Windows Analysis Report CGd7lq6RDL.dll
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 29 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnifv3 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnifv3 | Yara detected Ursnif | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | File opened: |
Source: | Binary string: |
Networking: |
---|
Performs DNS queries to domains with low reputation | Show sources |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Mutant created: |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key monitored for changes: |
Source: | Thread sleep time: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: |
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Path Interception | Process Injection2 | Masquerading1 | OS Credential Dumping | Query Registry1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion1 | LSASS Memory | Security Software Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection2 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information2 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing12 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen7 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
haverit.xyz | unknown | unknown | true | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 481103 |
Start date: | 10.09.2021 |
Start time: | 11:05:32 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | CGd7lq6RDL.dll (renamed file extension from dll to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.troj.evad.winEXE@7/29@8/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
11:07:06 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.7678852739688395 |
Encrypted: | false |
SSDEEP: | 48:Iw7GcprqGwpL7G/ap8jGIpcHGvnZpvDHGoERqp9p1QGo4w01pmQGWEz41ZGWEBTK:rhZyZb2lW4twAf7zw01Mfs+IqcTA2PDB |
MD5: | 91D74D68B43CCDAE94C1706D038C8A1A |
SHA1: | 8227029E9BA7F0E28E4DCC141EB41BBA47EF138A |
SHA-256: | C866FCEBE96AF3868188B0AC5293E9AE25A2D08CDBAD0933AE71F2F37BCDF248 |
SHA-512: | 476AF38E28FDF7F43F0C947BDCA7FC6EBAF67788997749C0661B13DB2A77B76DDADA362A4BF3D52162A66E0A8093557C71C62DFBFDD04E10DF1EF3AD4BA6C662 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.7653086061397365 |
Encrypted: | false |
SSDEEP: | 48:IwcGcprlGwpLVG/ap8AGIpcnGvnZpvQ8Go7zRqp9TuQGo4/zrz1pm3GW7zznz1YK:rAZvZx2wWYtDAfyzrv1MBnWIeXThRkDB |
MD5: | 0E5636275C441CD90C269D5C6EF99D80 |
SHA1: | 7F044DC2479A60F9AA3AC28957322EB0E1669E4D |
SHA-256: | A71C123B695592F824A3E57997E78CA48F243820109E60294A8170227E8BD53E |
SHA-512: | 6586B3C502ED21B6D94A343D0FA42639E3C4EED575EE88BE945350D6D3641212C410522B4020194EFDF07A26538A5BF866FCA5EDF4FE16F3B6D90ACF216E49E0 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26240 |
Entropy (8bit): | 1.6570043927330005 |
Encrypted: | false |
SSDEEP: | 48:IwO0GcprAfGwpap0G4pQ/mGrapbS0GQpBKGHHpcWTGUp8OGzYpmxQGopO3yDpGq2:rZZKQq6ABSsjR2mWiMGkMVfA |
MD5: | 7FA8DD3F4FB00A17B2C41F231E9A0E07 |
SHA1: | BDCEB0136D5E5C3394AFF432B30CF297D9A32E33 |
SHA-256: | 15E70B605701F421505DFC949C2F0273418CB913CDF5A2376B3E44354A21FF56 |
SHA-512: | 9EC4CD119B8E109C9ED5DDE75F6E32B6CC4D7E82E9B2CECBC4557EE2F644F23B6F82B60DC7D01CE81568890338C9348091AE92B757C65E4FF596D4AD6BB827BC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26240 |
Entropy (8bit): | 1.6575667429961585 |
Encrypted: | false |
SSDEEP: | 48:IwaGcprnkGwpawPG4pQ2dGrapbSiGQpBOGHHpcLTGUp81GzYpm5DGopOTyDLGqXZ:reZcQg6yBSqjd2lWLM/kWVoA |
MD5: | C81D77FE65821897EC6BDED4CDDB1153 |
SHA1: | AB2D019A9C9E781534D1ED5358C5A46C801AF633 |
SHA-256: | 1DA4003576AAD9DECA1E93655F7FFF67F88E1EEFAB0FED707374B867A076029A |
SHA-512: | 5A282CA90671A48F6BF08F62E3CE021CD9D4F652E0C2E81577283C1CE829345AA6FC582FDB115F8720A651D4203356C6B79AF8E30099A48E624BCDBBD3BC4064 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.0673004512682684 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOE84l74lMnWimI002EtM3MHdNMNxOE84l74lMnWimI00OVbVbkEtMb:2d6NxOC0MSZHKd6NxOC0MSZ7V6b |
MD5: | 720C1B6AE76C69288735B54685FF20F6 |
SHA1: | 116894018C32921C13272B3442A02A97B84FF73A |
SHA-256: | 7EF6FCC9BC4CBBDFD4D6FFA5348FCC30187B5DFDC00DA7F7D7097196BBD227F9 |
SHA-512: | 325BC40B2D093D892362D6112F4C3A4BD46CA95DC34A184881B666124E33724FEB11E44CF9C84C28E9CE693E4F208A465A8ADA131CB6BC521D87B1125EB55240 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.088537313641816 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2kjBtBRnWimI002EtM3MHdNMNxe2kjBtBRnWimI00OVbkak6EtMb:2d6NxrIBtBRSZHKd6NxrIBtBRSZ7VAan |
MD5: | 6E339B98FAEC4B8200B314938FD4C7F6 |
SHA1: | B6572CF80F6BECD31325FA024BCF4029DBD3A5AA |
SHA-256: | C6104511DC96081C1E30333DC40B46D18CF336049BE480FDBE454A4CABA52BAF |
SHA-512: | 90AA84F8B5CCFBC800C1CDC28E46BB12B1F586AD1B012122DBAAB9323EF17A5AA6D9B5E6F20491F302D577565507EAF2A5BC67D81BAF320EB8ED2339F22BD409 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 665 |
Entropy (8bit): | 5.086871044550789 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvL84l74lMnWimI002EtM3MHdNMNxvL84l74lMnWimI00OVbmZEtMb:2d6Nxv/0MSZHKd6Nxv/0MSZ7Vmb |
MD5: | 9F1828F27A4F7BED74A2D84A6130EDB4 |
SHA1: | B312E021BC2C22E7E4B8A8E641C97A488C18261D |
SHA-256: | 32E1858AEB47481FDF276C220FB0B9B4C94DEDED69F767F180A17C579437A805 |
SHA-512: | 6FF87F1A06F870FB0B7E752B790B6314FB742A637689A77523A335054694EFDD56EDBA543E848BF1FAFD10FAA28C5BA18959E68781262AAA02B03A76EC975F6A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 650 |
Entropy (8bit): | 5.075595889238291 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxijBtBRnWimI002EtM3MHdNMNxijBtBRnWimI00OVbd5EtMb:2d6NxKBtBRSZHKd6NxKBtBRSZ7VJjb |
MD5: | 6D86F9B2BC32E5AAD8FDB49FFD43F94A |
SHA1: | B2CD5F8A87D637F5C6E2C87C5CE4C459F9C7476E |
SHA-256: | C507957165F8EFB8BBD112C908FCADEB73E9C692A74F5029C760F2833DC91C3D |
SHA-512: | F98ADC890C978F2F0EBF298A459196C5CA846791B93219E20B6850CE9DC5F4F4A4795CC47815B0A048B423C261F5DA18D9CC8DD48C8582974E6F2162672F9B56 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.09846477693444 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGw84l74lMnWimI002EtM3MHdNMNxhGw84l74lMnWimI00OVb8K075Es:2d6NxQ20MSZHKd6NxQ20MSZ7VYKajb |
MD5: | 8558B33EC3D187F4FEF608A562E12D80 |
SHA1: | C23BFD2A6FF524C8A9715E511AADE7098557E533 |
SHA-256: | BCC0B19E079D29D80757A892E266CBA59A1995B3DC3A35ECAD56734F3BBA2C90 |
SHA-512: | 4C4899BB375B036EA6E4A1EFD368DB3A7B35C35C5183F47100E67294E333812B174DB5F76DE6DBEEEF2CE8274A9BF71D7E266CB7CC902576479A8F70E573F78B |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.070985183767182 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0n84l74lMnWimI002EtM3MHdNMNx0n84l74lMnWimI00OVbxEtMb:2d6Nx0D0MSZHKd6Nx0D0MSZ7Vnb |
MD5: | 94B687BCE7F42C5FCE98156DCCFE1165 |
SHA1: | EA18499D3B3777B83145C8110A688BDBE3536772 |
SHA-256: | 6CDFB7D1E0467264EE8C0418794EAADE5209140F06B5721B921F4FC81BD7EE93 |
SHA-512: | 844CD404DEFA95E66544CBE8CF705313587932E32BB694CA967ED66B70C483D816042A2C18D35BC29D3A0DA2BA08DE54DDFCEEE8BC56DF45B4DBEBC870135AD1 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.109499180513016 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxxjBtBRnWimI002EtM3MHdNMNxxjBq4lMnWimI00OVb6Kq5EtMb:2d6NxRBtBRSZHKd6NxRBtMSZ7Vob |
MD5: | D1BB70C7AEC00622B4B93AAF50742418 |
SHA1: | 3D191B22DE45823A85E2B2151842F88EA2DD159B |
SHA-256: | F25615F8A56F3B23763B8A7DD15C1C117909C685F3B7CAF6D071107EA2FCC28D |
SHA-512: | 16B4312C6D7E2410B88035B923CC410CE6C80D1C17F8C58981E1E73BFEFE387E76FBAAEB1BEF9659CFC31C5890C582E64BA9F1966C50C0DBE728246A18ACE30F |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 662 |
Entropy (8bit): | 5.0736778920006635 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxcjBtBRnWimI002EtM3MHdNMNxcjBtBRnWimI00OVbVEtMb:2d6NxQBtBRSZHKd6NxQBtBRSZ7VDb |
MD5: | 8FFB06B03840C41C277CF7B6C3EDF51C |
SHA1: | 1ABDF733FB6F9183040F0443B3206FBBBB0BB692 |
SHA-256: | E53959D9D9012CBD7602EA6E30B632AF76113536B96855F7D88602B2E770BC17 |
SHA-512: | 2D9DF8B20A60115E9F3414823CF4BCFA432D6DEF3CF992EA797BE5F5E8D83702A8D8961EE85F1F1AC67C6AAA6C3732DBB913AD4DBA2B4A766842104EA3527E87 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.061334817329456 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfnjBtBRnWimI002EtM3MHdNMNxfnjBtBRnWimI00OVbe5EtMb:2d6NxLBtBRSZHKd6NxLBtBRSZ7Vijb |
MD5: | 8A8289DB3625D7AFB565EC722F6AA989 |
SHA1: | 2551F20C55637F97DCE84BA7A9B74F5C06C474AD |
SHA-256: | 537D95D201DD28532C259CAC26D3A9E917CBBE6B4D39B25FA265B291D139802D |
SHA-512: | 71D9011162826FB05745B5FA32F94E824809588AD2155D91436853D3257FE86F51BC19F2DB6527CE4C6C8B1B97B3734EAB3781E7DE438ACF169959D94584CEB7 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 89 |
Entropy (8bit): | 4.45974266689267 |
Encrypted: | false |
SSDEEP: | 3:oVXUp0f2c8JOGXnEp0f2TLun:o9UpGqEpU |
MD5: | 2255590FBF7B2B2DE3B8ABF420E87CE1 |
SHA1: | 49D48DC36BAC1FE9D0AC98A2C981451B3A3B213F |
SHA-256: | 9230DC2F04354883072E5A1F94D04C9F618E863937CAC067992C5500F937E91C |
SHA-512: | 540B6B368FD1173F9635D3E05B936F713593123A44738FCC9C25E9D8AC8DCEC38607BA952BFA10578FA444C964EB0C5142FBF4DA653B24783CF93B040210A945 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.4085493096259837 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lo/9lo/9lWsSKMJ:kBqoIg+J |
MD5: | EBBDD5B53D8E906796F7500DD2255B8D |
SHA1: | 134C6ED30946D5C9B8D052EF9D3F5D6FEEE45602 |
SHA-256: | 578F3EE53F83BF3D32B9D77EE25801BF0F7885C1878BD52DA67151936CCFFE70 |
SHA-512: | F96DFD204FB925AEC0381AB1F9F204A1888A54300671D0B3142B5DC1C7954262DB1940F9A5853D9A877EC8AC7392B28D484C3CA4F8F48299CFBE010020E2605D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38737 |
Entropy (8bit): | 0.37139184013210086 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKAuvScS+Ye0F5I5wTyDZTyDbTyDU:kBqoxKAuvScS+Ye0FO2KQN |
MD5: | D02335560B534BE6D104EB2EB3FB9272 |
SHA1: | 3C720A2CB2EEC0F62A256E4FA314E5CD2195312F |
SHA-256: | 1602942D59034772849BAE5AF52258B4D4EFA68E4F0172BB634E09A4F551617E |
SHA-512: | 878F942F89977EFABDA185E151D19DA95B64C4696EC0E72A1043FEED165706BA4D1CD95C2CB9F7C9B11A70125173D8D706938732089399D18D5E8AA5CA21A934 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.40921707933435686 |
Encrypted: | false |
SSDEEP: | 12:c9lCg5/9lCgeK9l26an9l26an9l8fR29l8fRm9lTqRQQlF3RQlU1:c9lLh9lLh9lIn9lIn9lo29lom9lWJRqK |
MD5: | E579AF038EA387295A731A257EA4BC05 |
SHA1: | 9AF1A8BF9BDF61AEEE4C4264C454414A36B8D1C4 |
SHA-256: | 6B2DA325B9D1F280C27A0E08061DD874D86BBD80A8FF4A2282A36FF2F04471EA |
SHA-512: | 2B55CCF8366BF98FC6C5D83662C0E360B0CF4B92A91EC277C6527ABA1EB03E1C47D7B3E83BF4BC61E3309D1DCB45E783E63130821C01584FD32BAA8FB0E28E78 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38737 |
Entropy (8bit): | 0.3715571594200072 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKAuvScS+QWMNxIxw3yDZ3yDb3yDU:kBqoxKAuvScS+QWMNWu+EB |
MD5: | 7AC15FDA26FE401C71736DE922177826 |
SHA1: | FCC5B6B4616DE0E693444C8720BDBA92E4EB8FB9 |
SHA-256: | 2A0C19E55C64CB545BC8A80D78C406AD56B6477CAE0EBC9866A0E4155D1913CE |
SHA-512: | 7B2AE9C4B42A1EC744B01B7040179785CF5F90B167EBC13340E5D06B2707E535B5936B45BBD7EEA8BB56B4B74AE70D7A116C20CE8290915EE9F0F33CCF28FD1D |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.61438464019549 |
TrID: |
|
File name: | CGd7lq6RDL.exe |
File size: | 901960 |
MD5: | c7b71f03f190a5da3e4976f37194419f |
SHA1: | 8e750d01e1a5edb2c320e1b0b703b5823f241587 |
SHA256: | 930d54df724f1637f38d840e1822fa8f5cccedceb4b86d0e737e2311162e0921 |
SHA512: | d274bcc78a5916220e51036b8a24b82f165a03736fb829a76a01d96bd5c224b0624b3ebf592a5b06a5bd9d04cc5c7aff0e47bca908782dd27b226fb953f2cc6e |
SSDEEP: | 24576:v9PsA9vHAYobFGQdRPylSk61LXXh5xvZjmtk1/GqgLGS:QYyJk61bRnZjmWGGS |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........p..............`.......`.......`..........o............`......m8.......`.......`.......`......Rich........................... |
File Icon |
---|
Icon Hash: | f0b0e8e4e4e8b2dc |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1005725 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x1000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, NX_COMPAT |
Time Stamp: | 0x55E85856 [Thu Sep 3 14:25:26 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 264c61a35ad2f260d533f2d7b897c2a5 |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB |
Signature Validation Error: | No signature was present in the subject |
Error Number: | -2146762496 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8AB6A86211EE700AA961C3292ADB312D |
Thumbprint SHA-1: | A533DFA7E6AED2A9FFBE41FCEC5A8927A6EAFBBB |
Thumbprint SHA-256: | 9E0611728595A506CC2A55486FDD88ECA0971EF0B08F74CB3B3B6F5F6F3C7E27 |
Serial: | 239664C12BAEB5A6D787912888051392 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007F57C8B85450h |
jmp 00007F57C8B7E365h |
push 00000014h |
push 0108A9F8h |
call 00007F57C8B8333Ah |
call 00007F57C8B7EB3Bh |
movzx esi, ax |
push 00000002h |
call 00007F57C8B853E3h |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [01000000h], ax |
je 00007F57C8B7E366h |
xor ebx, ebx |
jmp 00007F57C8B7E395h |
mov eax, dword ptr [0100003Ch] |
cmp dword ptr [eax+01000000h], 00004550h |
jne 00007F57C8B7E34Dh |
mov ecx, 0000010Bh |
cmp word ptr [eax+01000018h], cx |
jne 00007F57C8B7E33Fh |
xor ebx, ebx |
cmp dword ptr [eax+01000074h], 0Eh |
jbe 00007F57C8B7E36Bh |
cmp dword ptr [eax+010000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007F57C8B8328Dh |
test eax, eax |
jne 00007F57C8B7E36Ah |
push 0000001Ch |
call 00007F57C8B7E487h |
pop ecx |
call 00007F57C8B8474Bh |
test eax, eax |
jne 00007F57C8B7E36Ah |
push 00000010h |
call 00007F57C8B7E476h |
pop ecx |
call 00007F57C8B8545Ch |
and dword ptr [ebp-04h], 00000000h |
call 00007F57C8B84D47h |
test eax, eax |
jns 00007F57C8B7E36Ah |
push 0000001Bh |
call 00007F57C8B7E45Ch |
pop ecx |
call dword ptr [0106A19Ch] |
mov dword ptr [010AC3A8h], eax |
call 00007F57C8B85477h |
mov dword ptr [01097A94h], eax |
call 00007F57C8B85034h |
test eax, eax |
jns 00007F57C8B7E36Ah |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8ccf8 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xad000 | 0x41028 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xda000 | 0x2348 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xef000 | 0x4d50 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x6a3b0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x87940 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x6a000 | 0x328 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x681b9 | 0x68200 | False | 0.623956613896 | data | 6.85142771967 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x6a000 | 0x23f8a | 0x24000 | False | 0.641723632812 | data | 6.36645327435 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x8e000 | 0x1e3ac | 0x7a00 | False | 0.527792008197 | data | 6.51367686644 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xad000 | 0x41028 | 0x41200 | False | 0.240744211852 | data | 5.36312234805 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xef000 | 0x4d50 | 0x4e00 | False | 0.730168269231 | data | 6.65913941378 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xad434 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xbdc5c | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 16580607, next used block 4294917888 | English | United States |
RT_ICON | 0xc1e84 | 0x25a8 | data | English | United States |
RT_ICON | 0xc442c | 0x10a8 | data | English | United States |
RT_ICON | 0xc54d4 | 0x988 | data | English | United States |
RT_ICON | 0xc5e5c | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc62c4 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xd6aec | 0x94a8 | data | English | United States |
RT_ICON | 0xdff94 | 0x5488 | data | English | United States |
RT_ICON | 0xe541c | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 520093696 | English | United States |
RT_ICON | 0xe9644 | 0x25a8 | data | English | United States |
RT_ICON | 0xebbec | 0x10a8 | data | English | United States |
RT_ICON | 0xecc94 | 0x988 | data | English | United States |
RT_ICON | 0xed61c | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_STRING | 0xeda84 | 0xbc | data | English | United States |
RT_STRING | 0xedb40 | 0x150 | data | English | United States |
RT_GROUP_ICON | 0xedc90 | 0x76 | data | English | United States |
RT_GROUP_ICON | 0xedd08 | 0x5a | data | English | United States |
RT_VERSION | 0xedd64 | 0x2c4 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetLastError, VirtualProtectEx, LoadLibraryA, OpenMutexA, SetConsoleOutputCP, DeviceIoControl, GetModuleFileNameA, CloseHandle, DeleteFileA, WriteConsoleW, SetStdHandle, GetStringTypeW, LoadLibraryW, WaitForMultipleObjectsEx, GetStartupInfoA, GetConsoleMode, GetConsoleCP, FlushFileBuffers, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, HeapReAlloc, CreateProcessA, Sleep, GetTickCount, SetFilePointerEx, GetCurrentProcess, UnregisterWaitEx, QueryDepthSList, InterlockedFlushSList, InterlockedPushEntrySList, InterlockedPopEntrySList, InitializeSListHead, ReleaseSemaphore, SetProcessAffinityMask, VirtualProtect, VirtualFree, VirtualAlloc, GetVersionExW, GetModuleHandleA, FreeLibraryAndExitThread, FreeLibrary, GetThreadTimes, OutputDebugStringW, FatalAppExitA, SetConsoleCtrlHandler, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCurrentProcessId, QueryPerformanceCounter, GetFileType, HeapSize, GetProcessHeap, GetModuleFileNameW, WriteFile, GetStdHandle, WideCharToMultiByte, MultiByteToWideChar, AreFileApisANSI, GetModuleHandleExW, ExitProcess, IsDebuggerPresent, UnregisterWait, RegisterWaitForSingleObject, SetThreadAffinityMask, GetProcessAffinityMask, GetNumaHighestNodeNumber, DeleteTimerQueueTimer, ChangeTimerQueueTimer, CreateTimerQueueTimer, GetLogicalProcessorInformation, GetThreadPriority, SetThreadPriority, SwitchToThread, SignalObjectAndWait, WaitForSingleObjectEx, SetEvent, DuplicateHandle, WaitForSingleObject, GetCurrentThread, GetCurrentThreadId, GetExitCodeThread, GetSystemTimeAsFileTime, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapAlloc, EncodePointer, DecodePointer, GetCommandLineA, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetProcAddress, CreateSemaphoreW, CreateThread, ExitThread, LoadLibraryExW, RaiseException, RtlUnwind, HeapFree, TryEnterCriticalSection, CreateTimerQueue, RtlCaptureStackBackTrace, CreateFileW |
USER32.dll | EnumWindows, SetWindowTextA, GetClassInfoExA, CallNextHookEx, DefWindowProcA, GetWindowLongA, IsDialogMessageA, CheckDlgButton, SendMessageA, CreateWindowExA, GetIconInfo, LoadBitmapA, ReleaseDC |
ole32.dll | CoUninitialize, OleSetContainedObject, OleInitialize, CoSuspendClassObjects, OleUninitialize, StgCreateDocfile, CoInitialize |
COMCTL32.dll | ImageList_LoadImageA, PropertySheetA, CreatePropertySheetPageA |
WINSPOOL.DRV | DeletePortA, SetPrinterDataA, DeleteFormA, SetPortA, SetPrinterDataExA, AddMonitorA, ScheduleJob, AddPrinterConnectionA, ReadPrinter, AddPrinterDriverA, GetPrinterDataA, ResetPrinterA, PrinterMessageBoxA, DeletePrintProcessorA, GetPrinterDriverDirectoryA, OpenPrinterA, AddPortA, ConfigurePortA, GetPrinterDataExA, GetJobA, AddPrinterDriverExA, ClosePrinter, DeletePrinterDataExA, DeletePrinterConnectionA, DeletePrintProvidorA, StartPagePrinter, AbortPrinter, GetPrintProcessorDirectoryA, StartDocPrinterA, GetPrinterA, AddPrinterA, DeletePrinter, DeleteMonitorA, GetPrinterDriverA, AddFormA, DeletePrinterDriverA, AddPrintProcessorA, AddPrintProvidorA, SetFormA, GetFormA, DeletePrinterDataA, AddJobA, FlushPrinter, DeletePrinterDriverExA, SetJobA, FindClosePrinterChangeNotification, DeletePrinterKeyA |
sfc.dll | SfcIsFileProtected |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | (C) 2011 Helpwould Use Corporation. All rights reserved. |
FileVersion | 14.1.55.63 |
CompanyName | Helpwould Use Corporation |
ProductName | Deathice |
ProductVersion | 14.1.55.63 |
FileDescription | Deathice The Certain |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 10, 2021 11:06:21.448654890 CEST | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:06:21.493897915 CEST | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:06:53.865333080 CEST | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:06:53.929404020 CEST | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:06:53.964871883 CEST | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:06:54.011905909 CEST | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:06:55.753245115 CEST | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:06:55.780266047 CEST | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:06:55.787014008 CEST | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:06:55.822834015 CEST | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:06:55.827631950 CEST | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:06:55.860533953 CEST | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:07.075915098 CEST | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:07.111475945 CEST | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:16.884601116 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:16.909770966 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:17.181979895 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:17.209393978 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:17.486625910 CEST | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:17.522180080 CEST | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:18.008420944 CEST | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:18.049886942 CEST | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:18.152832985 CEST | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:18.185734987 CEST | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:18.950604916 CEST | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:18.986200094 CEST | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:20.110042095 CEST | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:20.145612955 CEST | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:20.922857046 CEST | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:20.947657108 CEST | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:21.460520983 CEST | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:21.487721920 CEST | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:22.586220980 CEST | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:22.615192890 CEST | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:23.401758909 CEST | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:23.430073977 CEST | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:23.976695061 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:24.002204895 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:24.023852110 CEST | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:24.059715033 CEST | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:25.023277998 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:25.052836895 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:26.065984011 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:26.091372967 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:28.112319946 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:28.141316891 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:32.175029039 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:32.200123072 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:34.064095020 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:34.101579905 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:53.886810064 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:53.924086094 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:57.867489100 CEST | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:57.895629883 CEST | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:59.157938004 CEST | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:59.194992065 CEST | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:59.203895092 CEST | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:59.235157013 CEST | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:07:59.246572971 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:07:59.282083988 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:08:11.272790909 CEST | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:08:11.318645954 CEST | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Sep 10, 2021 11:08:12.740608931 CEST | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Sep 10, 2021 11:08:12.786256075 CEST | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 10, 2021 11:06:55.753245115 CEST | 192.168.2.6 | 8.8.8.8 | 0x8a0a | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:06:55.787014008 CEST | 192.168.2.6 | 8.8.8.8 | 0x12f1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:06:55.827631950 CEST | 192.168.2.6 | 8.8.8.8 | 0x1e50 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:07:07.075915098 CEST | 192.168.2.6 | 8.8.8.8 | 0x1875 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:07:17.181979895 CEST | 192.168.2.6 | 8.8.8.8 | 0x5c25 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:07:59.157938004 CEST | 192.168.2.6 | 8.8.8.8 | 0xa945 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:07:59.203895092 CEST | 192.168.2.6 | 8.8.8.8 | 0xb867 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:07:59.246572971 CEST | 192.168.2.6 | 8.8.8.8 | 0x195d | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 10, 2021 11:06:55.780266047 CEST | 8.8.8.8 | 192.168.2.6 | 0x8a0a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:06:55.822834015 CEST | 8.8.8.8 | 192.168.2.6 | 0x12f1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:06:55.860533953 CEST | 8.8.8.8 | 192.168.2.6 | 0x1e50 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:07:07.111475945 CEST | 8.8.8.8 | 192.168.2.6 | 0x1875 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:07:17.209393978 CEST | 8.8.8.8 | 192.168.2.6 | 0x5c25 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:07:59.194992065 CEST | 8.8.8.8 | 192.168.2.6 | 0xa945 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:07:59.235157013 CEST | 8.8.8.8 | 192.168.2.6 | 0xb867 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 10, 2021 11:07:59.282083988 CEST | 8.8.8.8 | 192.168.2.6 | 0x195d | Name error (3) | none | none | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 11:06:27 |
Start date: | 10/09/2021 |
Path: | C:\Users\user\Desktop\CGd7lq6RDL.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 901960 bytes |
MD5 hash: | C7B71F03F190A5DA3E4976F37194419F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 11:06:53 |
Start date: | 10/09/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff721e20000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:06:54 |
Start date: | 10/09/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x910000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:07:57 |
Start date: | 10/09/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff721e20000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:07:58 |
Start date: | 10/09/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x910000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|