFEACE688EAC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.084052421273924 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2kvAitAMnWimI002EtM3MHdNMNxe2kvAitAMnWimI00Obkak6EtMb:2d6NxrWSZHKd6NxrWSZ7Aa7b |
MD5: | 81FD5C3557106C46A0CC8C42B0C1902D |
SHA1: | 104F0F8AB1192BD3423ABD9FBEC8494A6E75FBE3 |
SHA-256: | 6AA501CD163232CD1C562610B588E052B20D5B726BFB6A4798201E739DF08815 |
SHA-512: | 3D13374A37E91BDA48F046B459AE23DE18423A13C0FFCC9F3D2AC2530F62E6F11581C3354FB3E3FFD6B546AF205DE75F7C0803B72E3125E254E567031A24B60C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 662 |
Entropy (8bit): | 5.1214194144054686 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvLWenWimI002EtM3MHdNMNxvLWenWimI00ObmZEtMb:2d6NxvFSZHKd6NxvFSZ7mb |
MD5: | DD56A643D27C13BB73EA7D75D8FABDDE |
SHA1: | D723080970C1DE2872EE349248D0F6CBA78EAE03 |
SHA-256: | BFC5C9EABB3F47EC665CD4744DDB44998F0386B8241E45C933E57FD6B3151380 |
SHA-512: | F6DD3A7D3B27817FAAE45BFA5EADBDEAEBF81E5C9E910434C0932EF9FD99999A79BBAD92DD2EF1500F94F0EFEC7BA3205C82643DA0CBE0BF6BFED22C45B4B025 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 647 |
Entropy (8bit): | 5.079190891058834 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxivAitAMnWimI002EtM3MHdNMNxivAitAMnWimI00Obd5EtMb:2d6Nx0SZHKd6Nx0SZ7Jjb |
MD5: | BC7F8B4F5EF4A6CF4B0E7E28C8B1FF59 |
SHA1: | 98B0415ECA3054C83A31B759033C110102CBC877 |
SHA-256: | 23F95444558A03C668F702CFE9F9FD951FFAE3C9BE938BF948E4F0C609F85529 |
SHA-512: | B72B516F5312F64C90CB54D7C635E596C60C9165468ABF3EDCC1C4B969C9334670D63CC691DAC8F9821DD8BC3149DF7378ECF5AC655A2CC625D32E0006F9EB15 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.135821975934053 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGwWenWimI002EtM3MHdNMNxhGwWenWimI00Ob8K075EtMb:2d6NxQ4SZHKd6NxQ4SZ7YKajb |
MD5: | 26E707803EDED22B1A2FD51E9754EC6B |
SHA1: | A7BB0552828F873F9AD22759C3B47BCB4B75B93E |
SHA-256: | 14B1BB355F26D4876F60CE14058834CE7289B4EB6E504977CA69BFA8D5F664DF |
SHA-512: | FC34CFFCB7708B4A6B730D1446C700FCB88A6574753410AD4FAFE4DDB79EE509D82EFC97404855A1BFCB6ED6790664976801D0B540FE96AC63B3729DB5A30112 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.103455098848017 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0nWenWimI002EtM3MHdNMNx0nWenWimI00ObxEtMb:2d6Nx0JSZHKd6Nx0JSZ7nb |
MD5: | F25F70EF84320440B6F92AC7C5297D0F |
SHA1: | 87FF658420D7D11AC45A6AAF2407E2A244452160 |
SHA-256: | 28B548D59BCEA71F19EAC4C0B206845BD2BDAAF95BF5FDD74B831D0762BDCB93 |
SHA-512: | 19D436C6AC3CB5FFFF649165783DEBE5D5E86EE2259BAFF5B702E4D3C7160435CC5CAC2F95827E679C03BBEC2015E06F3B47834784B0E2817D871670B3DB48ED |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.145145177655876 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxxWenWimI002EtM3MHdNMNxxWenWimI00Ob6Kq5EtMb:2d6NxjSZHKd6NxjSZ7ob |
MD5: | 80AE373496EAB7A58EBAD3BD148C97EF |
SHA1: | DE597241F07C4F89C58A0DD7F192BF39D3CE6CF4 |
SHA-256: | B3B01B3339D95CCEAA6F122CEA33493A4381BC005401C6D4EE83FFD11F285FD7 |
SHA-512: | DAE8C2543638C318F4EB8D6BA90E75A574E605A6474084FDA6AA01EB74BAF55E63E96274EC6EF69043F200DD3B55E1D98AE0CF91B827B79C099CCB2A70DDDB11 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.082370786840105 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxcvAitAMnWimI002EtM3MHdNMNxcvAitAMnWimI00ObVEtMb:2d6NxeSZHKd6NxeSZ7Db |
MD5: | 64EE23798088274C6AFBC414B0ECFB52 |
SHA1: | F7D6452F5A406A47D920A85BAA968B7EDBE8C207 |
SHA-256: | 3597B6E33C19882D5B335DAFF3E02E4196228056C093EBA8A44AE95D2C6F3A11 |
SHA-512: | F28CBB660186E0E3E6B0EF1CE0864CCB69F4017FCF91FA32AA88F2ABF4E0AFE49A2287EB5203AA12DE89FBACF5710016755E1E8286B58294235764E89DFE25EE |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.065147867190279 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfnvAitAMnWimI002EtM3MHdNMNxfnvAitAMnWimI00Obe5EtMb:2d6NxbSZHKd6NxbSZ7ijb |
MD5: | 4303CED0A39C69A6E7FF17C386C1EC1F |
SHA1: | EFE3A66D822E915DDDE5B608AC36266D42D4C35F |
SHA-256: | 422711BDE9FB834C5E26C9C884E7630AFD843075D612B47B17F8E0570CB36821 |
SHA-512: | 6F04D9E12209471F2FB606CDC29D306290842F6D900AD0F71347AC940CA993F3C2F4CD536291B63BBF68391B0AD340787F0D64A154D0BACB86BF6CCC3507FF21 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 89 |
Entropy (8bit): | 4.350647094482033 |
Encrypted: | false |
SSDEEP: | 3:oVXUpOVfWW4ER98JOGXnEpOVfWWF7n:o9UpO1WW449qEpO1WWl |
MD5: | C5C6E32E59C52850C49324B2BD91A96F |
SHA1: | 4A11EA1D270CFC0A36AEAA1871E2500B122FEC2A |
SHA-256: | B0B23261B5289A13A255842C07BCA0A50B15243B022B892E41ADCAF761CFF1F3 |
SHA-512: | 24CEF1DD62633606C70F73D258E82D99069256EEC57FE5D6CAFEB73BA1D3363F77170CA440E775A64BF797DD250923F0044A8A3DA8165FD8022EBAFF639230A0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38737 |
Entropy (8bit): | 0.36804573270497437 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKAuvScS+9DhAMIMwCyDZCyDbCyDU:kBqoxKAuvScS+9DhAjLjxi |
MD5: | 08FB496F01888D742C59B87B3AC4359D |
SHA1: | 049BC129C56E718470053BB2B18149BE8644DE5C |
SHA-256: | 227975D6D993CB96526FD5D48A2645B65E2BC0CD4A86F0111AF7BB55E7364CB7 |
SHA-512: | B8738D078597AA8F233064E8F4C601DAA51CC0434FF283374A159197C2BE6752AB1C5E026E850BC4B3CA815E41CD4DEFB748640D46E642CE1CEA166545A39A7B |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38737 |
Entropy (8bit): | 0.37044060981047916 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKAuvScS+357yGIGwQyDZQyDbQyDU:kBqoxKAuvScS+357yZBRDc |
MD5: | 1E84DB848F8CDC756E7E5FFB630E5782 |
SHA1: | 5CA5EC0122405901B7B6805BAA034EDCDF85CB47 |
SHA-256: | 52CA08644795E6EAC4FC68A499CC324BA358C3595298D8E57CBD18CC25643345 |
SHA-512: | 0E4EDAE89AF93F80EB7CAE4EEA7E2BB3288DE0A00D0492B623C1478596DBE2240B18930FB7133EF1543FA9E832BC3119999BA33A0202E0027D0661C52933FAC8 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.4106597412749696 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lojF9lop9lWE/Nxe:kBqoIysE/Nxe |
MD5: | B71E1B615B91A86C2840ED86D93ABC67 |
SHA1: | 356C94B056C072F9328E1422ED1A69BE464B4BF8 |
SHA-256: | 67D716555E0E232BEDF6E6604AC1D3B26A8847E48D3FED82A85A161F80890BF5 |
SHA-512: | 4EF507A7D3EA9057A1E666E158F1D25F00E2798EFB66B586100B780D098702C5D1E290DF21B2BD9EA5E0FBAAB855066097CFD9D27AB52B856D3A10FC89857AEB |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.410127935772876 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loTaF9loT29lWTrwU:kBqoIThTnTrwU |
MD5: | D3B988EE3DD365B1C1C32E68D2EFBB32 |
SHA1: | 7D0C72D608DB49C54CAB8518D51D50E84A81AEB5 |
SHA-256: | 0ED6CFB0C782CBA9BEF9518F1DF08B7A33FDD7F7D24FB5CDA37F120860C1ACF3 |
SHA-512: | B3764DD0DAA971A39D3C101402493B09A94B9CD2BCE53B99FF8C4DBBF64DAED5394238DA63C34A8BD9931DDE8B4A7DE058EEFB42945211399280D056EC55E597 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.614358183794132 |
TrID: |
|
File name: | PiSUfsy.exe |
File size: | 901960 |
MD5: | ddb8cc4e8e2ec81904a1407409d2e868 |
SHA1: | 5f594f30bcf6b00213916e5aa987db98d764fbb2 |
SHA256: | e0f81b847c0c02e0352607f852bdfb651925c35655ebf0be9b4fd2ef034661f3 |
SHA512: | 70e1ff1b5aa7a5ff7408f4520adece23fbb9df4f3ac9d5aded9baad30fe485c47a2f8cce6b2d500ab6705a18ce20f90c193092c4f943053c67c1cff8b51a5738 |
SSDEEP: | 24576:X9PsA9vHAYobFGQdRwylSk61LXXhtxvZPmtk1/GqgLG9:oYRJk61bRrZPmWGG9 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I................#3......#6......#7...............A......#5......{7......#+.1....#1......#4.....Rich........................... |
File Icon |
---|
Icon Hash: | f0b0e8e4e4e8b2dc |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1005725 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x1000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, NX_COMPAT |
Time Stamp: | 0x55E85856 [Thu Sep 3 14:25:26 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 6e09f5ea9222053b840f418fc7379964 |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB |
Signature Validation Error: | No signature was present in the subject |
Error Number: | -2146762496 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8AB6A86211EE700AA961C3292ADB312D |
Thumbprint SHA-1: | A533DFA7E6AED2A9FFBE41FCEC5A8927A6EAFBBB |
Thumbprint SHA-256: | 9E0611728595A506CC2A55486FDD88ECA0971EF0B08F74CB3B3B6F5F6F3C7E27 |
Serial: | 239664C12BAEB5A6D787912888051392 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007F139498FC80h |
jmp 00007F1394988B95h |
push 00000014h |
push 0108A9F8h |
call 00007F139498DB6Ah |
call 00007F139498936Bh |
movzx esi, ax |
push 00000002h |
call 00007F139498FC13h |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [01000000h], ax |
je 00007F1394988B96h |
xor ebx, ebx |
jmp 00007F1394988BC5h |
mov eax, dword ptr [0100003Ch] |
cmp dword ptr [eax+01000000h], 00004550h |
jne 00007F1394988B7Dh |
mov ecx, 0000010Bh |
cmp word ptr [eax+01000018h], cx |
jne 00007F1394988B6Fh |
xor ebx, ebx |
cmp dword ptr [eax+01000074h], 0Eh |
jbe 00007F1394988B9Bh |
cmp dword ptr [eax+010000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007F139498DABDh |
test eax, eax |
jne 00007F1394988B9Ah |
push 0000001Ch |
call 00007F1394988CB7h |
pop ecx |
call 00007F139498EF7Bh |
test eax, eax |
jne 00007F1394988B9Ah |
push 00000010h |
call 00007F1394988CA6h |
pop ecx |
call 00007F139498FC8Ch |
and dword ptr [ebp-04h], 00000000h |
call 00007F139498F577h |
test eax, eax |
jns 00007F1394988B9Ah |
push 0000001Bh |
call 00007F1394988C8Ch |
pop ecx |
call dword ptr [0106A19Ch] |
mov dword ptr [010AC3A8h], eax |
call 00007F139498FCA7h |
mov dword ptr [01097A94h], eax |
call 00007F139498F864h |
test eax, eax |
jns 00007F1394988B9Ah |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8ccf8 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xad000 | 0x41028 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xda000 | 0x2348 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xef000 | 0x4d50 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x6a3b0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x87940 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x6a000 | 0x328 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x681b9 | 0x68200 | False | 0.623954269208 | data | 6.85141881321 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x6a000 | 0x23f8a | 0x24000 | False | 0.64170328776 | data | 6.36645327435 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x8e000 | 0x1e3ac | 0x7a00 | False | 0.527792008197 | data | 6.51367686644 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xad000 | 0x41028 | 0x41200 | False | 0.240744211852 | data | 5.36312234805 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xef000 | 0x4d50 | 0x4e00 | False | 0.730168269231 | data | 6.65913941378 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xad434 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xbdc5c | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 16580607, next used block 4294917888 | English | United States |
RT_ICON | 0xc1e84 | 0x25a8 | data | English | United States |
RT_ICON | 0xc442c | 0x10a8 | data | English | United States |
RT_ICON | 0xc54d4 | 0x988 | data | English | United States |
RT_ICON | 0xc5e5c | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc62c4 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xd6aec | 0x94a8 | data | English | United States |
RT_ICON | 0xdff94 | 0x5488 | data | English | United States |
RT_ICON | 0xe541c | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 520093696 | English | United States |
RT_ICON | 0xe9644 | 0x25a8 | data | English | United States |
RT_ICON | 0xebbec | 0x10a8 | data | English | United States |
RT_ICON | 0xecc94 | 0x988 | data | English | United States |
RT_ICON | 0xed61c | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_STRING | 0xeda84 | 0xbc | data | English | United States |
RT_STRING | 0xedb40 | 0x150 | data | English | United States |
RT_GROUP_ICON | 0xedc90 | 0x76 | data | English | United States |
RT_GROUP_ICON | 0xedd08 | 0x5a | data | English | United States |
RT_VERSION | 0xedd64 | 0x2c4 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetLastError, VirtualProtectEx, LoadLibraryA, OpenMutexA, SetConsoleOutputCP, DeviceIoControl, GetModuleFileNameA, CloseHandle, DeleteFileA, WriteConsoleW, SetStdHandle, GetStringTypeW, LoadLibraryW, WaitForMultipleObjectsEx, GetStartupInfoA, GetConsoleMode, GetConsoleCP, FlushFileBuffers, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, HeapReAlloc, CreateProcessA, Sleep, GetTickCount, SetFilePointerEx, GetCurrentProcess, UnregisterWaitEx, QueryDepthSList, InterlockedFlushSList, InterlockedPushEntrySList, InterlockedPopEntrySList, InitializeSListHead, ReleaseSemaphore, SetProcessAffinityMask, VirtualProtect, VirtualFree, VirtualAlloc, GetVersionExW, GetModuleHandleA, FreeLibraryAndExitThread, FreeLibrary, GetThreadTimes, OutputDebugStringW, FatalAppExitA, SetConsoleCtrlHandler, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCurrentProcessId, QueryPerformanceCounter, GetFileType, HeapSize, GetProcessHeap, GetModuleFileNameW, WriteFile, GetStdHandle, WideCharToMultiByte, MultiByteToWideChar, AreFileApisANSI, GetModuleHandleExW, ExitProcess, IsDebuggerPresent, UnregisterWait, RegisterWaitForSingleObject, SetThreadAffinityMask, GetProcessAffinityMask, GetNumaHighestNodeNumber, DeleteTimerQueueTimer, ChangeTimerQueueTimer, CreateTimerQueueTimer, GetLogicalProcessorInformation, GetThreadPriority, SetThreadPriority, SwitchToThread, SignalObjectAndWait, WaitForSingleObjectEx, SetEvent, DuplicateHandle, WaitForSingleObject, GetCurrentThread, GetCurrentThreadId, GetExitCodeThread, GetSystemTimeAsFileTime, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapAlloc, EncodePointer, DecodePointer, GetCommandLineA, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetProcAddress, CreateSemaphoreW, CreateThread, ExitThread, LoadLibraryExW, RaiseException, RtlUnwind, HeapFree, TryEnterCriticalSection, CreateTimerQueue, RtlCaptureStackBackTrace, CreateFileW |
USER32.dll | SetWindowTextA, CallNextHookEx, LoadBitmapA, GetClassInfoExA, EnumWindows, GetIconInfo, IsDialogMessageA, GetWindowLongA, CreateWindowExA, ReleaseDC, DefWindowProcA, CheckDlgButton, SendMessageA |
ole32.dll | OleUninitialize, CoUninitialize, CoSuspendClassObjects, OleSetContainedObject, StgCreateDocfile, OleInitialize, CoInitialize |
COMCTL32.dll | ImageList_LoadImageA, PropertySheetA, CreatePropertySheetPageA |
WINSPOOL.DRV | DeletePortA, SetPrinterDataA, DeleteFormA, SetPortA, SetPrinterDataExA, AddMonitorA, ScheduleJob, AddPrinterConnectionA, ReadPrinter, AddPrinterDriverA, GetPrinterDataA, ResetPrinterA, PrinterMessageBoxA, DeletePrintProcessorA, GetPrinterDriverDirectoryA, OpenPrinterA, AddPortA, ConfigurePortA, GetPrinterDataExA, GetJobA, AddPrinterDriverExA, ClosePrinter, DeletePrinterDataExA, DeletePrinterConnectionA, DeletePrintProvidorA, StartPagePrinter, AbortPrinter, GetPrintProcessorDirectoryA, StartDocPrinterA, GetPrinterA, AddPrinterA, DeletePrinter, DeleteMonitorA, GetPrinterDriverA, AddFormA, DeletePrinterDriverA, AddPrintProcessorA, AddPrintProvidorA, SetFormA, GetFormA, DeletePrinterDataA, AddJobA, FlushPrinter, DeletePrinterDriverExA, SetJobA, FindClosePrinterChangeNotification, DeletePrinterKeyA |
sfc.dll | SfcIsFileProtected |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | (C) 2011 Helpwould Use Corporation. All rights reserved. |
FileVersion | 14.1.55.63 |
CompanyName | Helpwould Use Corporation |
ProductName | Deathice |
ProductVersion | 14.1.55.63 |
FileDescription | Deathice The Certain |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 10, 2021 10:19:05.132442951 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:05.161484003 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:30.374675989 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:30.421969891 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:34.837275028 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:34.869575024 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:36.165678978 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:36.204112053 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:36.210340023 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:36.245728016 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:36.251956940 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:36.281806946 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:36.942980051 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:36.968125105 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:47.375231028 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:47.404503107 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:53.820420027 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:53.861109018 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:57.645234108 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:57.698267937 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:57.787600040 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:57.825162888 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:57.877547026 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:57.905914068 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:19:58.493472099 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:19:58.518064976 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:01.685537100 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:01.711956978 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:02.306881905 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:02.342616081 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:04.849231005 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:04.883297920 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:05.854645014 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:05.891288996 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:06.855720043 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:06.883229971 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:08.855616093 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:08.880660057 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:09.253700018 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:09.284195900 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:12.903430939 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:12.933722973 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:18.807650089 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:18.843106985 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:29.859675884 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:29.895231009 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:34.081785917 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:34.125212908 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:35.866754055 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:35.903292894 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:38.577629089 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:38.610976934 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:39.762187004 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:39.799251080 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:39.806381941 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:39.841535091 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:39.864919901 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:39.892956018 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:20:43.477616072 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:20:43.516566038 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Sep 10, 2021 10:21:03.289423943 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Sep 10, 2021 10:21:03.326101065 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 10, 2021 10:19:36.165678978 CEST | 192.168.2.3 | 8.8.8.8 | 0xad9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:19:36.210340023 CEST | 192.168.2.3 | 8.8.8.8 | 0xefe4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:19:36.251956940 CEST | 192.168.2.3 | 8.8.8.8 | 0x3542 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:19:47.375231028 CEST | 192.168.2.3 | 8.8.8.8 | 0xef | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:19:57.877547026 CEST | 192.168.2.3 | 8.8.8.8 | 0x54aa | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:20:39.762187004 CEST | 192.168.2.3 | 8.8.8.8 | 0x523c | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:20:39.806381941 CEST | 192.168.2.3 | 8.8.8.8 | 0xbfef | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:20:39.864919901 CEST | 192.168.2.3 | 8.8.8.8 | 0x7c23 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 10, 2021 10:19:36.204112053 CEST | 8.8.8.8 | 192.168.2.3 | 0xad9 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:19:36.245728016 CEST | 8.8.8.8 | 192.168.2.3 | 0xefe4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:19:36.281806946 CEST | 8.8.8.8 | 192.168.2.3 | 0x3542 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:19:47.404503107 CEST | 8.8.8.8 | 192.168.2.3 | 0xef | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:19:57.905914068 CEST | 8.8.8.8 | 192.168.2.3 | 0x54aa | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:20:39.799251080 CEST | 8.8.8.8 | 192.168.2.3 | 0x523c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:20:39.841535091 CEST | 8.8.8.8 | 192.168.2.3 | 0xbfef | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 10:20:39.892956018 CEST | 8.8.8.8 | 192.168.2.3 | 0x7c23 | Name error (3) | none | none | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:19:09 |
Start date: | 10/09/2021 |
Path: | C:\Users\user\Desktop\PiSUfsy.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 901960 bytes |
MD5 hash: | DDB8CC4E8E2EC81904A1407409D2E868 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 10:19:33 |
Start date: | 10/09/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecf00000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:19:33 |
Start date: | 10/09/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x350000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:20:36 |
Start date: | 10/09/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecf00000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:20:37 |
Start date: | 10/09/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x350000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|