Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report BK635636736_BOOKING CONFIRMATION.exe

Overview

General Information

Sample Name:BK635636736_BOOKING CONFIRMATION.exe
Analysis ID:482251
MD5:da33aac5f666cb19e32c78e1e8ddfeef
SHA1:7a1c547f1c38b9fe7b3a651787c863d490d294cc
SHA256:2217f0ae6d8b681ae360e36dd03619b29c17bae98dbca0db4a9723ca0a386d37
Tags:exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
GuLoader behavior detected
Hides threads from debuggers
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Creates a DirectInput object (often for capturing keystrokes)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file contains strange resources
Contains functionality to read the PEB
Uses code obfuscation techniques (call, push, ret)
Checks if the current process is being debugged
Detected potential crypto function
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Abnormal high CPU Usage

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: BK635636736_BOOKING CONFIRMATION.exeVirustotal: Detection: 26%Perma Link
Source: BK635636736_BOOKING CONFIRMATION.exeReversingLabs: Detection: 18%
Source: BK635636736_BOOKING CONFIRMATION.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownDNS traffic detected: queries for: jenniferscarscda.com
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000000.00000002.461454488.000000000069A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: BK635636736_BOOKING CONFIRMATION.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000000.00000002.461748038.0000000002B70000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamefluor.exeFE2XKareo vs BK635636736_BOOKING CONFIRMATION.exe
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000000.00000002.461353171.0000000000449000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamefluor.exe vs BK635636736_BOOKING CONFIRMATION.exe
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000016.00000000.460434910.0000000000449000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamefluor.exe vs BK635636736_BOOKING CONFIRMATION.exe
Source: BK635636736_BOOKING CONFIRMATION.exeBinary or memory string: OriginalFilenamefluor.exe vs BK635636736_BOOKING CONFIRMATION.exe
Source: BK635636736_BOOKING CONFIRMATION.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: BK635636736_BOOKING CONFIRMATION.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02330F230_2_02330F23
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233AFFE0_2_0233AFFE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02330CBA0_2_02330CBA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233189E0_2_0233189E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023305830_2_02330583
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023399FB0_2_023399FB
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A2320_2_0233A232
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02340E330_2_02340E33
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02332A380_2_02332A38
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233663F0_2_0233663F
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02331E3E0_2_02331E3E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233963C0_2_0233963C
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023392260_2_02339226
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339E280_2_02339E28
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023322110_2_02332211
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023316140_2_02331614
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233421F0_2_0233421F
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338E7A0_2_02338E7A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233167E0_2_0233167E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339A7C0_2_02339A7C
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023392630_2_02339263
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023326620_2_02332662
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023412670_2_02341267
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02335A660_2_02335A66
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233566F0_2_0233566F
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233AE570_2_0233AE57
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023342550_2_02334255
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233765F0_2_0233765F
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338A430_2_02338A43
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233BE440_2_0233BE44
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338A4D0_2_02338A4D
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023312B60_2_023312B6
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023342B50_2_023342B5
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02340EB20_2_02340EB2
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023362BA0_2_023362BA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338ABA0_2_02338ABA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338EBD0_2_02338EBD
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023396BD0_2_023396BD
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02334E910_2_02334E91
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233BE900_2_0233BE90
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339E970_2_02339E97
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02331E940_2_02331E94
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02333A9A0_2_02333A9A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023366860_2_02336686
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023376860_2_02337686
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02332A8A0_2_02332A8A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02331EF70_2_02331EF7
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02335EF60_2_02335EF6
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023432FE0_2_023432FE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02332AFE0_2_02332AFE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339AE60_2_02339AE6
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023356EE0_2_023356EE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023312EC0_2_023312EC
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023322D30_2_023322D3
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023366D30_2_023366D3
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023326D00_2_023326D0
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02335ADE0_2_02335ADE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023376DE0_2_023376DE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023312CE0_2_023312CE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02335ECD0_2_02335ECD
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338F200_2_02338F20
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023323260_2_02332326
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338B2B0_2_02338B2B
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023353280_2_02335328
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233132E0_2_0233132E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233632E0_2_0233632E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233BF100_2_0233BF10
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233671A0_2_0233671A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023357760_2_02335776
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233837A0_2_0233837A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233137D0_2_0233137D
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338F620_2_02338F62
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023353670_2_02335367
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02335F6A0_2_02335F6A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02332B6E0_2_02332B6E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023377560_2_02337756
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023313580_2_02331358
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A3420_2_0233A342
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233FF420_2_0233FF42
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023323B20_2_023323B2
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02331FB10_2_02331FB1
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233BFB90_2_0233BFB9
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02341BBA0_2_02341BBA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023363A20_2_023363A2
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338BA70_2_02338BA7
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023357A60_2_023357A6
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023397AE0_2_023397AE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02340FAA0_2_02340FAA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023367920_2_02336792
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023433980_2_02343398
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339F9F0_2_02339F9F
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02330B9C0_2_02330B9C
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023393820_2_02339382
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023383E70_2_023383E7
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023313EB0_2_023313EB
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02340BEF0_2_02340BEF
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339BD00_2_02339BD0
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02330BDB0_2_02330BDB
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02332BDE0_2_02332BDE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02335FDE0_2_02335FDE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023377CA0_2_023377CA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023327C80_2_023327C8
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233B03A0_2_0233B03A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023390230_2_02339023
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338C200_2_02338C20
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02332C260_2_02332C26
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023398260_2_02339826
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233202F0_2_0233202F
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233241A0_2_0233241A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233641A0_2_0233641A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233580E0_2_0233580E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233987B0_2_0233987B
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023394660_2_02339466
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233C86D0_2_0233C86D
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023314550_2_02331455
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339C430_2_02339C43
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023328420_2_02332842
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02335C420_2_02335C42
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023378460_2_02337846
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233604E0_2_0233604E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02335CB20_2_02335CB2
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339CB40_2_02339CB4
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023320A10_2_023320A1
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023390A00_2_023390A0
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023328A60_2_023328A6
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02332C960_2_02332C96
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0234109A0_2_0234109A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023374810_2_02337481
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023358860_2_02335886
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023324840_2_02332484
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338C8F0_2_02338C8F
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233648E0_2_0233648E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023304FA0_2_023304FA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023358FA0_2_023358FA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023398FF0_2_023398FF
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02331CE70_2_02331CE7
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A0DA0_2_0233A0DA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02340CC30_2_02340CC3
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023314C80_2_023314C8
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02337D330_2_02337D33
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023315300_2_02331530
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023361360_2_02336136
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233AD360_2_0233AD36
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023389390_2_02338939
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A1260_2_0233A126
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233912B0_2_0233912B
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339D1E0_2_02339D1E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023311020_2_02331102
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0234110E0_2_0234110E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233290E0_2_0233290E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338D0C0_2_02338D0C
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023325770_2_02332577
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023329760_2_02332976
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233657A0_2_0233657A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0234117E0_2_0234117E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233757E0_2_0233757E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023385670_2_02338567
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023399680_2_02339968
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233955B0_2_0233955B
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339DB10_2_02339DB1
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023361BE0_2_023361BE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A1A10_2_0233A1A1
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023391A40_2_023391A4
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02330F23 NtWriteVirtualMemory,LoadLibraryA,0_2_02330F23
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233189E NtWriteVirtualMemory,TerminateProcess,LoadLibraryA,0_2_0233189E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023431BA NtProtectVirtualMemory,0_2_023431BA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02330583 NtWriteVirtualMemory,0_2_02330583
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023399FB NtWriteVirtualMemory,TerminateProcess,CreateFileA,NtAllocateVirtualMemory,0_2_023399FB
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A232 NtWriteVirtualMemory,0_2_0233A232
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233963C NtWriteVirtualMemory,0_2_0233963C
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339226 NtWriteVirtualMemory,0_2_02339226
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339E28 NtWriteVirtualMemory,0_2_02339E28
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233B62D NtAllocateVirtualMemory,0_2_0233B62D
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233421F NtWriteVirtualMemory,0_2_0233421F
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338E7A NtWriteVirtualMemory,0_2_02338E7A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339A7C NtWriteVirtualMemory,0_2_02339A7C
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339263 NtWriteVirtualMemory,0_2_02339263
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338A43 NtWriteVirtualMemory,0_2_02338A43
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338A4D NtWriteVirtualMemory,0_2_02338A4D
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338ABA NtWriteVirtualMemory,0_2_02338ABA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338EBD NtWriteVirtualMemory,0_2_02338EBD
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023396BD NtWriteVirtualMemory,0_2_023396BD
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339E97 NtWriteVirtualMemory,0_2_02339E97
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233B69E NtAllocateVirtualMemory,0_2_0233B69E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339AE6 NtWriteVirtualMemory,0_2_02339AE6
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A2C2 NtWriteVirtualMemory,0_2_0233A2C2
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338F20 NtWriteVirtualMemory,0_2_02338F20
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338B2B NtWriteVirtualMemory,0_2_02338B2B
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338F62 NtWriteVirtualMemory,0_2_02338F62
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A342 NtWriteVirtualMemory,0_2_0233A342
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233FF42 NtWriteVirtualMemory,0_2_0233FF42
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338BA7 NtWriteVirtualMemory,0_2_02338BA7
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023397AE NtWriteVirtualMemory,0_2_023397AE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339F9F NtWriteVirtualMemory,0_2_02339F9F
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339382 NtWriteVirtualMemory,0_2_02339382
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233B784 NtAllocateVirtualMemory,0_2_0233B784
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233B7F9 NtAllocateVirtualMemory,0_2_0233B7F9
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02340BEF NtWriteVirtualMemory,0_2_02340BEF
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339BD0 NtWriteVirtualMemory,0_2_02339BD0
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339023 NtWriteVirtualMemory,0_2_02339023
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338C20 NtWriteVirtualMemory,0_2_02338C20
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339826 NtWriteVirtualMemory,0_2_02339826
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233B876 NtAllocateVirtualMemory,0_2_0233B876
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233987B NtWriteVirtualMemory,0_2_0233987B
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339466 NtWriteVirtualMemory,0_2_02339466
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339C43 NtWriteVirtualMemory,0_2_02339C43
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339CB4 NtWriteVirtualMemory,0_2_02339CB4
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023390A0 NtWriteVirtualMemory,0_2_023390A0
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338C8F NtWriteVirtualMemory,0_2_02338C8F
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023398FF NtWriteVirtualMemory,0_2_023398FF
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A0DA NtWriteVirtualMemory,0_2_0233A0DA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233B532 NtAllocateVirtualMemory,0_2_0233B532
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233B530 NtAllocateVirtualMemory,0_2_0233B530
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338939 NtWriteVirtualMemory,0_2_02338939
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A126 NtWriteVirtualMemory,0_2_0233A126
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233912B NtWriteVirtualMemory,0_2_0233912B
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339D1E NtWriteVirtualMemory,0_2_02339D1E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02338D0C NtWriteVirtualMemory,0_2_02338D0C
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233B574 NtAllocateVirtualMemory,0_2_0233B574
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339968 NtWriteVirtualMemory,0_2_02339968
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233955B NtWriteVirtualMemory,0_2_0233955B
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02339DB1 NtWriteVirtualMemory,0_2_02339DB1
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233A1A1 NtWriteVirtualMemory,0_2_0233A1A1
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_023391A4 NtWriteVirtualMemory,0_2_023391A4
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess Stats: CPU usage > 98%
Source: BK635636736_BOOKING CONFIRMATION.exeVirustotal: Detection: 26%
Source: BK635636736_BOOKING CONFIRMATION.exeReversingLabs: Detection: 18%
Source: BK635636736_BOOKING CONFIRMATION.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe 'C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe'
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess created: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe 'C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe'
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess created: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe 'C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe' Jump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: classification engineClassification label: mal68.troj.evad.winEXE@3/0@1/1
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: BK635636736_BOOKING CONFIRMATION.exeStatic PE information: real checksum: 0x7532e should be: 0x7b7a8
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_00403A25 push cs; iretd 0_2_00403A95
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_004076EE push ebp; retf 0_2_004076EF
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00561C44 push es; retn 0056h22_2_00561C45
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00561815 push ds; iretd 22_2_005618E9
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_0056342A push edi; ret 22_2_0056342B
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_0056708B push FFFFFF97h; ret 22_2_0056708D
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_0056211A push 94F7E348h; ret 22_2_00562155
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00563904 push edx; ret 22_2_00563905
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_005641C2 push esi; ret 22_2_005641C3
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00563DB0 push esp; retn 0056h22_2_00563DB1
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00567A44 push ebp; retn 0056h22_2_00567AA5
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00561E2F push ds; iretd 22_2_00561E8B
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_005636CC push edx; ret 22_2_0056385D
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_005662E6 push ebx; ret 22_2_00566275
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00567ABC push ebp; retn 0056h22_2_00567AD9
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00565F74 push esi; iretd 22_2_00565F81
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00562F73 push edi; ret 22_2_00562F75
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00564F6B push edx; ret 22_2_00564F7D
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_005637C6 push edx; ret 22_2_0056385D
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 22_2_00562B8F push edx; ret 22_2_00562B91
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Tries to detect Any.runShow sources
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000000.00000002.461755682.0000000002C70000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000000.00000002.461454488.000000000069A000.00000004.00000020.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02340785 rdtsc 0_2_02340785
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeSystem information queried: ModuleInformationJump to behavior
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000000.00000002.461755682.0000000002C70000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000000.00000002.461454488.000000000069A000.00000004.00000020.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Anti Debugging:

barindex
Hides threads from debuggersShow sources
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233F281 mov eax, dword ptr fs:[00000030h]0_2_0233F281
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02335ECD mov eax, dword ptr fs:[00000030h]0_2_02335ECD
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233FF72 mov eax, dword ptr fs:[00000030h]0_2_0233FF72
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233FF6D mov eax, dword ptr fs:[00000030h]0_2_0233FF6D
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02341BBA mov eax, dword ptr fs:[00000030h]0_2_02341BBA
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02337481 mov eax, dword ptr fs:[00000030h]0_2_02337481
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233757E mov eax, dword ptr fs:[00000030h]0_2_0233757E
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233AD4A mov eax, dword ptr fs:[00000030h]0_2_0233AD4A
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_02340785 rdtsc 0_2_02340785
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeCode function: 0_2_0233CFB6 LdrInitializeThunk,0_2_0233CFB6
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeProcess created: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe 'C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe' Jump to behavior
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000016.00000002.745686034.0000000000E70000.00000002.00020000.sdmpBinary or memory string: Program Manager
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000016.00000002.745686034.0000000000E70000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000016.00000002.745686034.0000000000E70000.00000002.00020000.sdmpBinary or memory string: Progman
Source: BK635636736_BOOKING CONFIRMATION.exe, 00000016.00000002.745686034.0000000000E70000.00000002.00020000.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exeQueries volume information: C:\ VolumeInformationJump to behavior

Stealing of Sensitive Information:

barindex
GuLoader behavior detectedShow sources
Source: Initial fileSignature Results: GuLoader behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection12Virtualization/Sandbox Evasion21Input Capture1Security Software Discovery321Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection12LSASS MemoryVirtualization/Sandbox Evasion21Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery12Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
BK635636736_BOOKING CONFIRMATION.exe26%VirustotalBrowse
BK635636736_BOOKING CONFIRMATION.exe18%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
jenniferscarscda.com
194.76.224.53
truefalse
    		unknown

    Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public

    IPDomainCountryFlagASNASN NameMalicious
    194.76.224.53
    		jenniferscarscda.comGermany
    		42708PORTLANEwwwportlanecomSEfalse

    General Information

    Joe Sandbox Version:33.0.0 White Diamond
    Analysis ID:482251
    Start date:13.09.2021
    Start time:15:29:03
    Joe Sandbox Product:CloudBasic
    Overall analysis duration:0h 8m 55s
    Hypervisor based Inspection enabled:false
    Report type:full
    Sample file name:BK635636736_BOOKING CONFIRMATION.exe
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
    Number of analysed new started processes analysed:31
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • HDC enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:MAL
    Classification:mal68.troj.evad.winEXE@3/0@1/1
    EGA Information:Failed
    HDC Information:
    • Successful, ratio: 4% (good quality ratio 2.3%)
    • Quality average: 29.9%
    • Quality standard deviation: 27.3%
    HCA Information:
    • Successful, ratio: 76%
    • Number of executed functions: 131
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Adjust boot time
    • Enable AMSI
    • Found application associated with file extension: .exe
    • Override analysis time to 240s for sample files taking high CPU consumption
    Warnings:
    Show All
    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
    • Excluded IPs from analysis (whitelisted): 23.211.4.86, 20.82.210.154, 173.222.108.226, 173.222.108.210, 40.112.88.60, 20.49.157.6, 80.67.82.235, 80.67.82.211, 20.54.110.249
    • Excluded domains from analysis (whitelisted): fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing disassembly code.
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
    194.76.224.53FC748478532_OCTOBER-SHIPMENT.exeGet hashmaliciousBrowse

      Domains

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      jenniferscarscda.comFC748478532_OCTOBER-SHIPMENT.exeGet hashmaliciousBrowse
      • 194.76.224.53

      ASN

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      PORTLANEwwwportlanecomSEFC748478532_OCTOBER-SHIPMENT.exeGet hashmaliciousBrowse
      • 194.76.224.53
      j3LQELTT0mGet hashmaliciousBrowse
      • 188.126.80.93
      4nLik56DrDGet hashmaliciousBrowse
      • 195.190.241.186
      message.htmlGet hashmaliciousBrowse
      • 185.117.88.178
      qKxXZuMvtPGet hashmaliciousBrowse
      • 5.254.217.55
      DF7049B8C4D704376BE3920232B1BA6B2C8CF2FF0F9CF.exeGet hashmaliciousBrowse
      • 46.21.100.248
      DF7049B8C4D704376BE3920232B1BA6B2C8CF2FF0F9CF.exeGet hashmaliciousBrowse
      • 46.21.100.248
      XwQCL6wkKkGet hashmaliciousBrowse
      • 188.126.80.93
      document.htm .exeGet hashmaliciousBrowse
      • 159.253.31.95
      ATTACHMENT.exeGet hashmaliciousBrowse
      • 159.253.31.95
      ihdgexm.exeGet hashmaliciousBrowse
      • 159.253.31.95
      letter.exeGet hashmaliciousBrowse
      • 159.253.31.95
      readme.exeGet hashmaliciousBrowse
      • 159.253.31.95
      ATTACHMENT.exeGet hashmaliciousBrowse
      • 159.253.31.95
      ihdgexm.exeGet hashmaliciousBrowse
      • 159.253.31.95
      letter.exeGet hashmaliciousBrowse
      • 159.253.31.95
      readme.exeGet hashmaliciousBrowse
      • 159.253.31.95
      adjunto.vbsGet hashmaliciousBrowse
      • 188.126.90.9
      document.exeGet hashmaliciousBrowse
      • 159.253.31.95
      document.exeGet hashmaliciousBrowse
      • 159.253.31.95

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:PE32 executable (GUI) Intel 80386, for MS Windows
      Entropy (8bit):4.2376796964620915
      TrID:
      • Win32 Executable (generic) a (10002005/4) 99.15%
      • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
      • Generic Win/DOS Executable (2004/3) 0.02%
      • DOS Executable Generic (2002/1) 0.02%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
      File name:BK635636736_BOOKING CONFIRMATION.exe
      File size:471040
      MD5:da33aac5f666cb19e32c78e1e8ddfeef
      SHA1:7a1c547f1c38b9fe7b3a651787c863d490d294cc
      SHA256:2217f0ae6d8b681ae360e36dd03619b29c17bae98dbca0db4a9723ca0a386d37
      SHA512:5d803cc17e24157b27db6c0392399b5d1835b7c3eefecd272025a127059a6cfba5e4d8126b418e0b0a172f9f78972246f82500eb688c6a3836be84d9e089ff35
      SSDEEP:6144:xqqadRaFlGCfS/GLUCffBfRfBfBG/qFGGGGGGGG0GGGGGGGGGGGGGGGGGGLGGGGR:xdnFMnDeJDFE
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W...W...W...K...W...u...W...q...W..Rich.W..........................PE..L....E.K.................`..........H........p....@

      File Icon

      Icon Hash:70f0a235b1b2f071

      Static PE Info

      General

      Entrypoint:0x401448
      Entrypoint Section:.text
      Digitally signed:false
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      DLL Characteristics:
      Time Stamp:0x4B8B45E6 [Mon Mar 1 04:43:18 2010 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:4
      OS Version Minor:0
      File Version Major:4
      File Version Minor:0
      Subsystem Version Major:4
      Subsystem Version Minor:0
      Import Hash:01b006fd37878659f6f60ca0efdc2460

      Entrypoint Preview

      Instruction
      push 00418EDCh
      call 00007F7784D845E5h
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      xor byte ptr [eax], al
      add byte ptr [eax], al
      inc eax
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add al, al
      xchg eax, ebx
      adc al, al
      mov ebx, 87493F72h
      mov eax, dword ptr [BEE05570h]
      in eax, dx
      mov ah, 00h
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [ecx], al
      add byte ptr [eax], al
      add byte ptr [eax], ah
      and byte ptr [ebx+6Ch], al
      imul esp, dword ptr [ebp+6Ch], 6C656D61h
      insb
      imul esp, dword ptr [edx+72h], 68636E61h
      add byte ptr [eax], ah
      and byte ptr [eax], al
      add byte ptr [eax], al
      add bh, bh
      int3
      xor dword ptr [eax], eax
      push cs
      lds edi, fword ptr [esp+ebx]
      imul ebp, dword ptr [eax], A0h
      dec dword ptr [ebp-41h]
      daa
      push eax
      jmp dword ptr [ebx+72h]
      insd
      inc ecx
      mov cl, F4h
      int3
      jo 00007F7784D84572h
      push edx
      adc byte ptr [edi-51h], cl
      pop esi
      and byte ptr [edx+edx*4+3A53821Dh], cl
      dec edi
      lodsd
      xor ebx, dword ptr [ecx-48EE309Ah]
      or al, 00h
      stosb
      add byte ptr [eax-2Dh], ah
      xchg eax, ebx
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      add byte ptr [eax], al
      and edi, dword ptr [eax+01h]
      add bh, cl
      jne 00007F7784D845F3h
      add byte ptr [eax], al
      or al, byte ptr [eax]
      push ebx
      jbe 00007F7784D84653h
      insb
      jc 00007F7784D84662h
      outsb
      add byte ptr [4B000B01h], cl
      inc ecx
      dec ebp
      inc edx

      Data Directories

      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x45cb40x28.text
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x490000x2a13e.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2380x20
      IMAGE_DIRECTORY_ENTRY_IAT0x10000x134.text
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000x451e80x46000False0.270354352679data4.80062436371IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      .data0x470000x148c0x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
      .rsrc0x490000x2a13e0x2b000False0.162342160247data3.15700240055IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

      Resources

      NameRVASizeTypeLanguageCountry
      RT_ICON0x72bd60x568GLS_BINARY_LSB_FIRST
      RT_ICON0x7276e0x468GLS_BINARY_LSB_FIRST
      RT_ICON0x720a60x6c8data
      RT_ICON0x7171e0x988data
      RT_ICON0x70e760x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0
      RT_ICON0x6fdce0x10a8data
      RT_ICON0x6ef260xea8data
      RT_ICON0x6c97e0x25a8data
      RT_ICON0x687560x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 16711679, next used block 4294934272
      RT_ICON0x632ce0x5488data
      RT_ICON0x59e260x94a8data
      RT_ICON0x495fe0x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
      RT_GROUP_ICON0x495500xaedata
      RT_VERSION0x493000x250dataEnglishUnited States

      Imports

      DLLImport
      MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaErase, __vbaChkstk, EVENT_SINK_AddRef, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaDateVar, _CIlog, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, __vbaVarCopy, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

      Version Infos

      DescriptionData
      Translation0x0409 0x04b0
      InternalNamefluor
      FileVersion1.00
      CompanyNameKareo
      CommentsKareo
      ProductNameKareo
      ProductVersion1.00
      FileDescriptionKareo
      OriginalFilenamefluor.exe

      Possible Origin

      Language of compilation systemCountry where language is spokenMap
      EnglishUnited States

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Sep 13, 2021 15:33:52.177184105 CEST49789443192.168.2.3194.76.224.53
      Sep 13, 2021 15:33:52.177228928 CEST44349789194.76.224.53192.168.2.3
      Sep 13, 2021 15:33:52.177458048 CEST49789443192.168.2.3194.76.224.53
      Sep 13, 2021 15:33:52.206892014 CEST49789443192.168.2.3194.76.224.53
      Sep 13, 2021 15:33:52.206916094 CEST44349789194.76.224.53192.168.2.3

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Sep 13, 2021 15:30:21.033523083 CEST5020053192.168.2.38.8.8.8
      Sep 13, 2021 15:30:21.073952913 CEST53502008.8.8.8192.168.2.3
      Sep 13, 2021 15:30:25.464819908 CEST5128153192.168.2.38.8.8.8
      Sep 13, 2021 15:30:25.492264032 CEST53512818.8.8.8192.168.2.3
      Sep 13, 2021 15:30:45.091289997 CEST4919953192.168.2.38.8.8.8
      Sep 13, 2021 15:30:45.128489017 CEST53491998.8.8.8192.168.2.3
      Sep 13, 2021 15:30:51.771040916 CEST5062053192.168.2.38.8.8.8
      Sep 13, 2021 15:30:51.812335968 CEST53506208.8.8.8192.168.2.3
      Sep 13, 2021 15:31:03.013622999 CEST6493853192.168.2.38.8.8.8
      Sep 13, 2021 15:31:03.055080891 CEST53649388.8.8.8192.168.2.3
      Sep 13, 2021 15:31:07.033659935 CEST6015253192.168.2.38.8.8.8
      Sep 13, 2021 15:31:07.077682018 CEST53601528.8.8.8192.168.2.3
      Sep 13, 2021 15:31:41.544779062 CEST5754453192.168.2.38.8.8.8
      Sep 13, 2021 15:31:41.578778982 CEST53575448.8.8.8192.168.2.3
      Sep 13, 2021 15:31:44.004468918 CEST5598453192.168.2.38.8.8.8
      Sep 13, 2021 15:31:44.040186882 CEST53559848.8.8.8192.168.2.3
      Sep 13, 2021 15:32:45.668200970 CEST6418553192.168.2.38.8.8.8
      Sep 13, 2021 15:32:45.716308117 CEST53641858.8.8.8192.168.2.3
      Sep 13, 2021 15:32:47.020970106 CEST6511053192.168.2.38.8.8.8
      Sep 13, 2021 15:32:47.093579054 CEST53651108.8.8.8192.168.2.3
      Sep 13, 2021 15:32:47.607063055 CEST5836153192.168.2.38.8.8.8
      Sep 13, 2021 15:32:47.635957003 CEST53583618.8.8.8192.168.2.3
      Sep 13, 2021 15:32:47.966913939 CEST6349253192.168.2.38.8.8.8
      Sep 13, 2021 15:32:47.999408007 CEST53634928.8.8.8192.168.2.3
      Sep 13, 2021 15:32:48.498558998 CEST6083153192.168.2.38.8.8.8
      Sep 13, 2021 15:32:48.535530090 CEST53608318.8.8.8192.168.2.3
      Sep 13, 2021 15:32:48.953672886 CEST6010053192.168.2.38.8.8.8
      Sep 13, 2021 15:32:48.979888916 CEST53601008.8.8.8192.168.2.3
      Sep 13, 2021 15:32:49.566032887 CEST5319553192.168.2.38.8.8.8
      Sep 13, 2021 15:32:49.602267981 CEST53531958.8.8.8192.168.2.3
      Sep 13, 2021 15:32:50.838164091 CEST5014153192.168.2.38.8.8.8
      Sep 13, 2021 15:32:50.870492935 CEST53501418.8.8.8192.168.2.3
      Sep 13, 2021 15:32:51.715804100 CEST5302353192.168.2.38.8.8.8
      Sep 13, 2021 15:32:51.777911901 CEST53530238.8.8.8192.168.2.3
      Sep 13, 2021 15:32:52.237663984 CEST4956353192.168.2.38.8.8.8
      Sep 13, 2021 15:32:52.273391962 CEST53495638.8.8.8192.168.2.3
      Sep 13, 2021 15:33:52.093537092 CEST5135253192.168.2.38.8.8.8
      Sep 13, 2021 15:33:52.133460999 CEST53513528.8.8.8192.168.2.3

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
      Sep 13, 2021 15:33:52.093537092 CEST192.168.2.38.8.8.80x4e03Standard query (0)jenniferscarscda.comA (IP address)IN (0x0001)

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
      Sep 13, 2021 15:33:52.133460999 CEST8.8.8.8192.168.2.30x4e03No error (0)jenniferscarscda.com194.76.224.53A (IP address)IN (0x0001)

      Code Manipulations

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      High Level Behavior Distribution

      Click to dive into process behavior distribution

      Behavior

      Click to jump to process

      System Behavior

      Analysis Process: BK635636736_BOOKING CONFIRMATION.exe PID: 5588 Parent PID: 5864

      General

      Start time:15:29:57
      Start date:13/09/2021
      Path:C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe
      Wow64 process (32bit):true
      Commandline:'C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe'
      Imagebase:0x400000
      File size:471040 bytes
      MD5 hash:DA33AAC5F666CB19E32C78E1E8DDFEEF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:Visual Basic
      Reputation:low

      Chronological Activities

      Analysis Process: BK635636736_BOOKING CONFIRMATION.exe PID: 2156 Parent PID: 5588

      General

      Start time:15:31:51
      Start date:13/09/2021
      Path:C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe
      Wow64 process (32bit):true
      Commandline:'C:\Users\user\Desktop\BK635636736_BOOKING CONFIRMATION.exe'
      Imagebase:0x400000
      File size:471040 bytes
      MD5 hash:DA33AAC5F666CB19E32C78E1E8DDFEEF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low

      Chronological Activities

      Disassembly

      Code Analysis

      Reset < >

        Analysis Process: BK635636736_BOOKING CONFIRMATION.exe PID: 5588 Parent PID: 5864 BK635636736_BOOKING CONFIRMATION.exeCOMMON

        Executed Functions

        Function 0233189E, Relevance: 29.1, APIs: 3, Strings: 12, Instructions: 2885COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: !rUS$$%V $3;1$A6lh$PrNE$PrNE$Z$/[2$Zf$`<D$`<D$hb
        • API String ID: 1029625771-677725403
        • Opcode ID: b8584023cd59859084a0fad3469ab9b4802bd0107c9dc97007115f6277295ee2
        • Instruction ID: e42d34e47651725704bc3f878ab4d5f68c281494858cd72aec6f68cce3922e73
        • Opcode Fuzzy Hash: b8584023cd59859084a0fad3469ab9b4802bd0107c9dc97007115f6277295ee2
        • Instruction Fuzzy Hash: DA23AB35604345DFDF359E288D943EA37A6EF96350F94822EDCCADB245C7348A86CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338939, Relevance: 18.6, APIs: 1, Strings: 9, Instructions: 1094COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$X$Z$/[2$hb
        • API String ID: 0-2083295628
        • Opcode ID: 1c24cf98d2f95f1c066a57b81f7842686d1bbcfdf710b883c57eca9ce1ee9812
        • Instruction ID: c05bf52e470eb6d96ae8a58370365a6127ab71b4fad89a0abab8c7f3b4922aad
        • Opcode Fuzzy Hash: 1c24cf98d2f95f1c066a57b81f7842686d1bbcfdf710b883c57eca9ce1ee9812
        • Instruction Fuzzy Hash: E0826571608346DFDF359E3889953EA77A6EF56350F85412EDC8ADB241C3358A8ACB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338F20, Relevance: 17.3, APIs: 1, Strings: 8, Instructions: 1513COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$Z$/[2$hb
        • API String ID: 0-2179061607
        • Opcode ID: 63839267b6e62c18895b5c25dde02c02685fad7145fd1582f21aad914a56037e
        • Instruction ID: 2fe264a472cee1044d460276247494a137d3c0022d5f2bfe93ca27f2249a9100
        • Opcode Fuzzy Hash: 63839267b6e62c18895b5c25dde02c02685fad7145fd1582f21aad914a56037e
        • Instruction Fuzzy Hash: DDA28A79604605DFCF358E28D9547EEB7A9FF96320F90862ACC99DB241C3794643CB22
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02340BEF, Relevance: 17.2, APIs: 1, Strings: 8, Instructions: 1409COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: !rUS$$%V $A6lh$HL$PrNE$PrNE$/[2$hb
        • API String ID: 1029625771-2429855402
        • Opcode ID: 2181d59c3856a26a584ff0cf062b4006d20a76ed8645f62c5da55a78d354cbd2
        • Instruction ID: bdf74d9ebda1d9859a3b86130c480305e6a579bb453be20be729059ae299efb8
        • Opcode Fuzzy Hash: 2181d59c3856a26a584ff0cf062b4006d20a76ed8645f62c5da55a78d354cbd2
        • Instruction Fuzzy Hash: 38B29471A04346DFDF389E388D943EA37E6AF55390F81412EDC8A9B645D7318AC9CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338A4D, Relevance: 17.1, APIs: 1, Strings: 8, Instructions: 1301COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$Z$/[2$hb
        • API String ID: 0-2179061607
        • Opcode ID: 9bd0f03a3d7e72e8798280b0bc4894211e562f8ac5c027f64d5a0af0f4657932
        • Instruction ID: 22795383bec5006dcf9cce78920b3ee953e25b8bc0651dd8157aeb47222306a2
        • Opcode Fuzzy Hash: 9bd0f03a3d7e72e8798280b0bc4894211e562f8ac5c027f64d5a0af0f4657932
        • Instruction Fuzzy Hash: CB928775604305DFCF359E28DD547EA77AAFF96360F90862ADC8ADB240C3344A86CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233FF42, Relevance: 17.0, APIs: 1, Strings: 8, Instructions: 1280COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$`$/[2$hb
        • API String ID: 0-3016046857
        • Opcode ID: 109532d446f0b147ed029d5e6e8e085865656dd879f65c2d5e686ace44386b64
        • Instruction ID: 2719b3f02dab71488df543d39b812de4368ea905876d26fd0a13db810b6be89a
        • Opcode Fuzzy Hash: 109532d446f0b147ed029d5e6e8e085865656dd879f65c2d5e686ace44386b64
        • Instruction Fuzzy Hash: 9CA27671604346DFDF389E38CD953EA37A6EF95350F90422EDC8A9B245D7358A86CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02330F23, Relevance: 16.9, APIs: 2, Strings: 7, Instructions: 1175COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: EnumLibraryLoadWindows
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 2773682629-3573892451
        • Opcode ID: 17bb7ab70605f0a8eea5300a1f979b6c7b77941d4e8dbef0a73b13b50197b45d
        • Instruction ID: aedbc934fe4a2fb5259ccad61012535dab91cc31de7c2b12dc492a54e85e46f6
        • Opcode Fuzzy Hash: 17bb7ab70605f0a8eea5300a1f979b6c7b77941d4e8dbef0a73b13b50197b45d
        • Instruction Fuzzy Hash: 76925471608346DFDF399E388D953EA37A6EF55390F81412EDC8ADB645D3318A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338B2B, Relevance: 16.7, APIs: 1, Strings: 8, Instructions: 976COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$Z$/[2$hb
        • API String ID: 0-2179061607
        • Opcode ID: 9de739f0df6ffc0bcbd4d35be463d7aee47825bb09b767bb0428c4178f8ce0ab
        • Instruction ID: 7686ddc1fb0111e5d6ce5be49eecc69386866d6c4794c6ffc234ae16b829d3db
        • Opcode Fuzzy Hash: 9de739f0df6ffc0bcbd4d35be463d7aee47825bb09b767bb0428c4178f8ce0ab
        • Instruction Fuzzy Hash: CC725271608346DFDF399E38C9953EA7BA6EF55350F85412EDC8ADB641C3318A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332C26, Relevance: 15.7, APIs: 1, Strings: 7, Instructions: 1676COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: Z$Z$Z$Z$Zf$`<D$`<D
        • API String ID: 0-1694744352
        • Opcode ID: 50aa6584e0bfc6c45ca9ad324843f710004b5a266f0f2812d7fed86286f9997b
        • Instruction ID: 20ec4e9601d772e6b9c6e3d8a75d10552fb4b36a9de6f5bf89fed9caccc12745
        • Opcode Fuzzy Hash: 50aa6584e0bfc6c45ca9ad324843f710004b5a266f0f2812d7fed86286f9997b
        • Instruction Fuzzy Hash: D1A2AC39708A455BCF328A58D9547FEB799EFD3324F90C3AACC95CB245C72947438A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233421F, Relevance: 15.2, APIs: 1, Strings: 7, Instructions: 1175COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 0-3573892451
        • Opcode ID: a883567ab9ac596c9c07d2c2a9e59b312bff1b025d90395d981d998a897df1a1
        • Instruction ID: 528deb458e3359c1214cd6ed742aee9094c4acd9a7d980089bc51d5f3235cc0f
        • Opcode Fuzzy Hash: a883567ab9ac596c9c07d2c2a9e59b312bff1b025d90395d981d998a897df1a1
        • Instruction Fuzzy Hash: 82925471A0834ADFDF359E38CD953EA37A6EF55390F85412EDC8A9B245C3318A85CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338ABA, Relevance: 15.0, APIs: 1, Strings: 7, Instructions: 995COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 0-3573892451
        • Opcode ID: b5b86f80a70eccbcd7578a45eb5691d54f9ce65ba5df15b87addff5ae80df195
        • Instruction ID: 3d841d866eb7501346e8c0e8c935662c60bbe7f3ce52effae631be84fd778e85
        • Opcode Fuzzy Hash: b5b86f80a70eccbcd7578a45eb5691d54f9ce65ba5df15b87addff5ae80df195
        • Instruction Fuzzy Hash: 71725371608346DFDF399E388D953EA77A6EF55350F85412EDC8ADB641C3318A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338A43, Relevance: 15.0, APIs: 1, Strings: 7, Instructions: 977libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 1029625771-3573892451
        • Opcode ID: 8540e3b7b502c607a90ecfa03d48f866e399ca3b7d0e4398e47ebfcf9535b5e2
        • Instruction ID: 49bc1b92bd967a20997c4ad5a5ec882f02ee6a3156916885e334bcb8c84c90b6
        • Opcode Fuzzy Hash: 8540e3b7b502c607a90ecfa03d48f866e399ca3b7d0e4398e47ebfcf9535b5e2
        • Instruction Fuzzy Hash: 1F726371608346DFDB399E388D953EA7BA6EF55350F85412EDC8ADB644C3318A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338BA7, Relevance: 15.0, APIs: 1, Strings: 7, Instructions: 962COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 0-3573892451
        • Opcode ID: 93f556c499feffcc4306563ce39da8e550f2cd34239dd714e128ca4ff20d1a13
        • Instruction ID: 9138987d3c08ab7cd135bcc1a00117c94624db418e1e4683a2651bcba7b24f05
        • Opcode Fuzzy Hash: 93f556c499feffcc4306563ce39da8e550f2cd34239dd714e128ca4ff20d1a13
        • Instruction Fuzzy Hash: F9725371608346DFDF399E3889953EA77A6EF55350F85412EDC8ADB641C3318A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338C20, Relevance: 14.9, APIs: 1, Strings: 7, Instructions: 943COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 0-3573892451
        • Opcode ID: 359843b8870ddc18aef79327a80ef287d59c1914614a7e3d9bf93552a3996fff
        • Instruction ID: 60b602d1e5121d18daa39ff86e805b214c3c5f5f13f1cbfee167707872e08a11
        • Opcode Fuzzy Hash: 359843b8870ddc18aef79327a80ef287d59c1914614a7e3d9bf93552a3996fff
        • Instruction Fuzzy Hash: 4F725371608346DFDF399E388D953EA7BA6EF55350F81412EDC8ADB641C3318A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338C8F, Relevance: 14.9, APIs: 1, Strings: 7, Instructions: 931COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 0-3573892451
        • Opcode ID: 38985f5caac0b5a49aa727e158f7ec46b946006a5cd92150975e952f6188a42a
        • Instruction ID: 9d26a208e54000cb744a5c9ebc4665752978131dcd5532949c6fb5f1b236754b
        • Opcode Fuzzy Hash: 38985f5caac0b5a49aa727e158f7ec46b946006a5cd92150975e952f6188a42a
        • Instruction Fuzzy Hash: C6725371608346DFDF399E38C9953EA77A6EF55350F81412EDC8ADB641C3718A8ACB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338D0C, Relevance: 14.9, APIs: 1, Strings: 7, Instructions: 912COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 0-3573892451
        • Opcode ID: fcaa11acfd54bf6f8dbe1b75aa876d9950d9afd9f8a0f0051eaf5145fcde5217
        • Instruction ID: fdbcbc10083c0ef838096d598b832fde8de6ba9d9d44eefd1360038f0584e676
        • Opcode Fuzzy Hash: fcaa11acfd54bf6f8dbe1b75aa876d9950d9afd9f8a0f0051eaf5145fcde5217
        • Instruction Fuzzy Hash: 86725371608346DFCF399E38C9953EA77A6EF55350F85412EDC8ADB641C3318A8ACB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339226, Relevance: 14.9, APIs: 1, Strings: 7, Instructions: 871COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$Z$/[2
        • API String ID: 0-72283627
        • Opcode ID: 5c3f3852476fa4649f0ab83f2c9d3b0d3a049e05fc410e8f7b438eeabf172558
        • Instruction ID: abe0efe6effbdcee7b410144224ef7890ef5e1896a05ba742f40ff5a48acd463
        • Opcode Fuzzy Hash: 5c3f3852476fa4649f0ab83f2c9d3b0d3a049e05fc410e8f7b438eeabf172558
        • Instruction Fuzzy Hash: 10526675604305DFDF359E28DD547EA77A6FF96320F81822ACC8ADB241C3758A86CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338E7A, Relevance: 14.9, APIs: 1, Strings: 7, Instructions: 868COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 0-3573892451
        • Opcode ID: 51e612481533204fca259f2651f398f7b4a55acb74abcc62a85554231fc9eddf
        • Instruction ID: 41a59898dafd92736e55a05cf78b703134c39f625df82fa5b46c7953a7d020f3
        • Opcode Fuzzy Hash: 51e612481533204fca259f2651f398f7b4a55acb74abcc62a85554231fc9eddf
        • Instruction Fuzzy Hash: 38624271608346DFDF399E388D953EA37A6EF55350F81412EDC8ADB645C3718A86CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338EBD, Relevance: 14.8, APIs: 1, Strings: 7, Instructions: 846libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 1029625771-3573892451
        • Opcode ID: ca08110a247c7782b132b2b066359ffe47508736170d4b0928cdddda36a34f7e
        • Instruction ID: a87d207032826c500c9bc39b3a7f854cf5777795ceb299a598266b3ea484796f
        • Opcode Fuzzy Hash: ca08110a247c7782b132b2b066359ffe47508736170d4b0928cdddda36a34f7e
        • Instruction Fuzzy Hash: A6625371608346DFDF399E388D953EA37A6EF55350F85412EDC8ADB641C3318A89CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02338F62, Relevance: 14.8, APIs: 1, Strings: 7, Instructions: 823COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2$hb
        • API String ID: 1029625771-3573892451
        • Opcode ID: 46c5b041cbd80d4b964616e71078a81fbbf67845b5178171943d5d1860217186
        • Instruction ID: db9bc7427f9768c67c9b5214f90d2b121ecb9cb5de6c41bd7111f0dd3e640c87
        • Opcode Fuzzy Hash: 46c5b041cbd80d4b964616e71078a81fbbf67845b5178171943d5d1860217186
        • Instruction Fuzzy Hash: C562527160834ADFDF399E38C9953EA3BA6EF55350F81412EDC8ADB605C3718A85CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233912B, Relevance: 14.8, APIs: 1, Strings: 7, Instructions: 779COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$Z$/[2
        • API String ID: 0-72283627
        • Opcode ID: 326d751d90b2c85817ac34bb193fd31a144ff73c761eff9088e5a7f1a80fec49
        • Instruction ID: 291f6bb1513bb80bd4a017ed7601faf60a4cd339a40c0cbfedc054fb25a42bed
        • Opcode Fuzzy Hash: 326d751d90b2c85817ac34bb193fd31a144ff73c761eff9088e5a7f1a80fec49
        • Instruction Fuzzy Hash: 10523171604346DFDF399E28CDA53EA7BA6EF55350F85412EDC8ADB601C3718A86CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339023, Relevance: 13.1, APIs: 1, Strings: 6, Instructions: 817COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2
        • API String ID: 0-313755473
        • Opcode ID: 6d5e433a07c3593cf7c3a7b696013023f0a991aa8c4f312bf1d8645f234c2c13
        • Instruction ID: 016d8242f033bf582133b8fa7f1c2afdd732b650c1149b268f44bf7ba6b9ec63
        • Opcode Fuzzy Hash: 6d5e433a07c3593cf7c3a7b696013023f0a991aa8c4f312bf1d8645f234c2c13
        • Instruction Fuzzy Hash: EB523171604346DFDF399E388DA53EA7BA6EF55350F81412EDC8ADB605C3718A86CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023390A0, Relevance: 13.0, APIs: 1, Strings: 6, Instructions: 799COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2
        • API String ID: 0-313755473
        • Opcode ID: 0d85e11c48ada1b6986a08cca4d3a36e2fc781d9aeb7b1f109bebb1bf4c83427
        • Instruction ID: 9590c4a5fb40f7c593eeefc3d453ab11d10097d49a97b6c406f91fc9d601c5b6
        • Opcode Fuzzy Hash: 0d85e11c48ada1b6986a08cca4d3a36e2fc781d9aeb7b1f109bebb1bf4c83427
        • Instruction Fuzzy Hash: 1B523171604346DFDF399E28CDA53EA7BA6EF55350F81412EDC8ADB601C3718A86CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339263, Relevance: 13.0, APIs: 1, Strings: 6, Instructions: 707libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: !rUS$$%V $A6lh$PrNE$PrNE$/[2
        • API String ID: 1029625771-313755473
        • Opcode ID: 978fd60caa6bdfa031cea445f62543a5eb4bec6ff3469b12678da4d393783d38
        • Instruction ID: 2125d17c16ae37e239b9ab9311506301aa33eec998db420e469846441142dbe7
        • Opcode Fuzzy Hash: 978fd60caa6bdfa031cea445f62543a5eb4bec6ff3469b12678da4d393783d38
        • Instruction Fuzzy Hash: ED424271608346DFDF399E388DA53EA77A6EF55350F81412EDC8ADB601C3718A89CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339382, Relevance: 11.2, APIs: 1, Strings: 5, Instructions: 708COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $PrNE$PrNE$/[2
        • API String ID: 0-3445637921
        • Opcode ID: a70a81d0f276d8a311817a3c8da7ca0651f4d2636bea560918e37b86ffb8a0db
        • Instruction ID: a9c580f15a2c54472652f2e4c1511c5c0cc24e5ee0b813461461454781eb10b1
        • Opcode Fuzzy Hash: a70a81d0f276d8a311817a3c8da7ca0651f4d2636bea560918e37b86ffb8a0db
        • Instruction Fuzzy Hash: 93423271604349DFDF399E388DA53EA3BA6EF55350F81412EDC8ADB601C3718A85CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339466, Relevance: 11.2, APIs: 1, Strings: 5, Instructions: 671COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$$%V $PrNE$PrNE$/[2
        • API String ID: 0-3445637921
        • Opcode ID: 29b5d8a08156e96d1dc3691d03a4d37813762dba98ff9aa1b888f40ea2b82686
        • Instruction ID: 70c559392bdbd36d04f7a6df90646a050bad5463793ef0f30eb78782cebf4f06
        • Opcode Fuzzy Hash: 29b5d8a08156e96d1dc3691d03a4d37813762dba98ff9aa1b888f40ea2b82686
        • Instruction Fuzzy Hash: 0F322171608349DFDF399E28CDA53EA37A6EF55350F81412EDC8ADB205D3718A89CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023396BD, Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 625COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$PrNE$PrNE$/[2
        • API String ID: 0-2787428060
        • Opcode ID: d8dcfca60d3e16ed6bd841492672a5163004a70a0b2aad089f935083dabf6d76
        • Instruction ID: bef47c803dc545a5fe796055ad5e3e7e1e8a5b3dd37f0349f5775667eb9ff88c
        • Opcode Fuzzy Hash: d8dcfca60d3e16ed6bd841492672a5163004a70a0b2aad089f935083dabf6d76
        • Instruction Fuzzy Hash: 50224475604345DFDF399E288DA53EA37A6EF56350F81412EDCCADB211C3718A8ACB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233963C, Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 608COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$PrNE$PrNE$/[2
        • API String ID: 0-2787428060
        • Opcode ID: 9c8a2861b0c12d9b6a0b11ed3113bd4f09f753ad0027479ed7335e4eefced02b
        • Instruction ID: 587279f4ae8beaadd99bbbce2ad8aaf0a920b646e304cad84e81005b1e4c80f3
        • Opcode Fuzzy Hash: 9c8a2861b0c12d9b6a0b11ed3113bd4f09f753ad0027479ed7335e4eefced02b
        • Instruction Fuzzy Hash: 16222171608349DFDF399E28CDA57EA37A6EF55350F81412EDC8ADB211D3718A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233987B, Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 605COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE$Z$/[2
        • API String ID: 0-1170083019
        • Opcode ID: 6db17910eae9080393e5b59947e9e06fc227546649f101a61de6ea995e37a94e
        • Instruction ID: 93d34654839111e053c3a9bf928d21c336b3a0189d01bc9f0cac206925754530
        • Opcode Fuzzy Hash: 6db17910eae9080393e5b59947e9e06fc227546649f101a61de6ea995e37a94e
        • Instruction Fuzzy Hash: 91227675604345DFCF399E28CDA53EA37A6EF96350F81412ADC8ADB211C3754A8ACB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023397AE, Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 552COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$PrNE$PrNE$/[2
        • API String ID: 0-2787428060
        • Opcode ID: e1756dab84fac9f55ecfe85df69b41b25f5d7d2137af0aa4deea9f8140d322db
        • Instruction ID: a9d308be94e8a70d64c49acd62f8aa86d530ec33ce5743bf7ffc55eaf51c4908
        • Opcode Fuzzy Hash: e1756dab84fac9f55ecfe85df69b41b25f5d7d2137af0aa4deea9f8140d322db
        • Instruction Fuzzy Hash: 17123171608349DFDF399E288DA53EA37A6EF55350F81412EDCCADB215C7718A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339826, Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 532COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: !rUS$PrNE$PrNE$/[2
        • API String ID: 0-2787428060
        • Opcode ID: c66c61e273e0b0b271d07ed3e9b41395f121583b396c30b8b395e2852220ca77
        • Instruction ID: 9c8df0699758154b8cebcab035d3049556e3b0c7707007a79d33d7f2ab031a28
        • Opcode Fuzzy Hash: c66c61e273e0b0b271d07ed3e9b41395f121583b396c30b8b395e2852220ca77
        • Instruction Fuzzy Hash: 81124371604349DFDF399E28CDA53EA37A6EF59350F85412EDC8ADB211C7718A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023398FF, Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 514COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE$Z$/[2
        • API String ID: 0-1170083019
        • Opcode ID: 0afb8f9a72182677971e7929f9a353ec8cf22f1959ba5ea12bfc410b6dbf5677
        • Instruction ID: 29b2944c75662f372cef6ee879f36f181a93584a504d8b13ea48901d72686d53
        • Opcode Fuzzy Hash: 0afb8f9a72182677971e7929f9a353ec8cf22f1959ba5ea12bfc410b6dbf5677
        • Instruction Fuzzy Hash: 48024571608349DFDF399E28CDA53EA37A6EF55350F81412EDC8ADB251C7718A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339BD0, Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 505COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE$Z$/[2
        • API String ID: 0-1170083019
        • Opcode ID: bc9d0a8eff4430944f8f62eaebede6bc1100ad16c7f0aabd752cb583d7285a32
        • Instruction ID: 21b483f1e9c7f29399c52538ab03e8787d7e721a5e7f3c9599b46af67509f8c7
        • Opcode Fuzzy Hash: bc9d0a8eff4430944f8f62eaebede6bc1100ad16c7f0aabd752cb583d7285a32
        • Instruction Fuzzy Hash: 40F17975604305DFCF398E28DDA53EA37EAEF95310F80812ADC8ADB201C7754A86CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339C43, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 400COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE$Z$/[2
        • API String ID: 0-1170083019
        • Opcode ID: 18328fd90cc5cf53603e85e419cfd60ad66b4162e94cac4f72c92cf35d11f59b
        • Instruction ID: 75f6978f8b6c5835fe807ecf8b4f80fdc59275f490a1e07001d6c86a65eee662
        • Opcode Fuzzy Hash: 18328fd90cc5cf53603e85e419cfd60ad66b4162e94cac4f72c92cf35d11f59b
        • Instruction Fuzzy Hash: 36E17271604349DFDF399E28CDA53EA37AAEF55350F85412EDC8ADB211C7318A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339AE6, Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 487libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: PrNE$PrNE$/[2
        • API String ID: 1029625771-1162247495
        • Opcode ID: 8780822ac261d34705e6213de74efc602c23829ed1ac2f7e46a9b37c8782962f
        • Instruction ID: 9ea3428b9172405e676d65200c76e79582f8367598524c01ed67ae3d56c4a73b
        • Opcode Fuzzy Hash: 8780822ac261d34705e6213de74efc602c23829ed1ac2f7e46a9b37c8782962f
        • Instruction Fuzzy Hash: 25F18875604305DFDF398E28DDA53EA37A6EF56350F81412EDC8ACB211C3754A89CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339A7C, Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 463COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE$/[2
        • API String ID: 0-1162247495
        • Opcode ID: 718d034081901c15400ca2a8ea6539fe98df60562869c9ed12448d746de021c1
        • Instruction ID: da7599f395bc0b422cd683f8101575da6e152b974970957a2994005aeffcd1f6
        • Opcode Fuzzy Hash: 718d034081901c15400ca2a8ea6539fe98df60562869c9ed12448d746de021c1
        • Instruction Fuzzy Hash: 07F17475604349DFDF399E28CDA53EA37A6EF56350F81412EDC8ADB211C3758A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339CB4, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 419COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE$/[2
        • API String ID: 0-1162247495
        • Opcode ID: 3977e19259d886fc27c3882ed6a287cf0711a7aefd7fe17a8d7b2b699c3e378a
        • Instruction ID: 4504a17b1cfc86de58029e88c0748b3f65062ad4624be8b55f8dd36f0592485b
        • Opcode Fuzzy Hash: 3977e19259d886fc27c3882ed6a287cf0711a7aefd7fe17a8d7b2b699c3e378a
        • Instruction Fuzzy Hash: 57E17775604309DFDF399E28CDA53EA37AAEF55350F80412ADC8ADB211C7758A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339D1E, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 373COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE$/[2
        • API String ID: 0-1162247495
        • Opcode ID: 8d5a766115f03f82ed9e0625b5fe2d43a18f3d8f8cd5f0d42cfd100bacdb4b4d
        • Instruction ID: 217ac4fac731d6e36eeb0cbe8caa3bf093f6ce312173ad03bbe9d0cc9742a51f
        • Opcode Fuzzy Hash: 8d5a766115f03f82ed9e0625b5fe2d43a18f3d8f8cd5f0d42cfd100bacdb4b4d
        • Instruction Fuzzy Hash: F6D17571604349DFDF399E28CDA53EA37AAEF55350F81412EDC8ADB201C7758A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233B62D, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 348COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: Z$Z$8
        • API String ID: 0-3631146849
        • Opcode ID: 50a5f767c5739af23718ac3ead8783d8bf3753d5e69dd457e16df2a1d861b7c1
        • Instruction ID: abc5a4e8cae98f37456ad0cc438b7c821fccd39923ed185fa43093e484623885
        • Opcode Fuzzy Hash: 50a5f767c5739af23718ac3ead8783d8bf3753d5e69dd457e16df2a1d861b7c1
        • Instruction Fuzzy Hash: D291347D704A044BDF319E19E914BFDF7DAEFC6328B908B25CC99DE211D72946438A22
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339E28, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 334COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE$/[2
        • API String ID: 0-1162247495
        • Opcode ID: 4364721da81bab7573a62d358d5438690e9196c493b5dfa0d33296e9f54dfbfe
        • Instruction ID: eff09cd19dd7009189618745b53626a7431deab496b0ce43ba0e7eff6ef8d75a
        • Opcode Fuzzy Hash: 4364721da81bab7573a62d358d5438690e9196c493b5dfa0d33296e9f54dfbfe
        • Instruction Fuzzy Hash: 45C13275604349DFDF399E28DDA53EA33AAEF55350F80412EDC8ACB211C7758A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339E97, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 322COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE$/[2
        • API String ID: 0-1162247495
        • Opcode ID: ceb988611b3be89103869702fce845e53f0fd37bb2dc1341899889d43bdfb2ef
        • Instruction ID: 04fcfbd3b386e6fc50b538c25613d33e406c8fd979594e105eb5f6e6457fbcca
        • Opcode Fuzzy Hash: ceb988611b3be89103869702fce845e53f0fd37bb2dc1341899889d43bdfb2ef
        • Instruction Fuzzy Hash: 4AC14371604345DFDF399E289DA57EA37AAEF55310F84812EDCCACB211C7758A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233B532, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 297COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: Z$Z$8
        • API String ID: 0-3631146849
        • Opcode ID: 99abd4b5ebf3ffb1613dd9407ea0fc8850c5e03559d658dacf1017463927f0af
        • Instruction ID: 268bb78d7f10993e688bfaebc17da2929c4974f4ccc2f19c16085ec6b6c8e760
        • Opcode Fuzzy Hash: 99abd4b5ebf3ffb1613dd9407ea0fc8850c5e03559d658dacf1017463927f0af
        • Instruction Fuzzy Hash: EE8178797046058FEF319E28D9607FDB7DAEF86368F808629CC8ACB505D72846478B12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233A0DA, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 229COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE$Z
        • API String ID: 0-1426764495
        • Opcode ID: 376cd964b739e3cb3275c086962072695db0ffba6e57b84e66d2aed9a91bf1a4
        • Instruction ID: 01a8f62fe62161af63d088599d74f5a0586bf87e7dd11d1853c7830ebe5b7559
        • Opcode Fuzzy Hash: 376cd964b739e3cb3275c086962072695db0ffba6e57b84e66d2aed9a91bf1a4
        • Instruction Fuzzy Hash: 6F8133716043459FEF399E34DDA57EA37AAAF55310F50402EEC8ACB211C7368A85CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233A232, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199nativeCOMMON
        Download Yara Rule
        APIs
        • NtWriteVirtualMemory.NTDLL(?,AE015DCB,?,00000000,?,?,-0000000166636F27), ref: 0233A3AB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: MemoryVirtualWrite
        • String ID: PrNE$PrNE$Z
        • API String ID: 3527976591-1426764495
        • Opcode ID: 7f00360f3288467c99c4fe670ea092bc820a16e4f2b65954bd81f8cdcbcee85d
        • Instruction ID: 0ba24a1ef72d132c20b124e9ff5eba547a5f9174854264d5be0b75f1cb495680
        • Opcode Fuzzy Hash: 7f00360f3288467c99c4fe670ea092bc820a16e4f2b65954bd81f8cdcbcee85d
        • Instruction Fuzzy Hash: 2761FF756043089FDF398E28DD957EA37AAFF95310F50412AEC8ADB211C7368B86CB11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331CE7, Relevance: 6.9, APIs: 1, Strings: 2, Instructions: 1683COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1$Z
        • API String ID: 0-1399297178
        • Opcode ID: 27302913008104e29384004b9f738359916b74e2bca4ec7171fc45d42bc3a9b2
        • Instruction ID: 1fec0848677ae94e77cbe9fc0d5b462941a5d6660cdf640b8f67673407745359
        • Opcode Fuzzy Hash: 27302913008104e29384004b9f738359916b74e2bca4ec7171fc45d42bc3a9b2
        • Instruction Fuzzy Hash: 78A26A39B04A054BCF318A59AD547FE67DAEFD3320FA08726CC99DF245D7294A438A31
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233202F, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 658COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1$Z
        • API String ID: 0-1399297178
        • Opcode ID: 54aac77bd502440c317b836c563abcc30693bf7564bbfa5709ad0c0da08e231e
        • Instruction ID: 0b4d870d06d5e687ac4d8e4cd00704c9faa1e172681fdacce2399c82decfcd07
        • Opcode Fuzzy Hash: 54aac77bd502440c317b836c563abcc30693bf7564bbfa5709ad0c0da08e231e
        • Instruction Fuzzy Hash: C6227E35A04346CFDF359E388DA47EB37A7AF91350F94422ECC8997245D7358A86CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023322D3, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 574COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1$Z
        • API String ID: 0-1399297178
        • Opcode ID: 7658b0123ab84a9e868eb7ed207a560a8a44b6745d690522572a2d9cf016e8e1
        • Instruction ID: 89beef7183329ec79b67a44d746e4ee5be514c21eed67d4c4ce2c0caa70f21e0
        • Opcode Fuzzy Hash: 7658b0123ab84a9e868eb7ed207a560a8a44b6745d690522572a2d9cf016e8e1
        • Instruction Fuzzy Hash: 3A127E35A04746CFDF355E3889A47EB37A7AF92350F94822ECC8A97145D7358A87CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023304FA, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 567COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: Z$Z
        • API String ID: 0-3829148472
        • Opcode ID: e8b82332e70da9b57882a08532d4740ac15737a96c10956edab4bdc3d852954b
        • Instruction ID: 3c7bb116a13922b9493e079fabed13a7b0d1f54f3e8e2c40998484460ef2ea83
        • Opcode Fuzzy Hash: e8b82332e70da9b57882a08532d4740ac15737a96c10956edab4bdc3d852954b
        • Instruction Fuzzy Hash: 9AE1BB39708A094BDF398D29AA607FE639EFFD2360F808729DC9ADB145D71947038921
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332662, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 433COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1$Z
        • API String ID: 0-1399297178
        • Opcode ID: e8c0cfe2fe6f9fab04bac0bb1b6f7db14740fa0a4bd56d9bb5619622947daaac
        • Instruction ID: b26b4cfdec1abddee4a35e5270b30a3df4b6528f7083c86c4a91819d2a8b34be
        • Opcode Fuzzy Hash: e8c0cfe2fe6f9fab04bac0bb1b6f7db14740fa0a4bd56d9bb5619622947daaac
        • Instruction Fuzzy Hash: 9BE18C35A043469FDF355E3889643EB37A7AF92350F94822ECCD997149C7388A87CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02339F9F, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: PrNE$PrNE
        • API String ID: 0-4059740930
        • Opcode ID: 57a2d9c69478c7a77e6301db2fcfe30567e74a371fe327f940872743cead4dc5
        • Instruction ID: 59f783a625aec02aceb096fdd418dd48781e5e0aabe457b01fe6674fe392cba2
        • Opcode Fuzzy Hash: 57a2d9c69478c7a77e6301db2fcfe30567e74a371fe327f940872743cead4dc5
        • Instruction Fuzzy Hash: 3FA132756043489FDF399E24DD957EA37AAEF69310F50412EDCCACB211C7368A89CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233B530, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 259memorynativeCOMMON
        Download Yara Rule
        APIs
          • Part of subcall function 02330F23: LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        • NtAllocateVirtualMemory.NTDLL ref: 0233B8CB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: AllocateLibraryLoadMemoryVirtual
        • String ID: Z$8
        • API String ID: 2616484454-961252341
        • Opcode ID: 6fa13eb46fb880ed9567f2992634c428dbd0116791de9b8cc63848144f4a1dcc
        • Instruction ID: 68a262eaed0da7d337126319709e884fbee1b501078569ed20cc108b26cae944
        • Opcode Fuzzy Hash: 6fa13eb46fb880ed9567f2992634c428dbd0116791de9b8cc63848144f4a1dcc
        • Instruction Fuzzy Hash: 77717A797043058FEF316E24D9647FDB7EAEF86368F804629CC8ACB511D72486878B12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233B69E, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 252memorynativeCOMMON
        Download Yara Rule
        APIs
        • NtAllocateVirtualMemory.NTDLL ref: 0233B8CB
          • Part of subcall function 02330F23: LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: AllocateLibraryLoadMemoryVirtual
        • String ID: Z$8
        • API String ID: 2616484454-961252341
        • Opcode ID: 87e1acd098b870c62a36118857d4ad49fff0038223dd005f16b6fb7dee0d0955
        • Instruction ID: f7260c0c56a51302ff6ef29a1ce90517a5caf32d4e017c10c09d45676ed2ece4
        • Opcode Fuzzy Hash: 87e1acd098b870c62a36118857d4ad49fff0038223dd005f16b6fb7dee0d0955
        • Instruction Fuzzy Hash: CF6166797046058FDF319E28D9547FDB7DAEF86364F808A29CC8ACF111D72846438B22
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233A126, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 238nativeCOMMON
        Download Yara Rule
        APIs
        • NtWriteVirtualMemory.NTDLL(?,AE015DCB,?,00000000,?,?,-0000000166636F27), ref: 0233A3AB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: MemoryVirtualWrite
        • String ID: PrNE$PrNE
        • API String ID: 3527976591-4059740930
        • Opcode ID: 073d17b0c9f9e641a6cc88c56c19a5cbf80ade3c6623a2f2b3ee6b44c9c92f1a
        • Instruction ID: 228f0596aacafcba163a95ba5e1a0868e6543577c2abc95bed66c02e320f1357
        • Opcode Fuzzy Hash: 073d17b0c9f9e641a6cc88c56c19a5cbf80ade3c6623a2f2b3ee6b44c9c92f1a
        • Instruction Fuzzy Hash: 128112757043059FDF398E24DD957EA379AEFA5310F90412EEC8ACB211C7768A85CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233B784, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 218memorynativeCOMMON
        Download Yara Rule
        APIs
        • NtAllocateVirtualMemory.NTDLL ref: 0233B8CB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: AllocateMemoryVirtual
        • String ID: Z$8
        • API String ID: 2167126740-961252341
        • Opcode ID: 8111703b946789208c0acd8fceefe4a60739f226d04f29f4277957b32c135177
        • Instruction ID: 1b464c695626d1d440b29cdf62472dd068084eb847970c4cbd75667657fe5d4b
        • Opcode Fuzzy Hash: 8111703b946789208c0acd8fceefe4a60739f226d04f29f4277957b32c135177
        • Instruction Fuzzy Hash: 9C5144797046058FDF319E19D8547FDB79AEFC6368F908A2ACC89DE111C72846438B21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233B7F9, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 203memorynativeCOMMON
        Download Yara Rule
        APIs
        • NtAllocateVirtualMemory.NTDLL ref: 0233B8CB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: AllocateMemoryVirtual
        • String ID: Z$8
        • API String ID: 2167126740-961252341
        • Opcode ID: 3310418e46786cc36c53c337fd061c2126d1008d1232a7b06c1fdf35961fcdba
        • Instruction ID: 4ca146be128e97cdbd49de2c5cd2ca004cdaf4c7993527957ab6e4af612e3952
        • Opcode Fuzzy Hash: 3310418e46786cc36c53c337fd061c2126d1008d1232a7b06c1fdf35961fcdba
        • Instruction Fuzzy Hash: CB51467D704A058FDF319E09D850BFDB7DAEFD7328F908A26D889DE111C72946438A22
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233B876, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182memorynativeCOMMON
        Download Yara Rule
        APIs
        • NtAllocateVirtualMemory.NTDLL ref: 0233B8CB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: AllocateMemoryVirtual
        • String ID: Z$8
        • API String ID: 2167126740-961252341
        • Opcode ID: 168a96ee6e958392739884469edeb68bf4c1792521beb352aaa35a08b34372ba
        • Instruction ID: 64e0aca89c07dc8b21f8d6a203766c3688f91cc235a7d33bca28beb2f1af17de
        • Opcode Fuzzy Hash: 168a96ee6e958392739884469edeb68bf4c1792521beb352aaa35a08b34372ba
        • Instruction Fuzzy Hash: 1A41647DB04A054BCF329E09E850BFDA79EEFD7328BD08B22C889DE111C71947038A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233A2C2, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 180nativeCOMMON
        Download Yara Rule
        APIs
        • NtWriteVirtualMemory.NTDLL(?,AE015DCB,?,00000000,?,?,-0000000166636F27), ref: 0233A3AB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: MemoryVirtualWrite
        • String ID: PrNE$PrNE
        • API String ID: 3527976591-4059740930
        • Opcode ID: f1f2f6b720cb84d5b89cf01f4e81f6d42b382d5987b730ee181a4d0820455a11
        • Instruction ID: b4f779ed624832c197c46de6175b87ec6ddaca8b407f54064fc1bd87038db12e
        • Opcode Fuzzy Hash: f1f2f6b720cb84d5b89cf01f4e81f6d42b382d5987b730ee181a4d0820455a11
        • Instruction Fuzzy Hash: 095134757042049FDF398E24DDA57EA37AAFF95320F908129EC8ADB210C7364B86CB11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233A342, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 157nativeCOMMON
        Download Yara Rule
        APIs
        • NtWriteVirtualMemory.NTDLL(?,AE015DCB,?,00000000,?,?,-0000000166636F27), ref: 0233A3AB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: MemoryVirtualWrite
        • String ID: PrNE$PrNE
        • API String ID: 3527976591-4059740930
        • Opcode ID: ecf90a99b5ac3079949c2849d99d519d015ccf554fc9b19b84e9dccd96053f8f
        • Instruction ID: d58a7ea5b499fce1d7a5c92bd04af30bc1220472cfbb7cb533bdcb76c9d2f2e7
        • Opcode Fuzzy Hash: ecf90a99b5ac3079949c2849d99d519d015ccf554fc9b19b84e9dccd96053f8f
        • Instruction Fuzzy Hash: 5E5124752046049FDF3A8E24DD957EA77EAFF95314F908129DCCADB210C7354A86CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233566F, Relevance: 4.6, Strings: 3, Instructions: 858COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 7R=>$:v8w$T
        • API String ID: 0-1921064702
        • Opcode ID: 67e307922efe22b66b8f7db0ce5679268942b2e15337dc1bb75e9577ce13cc07
        • Instruction ID: b106ff0fb5200d48a879427873b355e7ae98e83b75513e32a83be8d0bd3a2345
        • Opcode Fuzzy Hash: 67e307922efe22b66b8f7db0ce5679268942b2e15337dc1bb75e9577ce13cc07
        • Instruction Fuzzy Hash: 3C52AE757047058FDF358E688DA47EE37EAAF96360F90422ADCC9CB245D7348A46CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02337481, Relevance: 4.6, Strings: 3, Instructions: 839COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w$xq!$zs
        • API String ID: 0-827849487
        • Opcode ID: 50347ae461391a7777e4da8d62404b49f291ece01d8a8629ceaba148c77aad53
        • Instruction ID: cdc6fe5df3dd164eb57e3fb6d63022df63cfd79b899a51e317400c722f239412
        • Opcode Fuzzy Hash: 50347ae461391a7777e4da8d62404b49f291ece01d8a8629ceaba148c77aad53
        • Instruction Fuzzy Hash: 4D42C0757047058FDF319E28C9A47EA77EAAF46360F84422ACCD9CB245D7348A86CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02334E91, Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 773libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: :v8w
        • API String ID: 1029625771-928025439
        • Opcode ID: 2e3169b4245fbd35ef9fd91fde7ff6f97297baeb6920ec9da0639ae70576ca48
        • Instruction ID: 51e5308632b46917cc41cb10b155086e5157d8bc2f12ac13152abee708d35154
        • Opcode Fuzzy Hash: 2e3169b4245fbd35ef9fd91fde7ff6f97297baeb6920ec9da0639ae70576ca48
        • Instruction Fuzzy Hash: 60329D757047098BDF319E288D547EE33ABAF96360F84422ADC8DCB645D7358A47CB11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331E94, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 738COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: bdc7c6f41697efdc97e6ce47d5723f6e5b517b5cfbdc544f3d3f425b89260d83
        • Instruction ID: 2f578c65d1e586d6e5202736a74519097be4567f9d8bdd6c8d3a4cda85c6525b
        • Opcode Fuzzy Hash: bdc7c6f41697efdc97e6ce47d5723f6e5b517b5cfbdc544f3d3f425b89260d83
        • Instruction Fuzzy Hash: 0E327C35A04346CFDF359E288DA47EF37A7AF91350F94422ECC8997245D7358A86CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331E3E, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 715COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: 88a716425207373365587544bd34e7bb4591dec845e94d1149dde08c08272948
        • Instruction ID: bddf2e522906f6710feb0c20636f59bd246948818a27d4dddae20fb703356245
        • Opcode Fuzzy Hash: 88a716425207373365587544bd34e7bb4591dec845e94d1149dde08c08272948
        • Instruction Fuzzy Hash: 41328E35A04346CFDF359E388DA47EB37A7AF91350F94422ECC8997245D7358A86CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331EF7, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 687COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: 8bb402d4693998459db801d0aa8541cb72bddb6fc733926529b0735115b80908
        • Instruction ID: 3fba0b5e5e32182142b65a9f229c2bdf42567dbd36183bc20294502af6e509c3
        • Opcode Fuzzy Hash: 8bb402d4693998459db801d0aa8541cb72bddb6fc733926529b0735115b80908
        • Instruction Fuzzy Hash: C0325B31A04346CFDF359E3889A47EF37A7AF91350F95422ECC8A97245D7358A86CB42
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331FB1, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 679COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: b95a41b9c18efb479d3bf024948c0c49e029f4241f33988237231b381301289f
        • Instruction ID: 2d864b6580e2edaacde080efabfc074449ee024fee7f31376168d46c30b56f38
        • Opcode Fuzzy Hash: b95a41b9c18efb479d3bf024948c0c49e029f4241f33988237231b381301289f
        • Instruction Fuzzy Hash: 01326E35A04346CFDF359E388DA47EB37A7AF91350F94422ECC899B245D7358A86CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023320A1, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 642COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: b24b19590ef3ce0454434e9ed150581c9db85426c3e6e21f21f672b08d752539
        • Instruction ID: e06a43fa8c13a49546d208a623a2737b85344e9d61313ca7d4c30b35623ce729
        • Opcode Fuzzy Hash: b24b19590ef3ce0454434e9ed150581c9db85426c3e6e21f21f672b08d752539
        • Instruction Fuzzy Hash: 92228D35A04346CFDF355E388DA47EB37A7AF91350F94422ECC8A8B245D7358A86CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332211, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 630COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: aa269e93e51d05d1176397a49cb9b2271ec6876a695e3c7a5fd14c7879584c89
        • Instruction ID: f16e420d6796ad60134088aed0098a1fef504fa5abdde6f299b5b8a079c808a0
        • Opcode Fuzzy Hash: aa269e93e51d05d1176397a49cb9b2271ec6876a695e3c7a5fd14c7879584c89
        • Instruction Fuzzy Hash: F2127D35A047468FDF355E388D647EB37A7AF92350F94822ECC8A87145D7358A87CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332577, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 614COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: 81ee076b2413c932d84e8195c5109b8df5f8d7d2f4300c013c73418ee0c58da7
        • Instruction ID: 7784ae1aabe176b519014b947d891bc354c4a971c3b5d666cedee0a7592b1897
        • Opcode Fuzzy Hash: 81ee076b2413c932d84e8195c5109b8df5f8d7d2f4300c013c73418ee0c58da7
        • Instruction Fuzzy Hash: 0802AE357047458BDF318E289D647EF779AEFD2360F94832ACC99CB245D7384A878A12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332326, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 552libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: 3;1
        • API String ID: 1029625771-3648596008
        • Opcode ID: 9a39769d26d15e643aeecfb9a0c78334cdaca7be9df3548516cbba63b5fb915d
        • Instruction ID: d81f3a0a663d2ba2f7a51bd3e3c6fb571d66c9946d5ae325f51523adec6693e1
        • Opcode Fuzzy Hash: 9a39769d26d15e643aeecfb9a0c78334cdaca7be9df3548516cbba63b5fb915d
        • Instruction Fuzzy Hash: 2A026C35A047468FDF355E388DA47EB37A7AF92350F94822ECC8997245D7358A87CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233241A, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 545COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: f6bc7b44897336d0ded4b5602a195f76942a272c2bca467140c374ab5429d3f6
        • Instruction ID: 5a4478325064eb745a55385cd3ad4eedff75ef46af4d4e82a7a6eb0cd4ef952b
        • Opcode Fuzzy Hash: f6bc7b44897336d0ded4b5602a195f76942a272c2bca467140c374ab5429d3f6
        • Instruction Fuzzy Hash: 2D027D35A047468FDF359E388D647EB37A7AF92350F94822ECC899B145D7394A87C702
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023323B2, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 533COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: 53e4eef4748cd7fe35c5228af600a486dbe0e6425f96ed6cc40f1fe420374af5
        • Instruction ID: d8b47dfbd39b8da5b25fea6fced9e01addf57bee62c82120813475eefcfa1909
        • Opcode Fuzzy Hash: 53e4eef4748cd7fe35c5228af600a486dbe0e6425f96ed6cc40f1fe420374af5
        • Instruction Fuzzy Hash: 99025B35B047468FDF359E3889647EB37A7AF92350F94822ECC8997245D7358A87CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332484, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 504COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: 99912d3ef520630ec635b965e1f24a82263ea93f5cea964ac6df76f7c1f02cc2
        • Instruction ID: 38772afb86b6dfeb0a0dd84da02cdd2181a9520053443d02b2e7a84df6b662cf
        • Opcode Fuzzy Hash: 99912d3ef520630ec635b965e1f24a82263ea93f5cea964ac6df76f7c1f02cc2
        • Instruction Fuzzy Hash: BFF18D35A047468FDF319E388D647EB37A7AF92350F94822ECC8997149D7358A87CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023326D0, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 419COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: a2e30a0edf04036a207e84ac4378df4e369b9e264c0d8977191bc5430d53cafa
        • Instruction ID: 2b6cc3250a623f670249c03070b7bce4c6188dcacad55a48f1a1a1b982546903
        • Opcode Fuzzy Hash: a2e30a0edf04036a207e84ac4378df4e369b9e264c0d8977191bc5430d53cafa
        • Instruction Fuzzy Hash: DBD19C35A047468FDF355E3889643EB37A7AF92350F94822ECCD987149C7388A87CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023328A6, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 405COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: Z
        • API String ID: 0-1505515367
        • Opcode ID: ba64268293f730d569d38252a08068be6aa3e17513196fa9694ffb51ace78eb8
        • Instruction ID: 8b29be8c85fc6a1bae6e7f7df8dd16112a41c73cbeb8e6d46451577b1a283939
        • Opcode Fuzzy Hash: ba64268293f730d569d38252a08068be6aa3e17513196fa9694ffb51ace78eb8
        • Instruction Fuzzy Hash: F3D1A035A047469FDF359E2889647EF37A7AF92350F94C22ECC958B145CB384A87C612
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233290E, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 400COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: Z
        • API String ID: 0-1505515367
        • Opcode ID: d968840dbb5fe364d548097269a0d576ee641aa099b31ab6ab7d69643355ca51
        • Instruction ID: ac00e22045d5f39dba2df2dc8fcec38a4f6f686efd06d188cbdfef4936db6ea1
        • Opcode Fuzzy Hash: d968840dbb5fe364d548097269a0d576ee641aa099b31ab6ab7d69643355ca51
        • Instruction Fuzzy Hash: 84C18E35A047469BDF358D2889647EF3796AFD2360F94C32ECCD58B149CB394A87CA12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02335ECD, Relevance: 3.9, Strings: 2, Instructions: 1387COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: :v8w$h3t
        • API String ID: 1029625771-925667012
        • Opcode ID: ba1a7dbb28e401d951346abb09376905ac49a323409597f0483b23cfef176647
        • Instruction ID: 1990acf0318cd87a5f0c197bbe5f7d0342b17489a044fd428812c2c3b6950916
        • Opcode Fuzzy Hash: ba1a7dbb28e401d951346abb09376905ac49a323409597f0483b23cfef176647
        • Instruction Fuzzy Hash: ECA28A71B047069FDB35DE28CDA07EA73EABF95350F84422ADC89CB641D7349A86CB41
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023327C8, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 380COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: 3;1
        • API String ID: 0-3648596008
        • Opcode ID: 8a75b70cf590ee2c4ab6d93681062735fc422601e5f057ce42d7c25e5a1fbe4d
        • Instruction ID: b624ef5e097549468d704a5bb5d4be3f998ea40447cd029e016021a5c106624a
        • Opcode Fuzzy Hash: 8a75b70cf590ee2c4ab6d93681062735fc422601e5f057ce42d7c25e5a1fbe4d
        • Instruction Fuzzy Hash: 23C19D35A047468FDF355D3889643EB37A7AF92350F95822ECCD99B149CB358A87CB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233837A, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 337libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: Hpl
        • API String ID: 1029625771-467738278
        • Opcode ID: f83314ea4635fc6b282ebd3d67db067b2eefea9fb9168a6de7e394d868eeaa74
        • Instruction ID: d842ce6eb44da7eae7d97cc35c52e2a6475590ac721244c7bc442d0e3dea4fbf
        • Opcode Fuzzy Hash: f83314ea4635fc6b282ebd3d67db067b2eefea9fb9168a6de7e394d868eeaa74
        • Instruction Fuzzy Hash: 4EB15A71604309DFDF35DD298AE43EB37A7AF95350F84813ADD4A4BA09D7349B46CA02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02330CBA, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 312COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: Z
        • API String ID: 1029625771-1505515367
        • Opcode ID: e914ff7ea067cd1d33512dd748bb517152b8ee0841c72b9cb9a5dbea198c9f1d
        • Instruction ID: 180765bcf7d1c199c931f4b7920d9c2e69dc99deac2a05b3a48cd17f6ff597c4
        • Opcode Fuzzy Hash: e914ff7ea067cd1d33512dd748bb517152b8ee0841c72b9cb9a5dbea198c9f1d
        • Instruction Fuzzy Hash: 29918A35604B058BDF35AE64D9507FFB3EAAF92320F90462ACCD9D7145D3398A87CA12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233AE57, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 281COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: Z
        • API String ID: 0-1505515367
        • Opcode ID: 5668e318f9c038a4eee0a504ce52e6b01ad5212c58a02908414226c585d41c93
        • Instruction ID: 0aee1473e1e70086c50fccc761c826444542976716dc2f05952918e1d8235523
        • Opcode Fuzzy Hash: 5668e318f9c038a4eee0a504ce52e6b01ad5212c58a02908414226c585d41c93
        • Instruction Fuzzy Hash: D2717A7E600A044BDF318E599A547FEA79AEFD7364FA0C736CCD9DB20587290B074A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332C96, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: Z
        • API String ID: 0-1505515367
        • Opcode ID: 54b26f1f78a892f99de5303524a192be39e938960cb8a746d2e212fd4cb74b59
        • Instruction ID: 295bf7ba1d23982811d1c5060af9c2518d80f6df85983dd43f72467d15d18029
        • Opcode Fuzzy Hash: 54b26f1f78a892f99de5303524a192be39e938960cb8a746d2e212fd4cb74b59
        • Instruction Fuzzy Hash: ED61BC34A047869BDF328E3889693EE3B97AF92350F94C25FCCD54B189C7354687CA12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331102, Relevance: 3.3, Strings: 2, Instructions: 813COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w$Z
        • API String ID: 0-2093377488
        • Opcode ID: cbb3d047bf43ec09a707b3a50555df4ae4d211356ac686548f912d44cb7bfac8
        • Instruction ID: 6d4a6762e3c42f14997a49a4a105dabaea173f2890a16e41164547f145eaee60
        • Opcode Fuzzy Hash: cbb3d047bf43ec09a707b3a50555df4ae4d211356ac686548f912d44cb7bfac8
        • Instruction Fuzzy Hash: 26329C79704B058BCF318E68D9647EE77DAAF97320F908726DCDDDB241D7284A438A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023432FE, Relevance: 3.3, Strings: 2, Instructions: 787COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w$MR{E
        • API String ID: 0-1123612257
        • Opcode ID: c14451d67d3302d1aa2ce38ff64532488f77432af9437dd0c5a6b9a6352c8648
        • Instruction ID: 9a3bc60db47520f7eb73130e1385109713ed7b74645f8a417a021ce958bd10dd
        • Opcode Fuzzy Hash: c14451d67d3302d1aa2ce38ff64532488f77432af9437dd0c5a6b9a6352c8648
        • Instruction Fuzzy Hash: 6222CC757087449FDB318E289D947EA37EAEF96320F54426ADCCACB242D7388947C711
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233137D, Relevance: 3.2, Strings: 2, Instructions: 739COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w$Z
        • API String ID: 0-2093377488
        • Opcode ID: c93d29aef4db176cd7f5886ba3d2867301f70610dee47b18f3efce9ffc333c45
        • Instruction ID: de826e1705a37f8f6f2afe730ce33c4282fb3f7e6ed62045a3a5249d55096683
        • Opcode Fuzzy Hash: c93d29aef4db176cd7f5886ba3d2867301f70610dee47b18f3efce9ffc333c45
        • Instruction Fuzzy Hash: 9D12987A704A058BCF318E58AD647FD67DAAFD7320F908726DC9DDF241D7284A438A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331455, Relevance: 3.2, Strings: 2, Instructions: 711COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w$Z
        • API String ID: 0-2093377488
        • Opcode ID: 70c8b11b61e471777e4a4de66530c21909884f01ef8c33207f36f5260c96781e
        • Instruction ID: b7fc8d88add1db685ead02ba4a19bd20ae8fa569750c84552fa0e856fdc1ce1f
        • Opcode Fuzzy Hash: 70c8b11b61e471777e4a4de66530c21909884f01ef8c33207f36f5260c96781e
        • Instruction Fuzzy Hash: D212887A744A044BCF318D58AD54BFD67DAAFD7320F908726DC9DDF241D7284A438A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331530, Relevance: 3.2, Strings: 2, Instructions: 670COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w$Z
        • API String ID: 0-2093377488
        • Opcode ID: 5478fffedc39b3ba6a2a155e86a1802ac0ca25adf6954395941200ea6cdceec1
        • Instruction ID: a1ce152d68163a945ba52a97d608e43eda4424558dac10d06bf8e46cea02c6ff
        • Opcode Fuzzy Hash: 5478fffedc39b3ba6a2a155e86a1802ac0ca25adf6954395941200ea6cdceec1
        • Instruction Fuzzy Hash: 1B02977A740A044BCF318959A964BFE63CAAFD7320F908726CCDDDF241D7284A478A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233132E, Relevance: 3.0, Strings: 2, Instructions: 539COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w$Z
        • API String ID: 0-2093377488
        • Opcode ID: 46b1f7e8b032b4ebc37f9d34d14bb60cfc503cb1802e6e8d9c07963a860d31d0
        • Instruction ID: 372c285c18c4a98bc0b0a95a43204c90c01061cb8654ae21f2101fa4d1dca403
        • Opcode Fuzzy Hash: 46b1f7e8b032b4ebc37f9d34d14bb60cfc503cb1802e6e8d9c07963a860d31d0
        • Instruction Fuzzy Hash: 0BF1CC757447098BDF318E689D647EE33DAAF96360F80422ADCDDDB241D7388A47CA12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332842, Relevance: 1.9, APIs: 1, Instructions: 364COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: deff66d762e556b431bbfaab49469f39314718356de1a4ed57585984fa8cbf16
        • Instruction ID: af22b7ab24250e514193395c90fe870f9cd9758abcdb7f1054b9a22fc24d1db3
        • Opcode Fuzzy Hash: deff66d762e556b431bbfaab49469f39314718356de1a4ed57585984fa8cbf16
        • Instruction Fuzzy Hash: 66C1A1356047469FDF355D3889643EB37A7AF92350F94822ECCD98B589CB348A87CB12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023312EC, Relevance: 1.8, Strings: 1, Instructions: 557COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w
        • API String ID: 0-928025439
        • Opcode ID: c09f92b8f606eb551353d3fba786550cde5c8ac24e58ce7b5c7276f3e4919cc1
        • Instruction ID: 6da8b6ff73ff8327a676ef956b00f06718073e21f3e73784d74cabd7214e4a9e
        • Opcode Fuzzy Hash: c09f92b8f606eb551353d3fba786550cde5c8ac24e58ce7b5c7276f3e4919cc1
        • Instruction Fuzzy Hash: 70F1DD757447098BDF318E289D647EE33DAAF86360F90432ACCCDCB241D7388A478A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332A8A, Relevance: 1.8, APIs: 1, Instructions: 306COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 956f05d8d190169c0b6f9a17a9be59878e0b2392101860f7b990cb0cf67d2896
        • Instruction ID: b8340ff2f42c648db33c12c8e55fd3e245158aebf4511d086a118db1c78efb5f
        • Opcode Fuzzy Hash: 956f05d8d190169c0b6f9a17a9be59878e0b2392101860f7b990cb0cf67d2896
        • Instruction Fuzzy Hash: 1AA16C346047469BDF369E3889647EB37A7AF92350FD4C21ECCD58B189C7394A87C612
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02343398, Relevance: 1.8, Strings: 1, Instructions: 547COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w
        • API String ID: 0-928025439
        • Opcode ID: 45a3e2096a045e8da80dda95c29f71a7590953b8db3165c5eb3017095782f3fa
        • Instruction ID: d5375f4cccbc8d43681daa7a57b12ddf5144bf32521283340ca9230863c8afca
        • Opcode Fuzzy Hash: 45a3e2096a045e8da80dda95c29f71a7590953b8db3165c5eb3017095782f3fa
        • Instruction Fuzzy Hash: DDF1CC757447098BDF318E689D607EE33EAAF96360F90422ADCCDDB245D7388A47CA11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233AD36, Relevance: 1.8, Strings: 1, Instructions: 539COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w
        • API String ID: 0-928025439
        • Opcode ID: a3e5775ee6a3071064015908f8104e302d42a6e86b6ac633e790cd5fc7cd49ad
        • Instruction ID: e314263e1790bf812f2cd7cd0421980401602392e71d7705d77efab5fe4aafb1
        • Opcode Fuzzy Hash: a3e5775ee6a3071064015908f8104e302d42a6e86b6ac633e790cd5fc7cd49ad
        • Instruction Fuzzy Hash: C2F1CC757447098BDF318E689D647EE33DAAF96360F90822ADCCDDB241D7388A478B11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023313EB, Relevance: 1.8, Strings: 1, Instructions: 538COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w
        • API String ID: 0-928025439
        • Opcode ID: 901137cd7786b7d64b38ce7a3e72e191f29590fe5eab23b5e1796c1feee4a444
        • Instruction ID: 7abfd02ef9cc9a0a28c6bc411f005487125d039f3b6313355cdfa361addec60d
        • Opcode Fuzzy Hash: 901137cd7786b7d64b38ce7a3e72e191f29590fe5eab23b5e1796c1feee4a444
        • Instruction Fuzzy Hash: 4BF1CB797047098BDF318D6C9D647EE23DAAFD6360F908326DC8DDB241D7388A478A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332A38, Relevance: 1.8, APIs: 1, Instructions: 287COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 902011dfd765f8a866997c21f9551ae24d6a0d05dbce7f3a2545b254336d1780
        • Instruction ID: 0af98e8b93b747b1d74afd9ca617cafda124fe18cf6b1d01da5d5d3ef3464e47
        • Opcode Fuzzy Hash: 902011dfd765f8a866997c21f9551ae24d6a0d05dbce7f3a2545b254336d1780
        • Instruction Fuzzy Hash: D9A15C346047869BEF319E3889657EB37A7AF92350FD4C21ECCD587189CB354A87CA12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023312B6, Relevance: 1.8, Strings: 1, Instructions: 536COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID: :v8w
        • API String ID: 0-928025439
        • Opcode ID: cf90ef0fde80aeb5f45d005f196e9e922cc2562d2cc25410c5286565dc97d104
        • Instruction ID: 059f5518801411c20f0c75a98bc11ccdb40e254b43fdf281c6a09afcf1f76357
        • Opcode Fuzzy Hash: cf90ef0fde80aeb5f45d005f196e9e922cc2562d2cc25410c5286565dc97d104
        • Instruction Fuzzy Hash: 75F1BB757447098BDF318E689D647EE33DAAF96360F84422ADCCDDB241D7388A47CA12
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023312CE, Relevance: 1.8, Strings: 1, Instructions: 536COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: :v8w
        • API String ID: 1029625771-928025439
        • Opcode ID: d062dc200dc84d75846b65272d741cc9c0efb112d1a880dcff54912530deb778
        • Instruction ID: cb9b339d001482fb129a9a544aeba8dcc3aebb26d3e1d04acd34274189fcf394
        • Opcode Fuzzy Hash: d062dc200dc84d75846b65272d741cc9c0efb112d1a880dcff54912530deb778
        • Instruction Fuzzy Hash: 57F1CB757447098BDF318E689D647EE33EAAF96360F80422ACCCDDB245D7388A47CA11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331358, Relevance: 1.8, Strings: 1, Instructions: 531COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: :v8w
        • API String ID: 1029625771-928025439
        • Opcode ID: 61f0d9b07e82f6f0bd073722cd26bfc9593c79348203fe30fb486db96a5afdc6
        • Instruction ID: c939f797ff57d653bd2c5d477badc21bf13b3327873924edcfdbb45cc8ea79a7
        • Opcode Fuzzy Hash: 61f0d9b07e82f6f0bd073722cd26bfc9593c79348203fe30fb486db96a5afdc6
        • Instruction Fuzzy Hash: 15F1CA757447098BDF318E689D647EE33EAAF96360F90422ADCCDDB241D7388A47CA11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023314C8, Relevance: 1.8, Strings: 1, Instructions: 511COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: :v8w
        • API String ID: 1029625771-928025439
        • Opcode ID: 1d8f969455ebae76921bfb5af27c747c470564192ce7cc6ee87b22927b15d613
        • Instruction ID: b0ebe820ce9a3b6a072fb54b803df1ece13135748dc90f90c7bbf00c276a43ef
        • Opcode Fuzzy Hash: 1d8f969455ebae76921bfb5af27c747c470564192ce7cc6ee87b22927b15d613
        • Instruction Fuzzy Hash: 86E1BB7A7447098BDF318E5C9D647EE23DAAF87360F904326DCDDDB241D7284A478A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332AFE, Relevance: 1.8, APIs: 1, Instructions: 256COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID:
        • API String ID: 1029625771-0
        • Opcode ID: 9ed473c9096d1d7b89714dfb944f8b12c8271bf62ce584c2d9aed72ddaf24d64
        • Instruction ID: 36090390cb5a1d20d30489ee98c274a7c3c67023a555f28ef8a078062ad937e0
        • Opcode Fuzzy Hash: 9ed473c9096d1d7b89714dfb944f8b12c8271bf62ce584c2d9aed72ddaf24d64
        • Instruction Fuzzy Hash: 93916A34604786DBEF359E3889653EA37A7AF92390FD4C21ECCD587189CB354A87C612
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332B6E, Relevance: 1.7, APIs: 1, Instructions: 234COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID:
        • API String ID: 1029625771-0
        • Opcode ID: 81213b4d745b29469b3839f6a3dd06d06e84acc52f3579ea346b72212fc67a1a
        • Instruction ID: edda7eef69837a0fe8a852c9d5915f46a77b354b820a8368bbed7d1d177ce3b4
        • Opcode Fuzzy Hash: 81213b4d745b29469b3839f6a3dd06d06e84acc52f3579ea346b72212fc67a1a
        • Instruction Fuzzy Hash: 89817B34A08786DBDB359E3889653EA37A7AF92350FD4C21ECCD647189CB354687C702
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332BDE, Relevance: 1.7, APIs: 1, Instructions: 220COMMON
        Download Yara Rule
        APIs
        • TerminateProcess.KERNELBASE(9B8A4BDD), ref: 0233AD2C
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: ProcessTerminate
        • String ID:
        • API String ID: 560597551-0
        • Opcode ID: e72cde8988b2945300d19c273a708ab11c66d0ddcb9002bea41fbb93ac1fadae
        • Instruction ID: c856ecc6fafd133c468cbe0c0d00882150c106549101d1b2a4e7586b36dfda24
        • Opcode Fuzzy Hash: e72cde8988b2945300d19c273a708ab11c66d0ddcb9002bea41fbb93ac1fadae
        • Instruction Fuzzy Hash: 1E717B34A04786DBDB355E3889653EA37A7AF92350F94821ECCD547189C735468BCB02
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02335328, Relevance: 1.7, APIs: 1, Instructions: 207libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID:
        • API String ID: 1029625771-0
        • Opcode ID: 9972f94e510f8c8e6d2e58a52e3cd7d77500041cf9b5c69769f5fa3296a09962
        • Instruction ID: a1b25c2e7d5e514519609860e48ded34cb1d50b6ba4846eab8ad16bc1d661bc1
        • Opcode Fuzzy Hash: 9972f94e510f8c8e6d2e58a52e3cd7d77500041cf9b5c69769f5fa3296a09962
        • Instruction Fuzzy Hash: A061583160434A9FDF356E288DA47FE37A7AF95390FC5412DDC4A87554D7318A81CB01
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233AFFE, Relevance: 1.6, APIs: 1, Instructions: 113fileCOMMON
        Download Yara Rule
        APIs
        • CreateFileA.KERNELBASE(?,89851E9D,-55FCED85,-349B9A4F,714F8E39,BE11C2B1,9E2E2587,0233AE43), ref: 0233B261
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: CreateFile
        • String ID:
        • API String ID: 823142352-0
        • Opcode ID: a02f38040da92b58afb8f1255323d9491eed025c6d5ba15ffc52895d526d64c5
        • Instruction ID: fae1f9b5680f61b9e1dff16ae5b457ef26a9deeeb120fd941049540b58e1984d
        • Opcode Fuzzy Hash: a02f38040da92b58afb8f1255323d9491eed025c6d5ba15ffc52895d526d64c5
        • Instruction Fuzzy Hash: 9A318C757007198BDB304E798AE47EBA3A7EF99380F50C13DCD8A67648C7305E45C682
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233B03A, Relevance: 1.6, APIs: 1, Instructions: 107fileCOMMON
        Download Yara Rule
        APIs
        • CreateFileA.KERNELBASE(?,89851E9D,-55FCED85,-349B9A4F,714F8E39,BE11C2B1,9E2E2587,0233AE43), ref: 0233B261
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: CreateFile
        • String ID:
        • API String ID: 823142352-0
        • Opcode ID: 62788bd7f74b820c35eb2890212ee4ecc905444a6c2fa929872e75a3db25ddb4
        • Instruction ID: f4dad4bd19d03854b6d3af960cc47930375628fbb994a78882fc8c9799e6fe43
        • Opcode Fuzzy Hash: 62788bd7f74b820c35eb2890212ee4ecc905444a6c2fa929872e75a3db25ddb4
        • Instruction Fuzzy Hash: 2D31AE7AA007194BDB304E658A947EBA79BFFDA354FA0C235CD99AB204D3341E078A51
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233CFB6, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
        Download Yara Rule
        APIs
        • LdrInitializeThunk.NTDLL(02333EEB,00000000,?), ref: 0233CFD1
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: InitializeThunk
        • String ID:
        • API String ID: 2994545307-0
        • Opcode ID: 6bc357817f6eeaf02083a2aacdf4b815a795a92b6b7033ac5c59cdb56720df92
        • Instruction ID: be069ef70bdbd6be794466b1a43d4bc978c1cb02e2005e93376b39dbe6ec1e1d
        • Opcode Fuzzy Hash: 6bc357817f6eeaf02083a2aacdf4b815a795a92b6b7033ac5c59cdb56720df92
        • Instruction Fuzzy Hash: 03B09B757504443DD1417A39451A7452A155B91641BD4C045D0A046D0DCE5486567FD1
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331614, Relevance: .5, Instructions: 463COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 6141a2f535159f441a936c18dd0ff2e95bad5bdfe26a7ba5d0e046b00c02f877
        • Instruction ID: 6c8d4487e8f32524964fda0e6d4d6673ef9f0e6af1aa7fd358736ecf6560a5ae
        • Opcode Fuzzy Hash: 6141a2f535159f441a936c18dd0ff2e95bad5bdfe26a7ba5d0e046b00c02f877
        • Instruction Fuzzy Hash: 2DD18879704B098BDF318E589D647FE63DAAFC7360F94432ACC9DDB241D7284A478A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233167E, Relevance: .4, Instructions: 448COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 39acd7f657479f11d613402058a22a505cf7da2f05a30b9081260edde986152b
        • Instruction ID: 919cb6e3f0287ca624fa2038497b6944315ba0ea446799507db168e17eda2167
        • Opcode Fuzzy Hash: 39acd7f657479f11d613402058a22a505cf7da2f05a30b9081260edde986152b
        • Instruction Fuzzy Hash: D6C19879700B098BDF318D589D647FD63DAAFC7360F94472ACC9DDB281D7284A478A21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233BC50, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 274COMMON
        Download Yara Rule
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: A7sH$Z$5
        • API String ID: 1029625771-625699865
        • Opcode ID: 2596588e78415e9ff33e6b2372f2300b48e6c4ed34e53d4dde4f14329b6765d7
        • Instruction ID: 6e5d9601c086f3682320b1e82cb1639f1dddc1d9f6f73b5e39dda79626550602
        • Opcode Fuzzy Hash: 2596588e78415e9ff33e6b2372f2300b48e6c4ed34e53d4dde4f14329b6765d7
        • Instruction Fuzzy Hash: CB71357D6006058BDF319E55E9107EEB39ABFC6324FA0DA27C869EB245D73857038B21
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023310A7, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129COMMON
        Download Yara Rule
        APIs
        • EnumWindows.USER32(02331213,?,?,?,?,?,?,?,?,00000040,00000000,?), ref: 023310CA
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: EnumWindows
        • String ID: Z
        • API String ID: 1129996299-1505515367
        • Opcode ID: 8b12bff8d41f99e8064e3c64144e7e8123485a1cfe298bfde8eb7c0211971ed7
        • Instruction ID: 2aa31b0fb8597542fceb376fba02002483d4357f80adcc35faff668763f3793b
        • Opcode Fuzzy Hash: 8b12bff8d41f99e8064e3c64144e7e8123485a1cfe298bfde8eb7c0211971ed7
        • Instruction Fuzzy Hash: 46419A326087418FCB225E7889647EA7BE6AF92320F45465DCCCAAB146D3344A87DF41
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233F290, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 94libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: e
        • API String ID: 1029625771-4024072794
        • Opcode ID: 7db63b01e9c9080c3d14ef54dc0d06b2d43c51305805f1b2c1c95f76d33c7e92
        • Instruction ID: d54e4491d18e0122f8272df218b4595a6c11422ad8efe9ad11850ce8529d67d0
        • Opcode Fuzzy Hash: 7db63b01e9c9080c3d14ef54dc0d06b2d43c51305805f1b2c1c95f76d33c7e92
        • Instruction Fuzzy Hash: B3314731B043089EEF39AE299EE43EE231BAF953A0FC0812DDC0DC7905D7358B468A11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332FFA, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
        Download Yara Rule
        APIs
        • TerminateProcess.KERNELBASE(9B8A4BDD), ref: 0233AD2C
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: ProcessTerminate
        • String ID: Z
        • API String ID: 560597551-1505515367
        • Opcode ID: f19eadfac5fe2b12f6757fd8e6094e333e2de65eb9988d0974300bda712de47a
        • Instruction ID: 83afd6af856bd6bad2ea47be9d3001216bbacaf8ab31dc5447bfac2e6d3c77ce
        • Opcode Fuzzy Hash: f19eadfac5fe2b12f6757fd8e6094e333e2de65eb9988d0974300bda712de47a
        • Instruction Fuzzy Hash: EE21BE347447069BCB208A2859657FE739AAFD2310FD0C36ECCD28A049C73902878612
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233F46E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID: Z
        • API String ID: 1029625771-1505515367
        • Opcode ID: 7f9660085fcc4f20d86ffa0123b43216c2d4eab3fcdc25356b2c9e0d7a9f593b
        • Instruction ID: fc63b40f990e3f8432f2790e21728cdfc82e976e8b89f1e421cad7ddf5c5295f
        • Opcode Fuzzy Hash: 7f9660085fcc4f20d86ffa0123b43216c2d4eab3fcdc25356b2c9e0d7a9f593b
        • Instruction Fuzzy Hash: 1401422AB00A061B8F32A908FE14BFD674AFDE33307C08722EC19C9508CA1D8B030A20
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233F29A, Relevance: 1.8, APIs: 1, Instructions: 251COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: d72cc223317b307cd7da2e7292ef0b7d96a56f592fff07823bafcd7784969f57
        • Instruction ID: 3b85ce0cfdb2e031d81b1729505b8ec1a1bd26c09ad8d42cadcce689a7295ed8
        • Opcode Fuzzy Hash: d72cc223317b307cd7da2e7292ef0b7d96a56f592fff07823bafcd7784969f57
        • Instruction Fuzzy Hash: 7751332AB04A041B9F31994AAE54BFE678EFFD6334BE08732DC59CE645972D4B074831
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332E07, Relevance: 1.7, APIs: 1, Instructions: 162COMMON
        Download Yara Rule
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 63b968dbda812b595f1509be2350a2d9e127a2fa576f46d676c693dfedd8c149
        • Instruction ID: 701fefa0fca1ba60b89269ab0f346b17f96ed5b8e85c78601b8792504719f206
        • Opcode Fuzzy Hash: 63b968dbda812b595f1509be2350a2d9e127a2fa576f46d676c693dfedd8c149
        • Instruction Fuzzy Hash: D3516C346087C69BDB329E3889553EE7B96AFA3354FD4C25ECCC54B189C339068BC612
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233F37A, Relevance: 1.6, APIs: 1, Instructions: 142libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID:
        • API String ID: 1029625771-0
        • Opcode ID: 578838960ef5849ef6176b59fdfb6f7e0c69081d759db7f6265c803cedbe3bf4
        • Instruction ID: e58092f83e605f851947016283f4d04721787f4c74448ef7a6e2f6b1b691fa62
        • Opcode Fuzzy Hash: 578838960ef5849ef6176b59fdfb6f7e0c69081d759db7f6265c803cedbe3bf4
        • Instruction Fuzzy Hash: E331772EF04B040BCF32A959AE507FD674ABEE2370BD08735EC59CAA04C71987074921
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332E93, Relevance: 1.6, APIs: 1, Instructions: 138COMMON
        Download Yara Rule
        APIs
        • TerminateProcess.KERNELBASE(9B8A4BDD), ref: 0233AD2C
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: ProcessTerminate
        • String ID:
        • API String ID: 560597551-0
        • Opcode ID: c03274aff7ff0c95add2b85dd55f0069651ee84424631416224244949411fe9d
        • Instruction ID: 1a0e277cff0e2f4d6ac9e6aed4dc0e5b647c0284256ab321cdd4039b1b9e1e64
        • Opcode Fuzzy Hash: c03274aff7ff0c95add2b85dd55f0069651ee84424631416224244949411fe9d
        • Instruction Fuzzy Hash: 47417D34604786ABDB229A2889557FE7B5A6F93350FD0C35ECCD587089C73A028BC611
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233AB66, Relevance: 1.6, APIs: 1, Instructions: 128libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID:
        • API String ID: 1029625771-0
        • Opcode ID: e69051b1206a0a06c534908a51d4d49ba8d4332cfc215ca87ca6a853a0df1af7
        • Instruction ID: 28b6f580e094db3fa09aaf1c19b327ca35ed3398abf82eda5fa7c6e2f962ec5c
        • Opcode Fuzzy Hash: e69051b1206a0a06c534908a51d4d49ba8d4332cfc215ca87ca6a853a0df1af7
        • Instruction Fuzzy Hash: 53413731B043469FDF39AE298DE47EE339BAF953A0FC08129DC49C7905C7358B868A11
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332F19, Relevance: 1.6, APIs: 1, Instructions: 121COMMON
        Download Yara Rule
        APIs
        • TerminateProcess.KERNELBASE(9B8A4BDD), ref: 0233AD2C
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: ProcessTerminate
        • String ID:
        • API String ID: 560597551-0
        • Opcode ID: c5f3df926fa6566949cb7958719de723bb5fb529134c50f7681ede139d382951
        • Instruction ID: 8ecd1cc7db7badab2a007e48e52df78ad9c709361d2f8b9df8c09fb228ba3a02
        • Opcode Fuzzy Hash: c5f3df926fa6566949cb7958719de723bb5fb529134c50f7681ede139d382951
        • Instruction Fuzzy Hash: 07316224208BC367DB22893D49557FEAB8A5FD3350FD0C35ECCD587499D765068BC622
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233F30E, Relevance: 1.6, APIs: 1, Instructions: 110libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID:
        • API String ID: 1029625771-0
        • Opcode ID: 636c7065a60df87d03c17fedc04cafb3f41775208d615868ebdda1688b127bcc
        • Instruction ID: 5f5ebfce7461af6ec67b1d0a2a97e2e82c39fa6bfd4581805c22b292bc494422
        • Opcode Fuzzy Hash: 636c7065a60df87d03c17fedc04cafb3f41775208d615868ebdda1688b127bcc
        • Instruction Fuzzy Hash: 18313826B047044ADF35AD1AAE547EE134BAFD2370FC08726DC09CA655D72D8B074921
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02332F8B, Relevance: 1.6, APIs: 1, Instructions: 104COMMON
        Download Yara Rule
        APIs
        • TerminateProcess.KERNELBASE(9B8A4BDD), ref: 0233AD2C
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: ProcessTerminate
        • String ID:
        • API String ID: 560597551-0
        • Opcode ID: c1fd143043f6e87c269da09c858aae6d73241a90e264cb30e2dcfc1c341fc755
        • Instruction ID: 9843338f0d7f561a9f85293398279332f0e605e233dcf6e9450815fe773439ea
        • Opcode Fuzzy Hash: c1fd143043f6e87c269da09c858aae6d73241a90e264cb30e2dcfc1c341fc755
        • Instruction Fuzzy Hash: 3E316325748B8267DB22893949557FEAF8A6FD3310FD0C39ECCD287499D769028B8611
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233B0A2, Relevance: 1.6, APIs: 1, Instructions: 101fileCOMMON
        Download Yara Rule
        APIs
        • CreateFileA.KERNELBASE(?,89851E9D,-55FCED85,-349B9A4F,714F8E39,BE11C2B1,9E2E2587,0233AE43), ref: 0233B261
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: CreateFile
        • String ID:
        • API String ID: 823142352-0
        • Opcode ID: 15e41813c1b726f75a4bf2d5d64ffc2119bc6c76b17a6e3a616195ddbb13176e
        • Instruction ID: e5ec13df044d3bd605aca8221fb14376c5a8319428f75a714cf3aaca2fc22220
        • Opcode Fuzzy Hash: 15e41813c1b726f75a4bf2d5d64ffc2119bc6c76b17a6e3a616195ddbb13176e
        • Instruction Fuzzy Hash: 7B21887EE00A190BCB314E655984BEBA78BFFDA320FA08225CC5D9F209D7344E0785A0
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02330FB1, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
        Download Yara Rule
        APIs
        • EnumWindows.USER32(02331213,?,?,?,?,?,?,?,?,00000040,00000000,?), ref: 023310CA
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: EnumWindows
        • String ID:
        • API String ID: 1129996299-0
        • Opcode ID: b5e30a832f27dd9ab343b53170f8ae266aec1a96c485c2217334d9d2b8c32b45
        • Instruction ID: cd02d0ffc40863842968c490b3c01b5be0df642ab08919cf40692212ae34bb52
        • Opcode Fuzzy Hash: b5e30a832f27dd9ab343b53170f8ae266aec1a96c485c2217334d9d2b8c32b45
        • Instruction Fuzzy Hash: FA312132608301CFDB26AE348C647FF77A6AF96350F52422ECCCAA7505D3708A86CB45
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02331001, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
        Download Yara Rule
        APIs
        • EnumWindows.USER32(02331213,?,?,?,?,?,?,?,?,00000040,00000000,?), ref: 023310CA
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: EnumWindows
        • String ID:
        • API String ID: 1129996299-0
        • Opcode ID: b7b3c3524e8576addfa2a0e88590d76d7461f8107715af112d13a012ad5053bb
        • Instruction ID: 0f5aca47f01f6d5766cbf48c706c8e46a81054b6dd87f02efbe96c6a582c9e8f
        • Opcode Fuzzy Hash: b7b3c3524e8576addfa2a0e88590d76d7461f8107715af112d13a012ad5053bb
        • Instruction Fuzzy Hash: 3E3135326083019BCB26AE348C643EE7BA6AF96350F56011DCCCAAB455D3708A87CF45
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233104A, Relevance: 1.6, APIs: 1, Instructions: 90COMMON
        Download Yara Rule
        APIs
        • EnumWindows.USER32(02331213,?,?,?,?,?,?,?,?,00000040,00000000,?), ref: 023310CA
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: EnumWindows
        • String ID:
        • API String ID: 1129996299-0
        • Opcode ID: 322c5c5e4e1ae941d980be0ea9764a96c9eda14e9de0abcdea39609186a20524
        • Instruction ID: ba0f3d112afcc817e855b41747faa051cfe6ed21a604e5bf5702d48ac732cebc
        • Opcode Fuzzy Hash: 322c5c5e4e1ae941d980be0ea9764a96c9eda14e9de0abcdea39609186a20524
        • Instruction Fuzzy Hash: AA2149325083018FCB226E348D643EB7BE6AF92360F520619CCCAEB455D3344A87CF55
        Uniqueness

        Uniqueness Score: -1.00%

        Function 02333068, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
        Download Yara Rule
        APIs
        • TerminateProcess.KERNELBASE(9B8A4BDD), ref: 0233AD2C
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: ProcessTerminate
        • String ID:
        • API String ID: 560597551-0
        • Opcode ID: 4f5ff77214e1b646631d2edc16f2d0dc44f7ab7aa5699752ca18c8866c332931
        • Instruction ID: c1c66607f514016a0d8ac2dfaa178de032e3c5963ffe1de3e2d3873526c81e5a
        • Opcode Fuzzy Hash: 4f5ff77214e1b646631d2edc16f2d0dc44f7ab7aa5699752ca18c8866c332931
        • Instruction Fuzzy Hash: 29016B39705A045BDB208916AA257FF638EEFD2311FE0CB1ACC97CB155861906874A22
        Uniqueness

        Uniqueness Score: -1.00%

        Function 023310BC, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
        Download Yara Rule
        APIs
        • EnumWindows.USER32(02331213,?,?,?,?,?,?,?,?,00000040,00000000,?), ref: 023310CA
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: EnumWindows
        • String ID:
        • API String ID: 1129996299-0
        • Opcode ID: 3222b964f07f8ba8c6a1d1e09feb17581b544c7e84cd9a23b62527001d263633
        • Instruction ID: e5c5f5ad955b65dbe0544556e196d277201e2cfc82496f7e7509c068ffc355c2
        • Opcode Fuzzy Hash: 3222b964f07f8ba8c6a1d1e09feb17581b544c7e84cd9a23b62527001d263633
        • Instruction Fuzzy Hash: D61136325083018BDB616E3489653EB77E2BFA23A0F52051DCCDAE6445D3348A8BCF46
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233AC79, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
        Download Yara Rule
        APIs
        • TerminateProcess.KERNELBASE(9B8A4BDD), ref: 0233AD2C
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: ProcessTerminate
        • String ID:
        • API String ID: 560597551-0
        • Opcode ID: b8750bbbda7403676a8a1eeb64025bf60dfeaf8904151e3373ca784defba76a4
        • Instruction ID: 139148ede3137d151132ce04ae8a5a2a6f598caf8bd082b3c393a2cd12da2977
        • Opcode Fuzzy Hash: b8750bbbda7403676a8a1eeb64025bf60dfeaf8904151e3373ca784defba76a4
        • Instruction Fuzzy Hash: CF017D7D744A0447DF308905AD65BEE538FBFE3212EF0C722CC9ACE2548A1E424B5931
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233B20E, Relevance: 1.5, APIs: 1, Instructions: 45fileCOMMON
        Download Yara Rule
        APIs
        • CreateFileA.KERNELBASE(?,89851E9D,-55FCED85,-349B9A4F,714F8E39,BE11C2B1,9E2E2587,0233AE43), ref: 0233B261
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: CreateFile
        • String ID:
        • API String ID: 823142352-0
        • Opcode ID: 141fb9e7c995d04686edf4bc1044319843d494271115cdf8aacea5392aeef39f
        • Instruction ID: 0cb01df86a1a1a13b4f8b094df1d5763b9cbd7c748671c7702dedb188b31b3f9
        • Opcode Fuzzy Hash: 141fb9e7c995d04686edf4bc1044319843d494271115cdf8aacea5392aeef39f
        • Instruction Fuzzy Hash: 92F0826E760C041BCF30CE0AA958BEDA78EFFD6325BD08B61D95DDE20542681A174831
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233F4E8, Relevance: 1.5, APIs: 1, Instructions: 43libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID:
        • API String ID: 1029625771-0
        • Opcode ID: eb21a0d2d1b59772033d2cfdb96d3e4c74ddc7877240fa826b867139d16cc99e
        • Instruction ID: 9f516fa638b0e21302472fec73211e5fcb601337fb57bab4f40280bc1d210c52
        • Opcode Fuzzy Hash: eb21a0d2d1b59772033d2cfdb96d3e4c74ddc7877240fa826b867139d16cc99e
        • Instruction Fuzzy Hash: 29E06D1FB44D0517AE314D4EBE04BEDA78DACC73312E0DB32E929DD644860D96031830
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233CF42, Relevance: 1.5, APIs: 1, Instructions: 40libraryCOMMON
        Download Yara Rule
        APIs
        • LdrInitializeThunk.NTDLL(02333EEB,00000000,?), ref: 0233CFD1
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: InitializeThunk
        • String ID:
        • API String ID: 2994545307-0
        • Opcode ID: 3d2c93210dc73875b42135aa9decd676b21ad32ee5bafea928949ff5c1df7a41
        • Instruction ID: f111e7dd950988095722c902ab1175cb645c4b15372af1ef8619def6e196e8a2
        • Opcode Fuzzy Hash: 3d2c93210dc73875b42135aa9decd676b21ad32ee5bafea928949ff5c1df7a41
        • Instruction Fuzzy Hash: F2E092AE780D04178C61850AAA18BED978DE9D33212E0EB23D068ED25C8A4C07072A71
        Uniqueness

        Uniqueness Score: -1.00%

        Function 0233F452, Relevance: 1.5, APIs: 1, Instructions: 39libraryCOMMON
        Download Yara Rule
        APIs
        • LoadLibraryA.KERNELBASE(?,2B998097,?,02331370,?,?,?,?,?,?,?,00000040,00000000,?), ref: 0233F522
        Memory Dump Source
        • Source File: 00000000.00000002.461597054.0000000002330000.00000040.00000001.sdmp, Offset: 02330000, based on PE: false
        Similarity
        • API ID: LibraryLoad
        • String ID:
        • API String ID: 1029625771-0
        • Opcode ID: 6b445b9d005a212ba52aba36e769bfa03aae50c3cfea78c12cbef61feab5aa76
        • Instruction ID: e93d5bb9d859f9357b64be350dc76e8c979c985bd9d615131ed593806c11785d
        • Opcode Fuzzy Hash: 6b445b9d005a212ba52aba36e769bfa03aae50c3cfea78c12cbef61feab5aa76
        • Instruction Fuzzy Hash: 4DF05925B043076A8B373D3CA9567ED1B23BFA17B0BC4423EAC46C6C08CF1ACB068641
        Uniqueness

        Uniqueness Score: -1.00%

        Non-executed Functions