Windows Analysis Report scan files 15-9-21.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: FormBook |
---|
{"C2 list": ["www.lifewithbriana.com/mej0/"], "decoy": ["mtxs8.com", "quickskiplondon.com", "sltplanner.com", "generatedate.com", "amsinspections.com", "tomrings.com", "109friends.com", "freelovereading.com", "avalapartners.com", "nordiqueluxury.com", "inmbex.com", "everybankatm.com", "bo1899.com", "ashymeadow.com", "pubgm-chickendinner.com", "takudolunch.com", "carlagremiao.com", "actonetheatre.com", "wemhealth.com", "khasomat.net", "lartiqueusa.com", "singularity.institute", "ashsgx567d.com", "sequoiaparts.net", "ujriksalead.com", "ag99.xyz", "isabeltimon.com", "bijyo-topic.site", "homefuels.energy", "2ofakinddesigns.com", "iggglobal.com", "ravenlightproductions.com", "magicaltransform.com", "2936vaquero.com", "essentialme.network", "thebrathouse.info", "tecstrong.net", "ayulaksmi.com", "maximebazerque.com", "bankdj.com", "pizzaoff.com", "eastcohemp.com", "acordolimpo.com", "mediacpstreamchile.com", "wholesalefleuerdelis.com", "chuangyuanfz.com", "getcenteredwithclay.com", "retaboo.com", "ikonicboatcharters.com", "parakhonskiy.com", "tropical-therapy.com", "metropitstop.com", "municipiodeanton.net", "valorplanodesaudemaranhao.info", "alibabakanaat.com", "creditsoptionsnow.com", "arabgerman.digital", "webspazio.com", "sunsyncindia.com", "jlsolutionspty.com", "almightyamerican.com", "nadirshirts.com", "gdxinmu.com", "postcaremedical.com"]}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 24 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 1 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_00406A97 | |
Source: | Code function: | 2_2_00415692 | |
Source: | Code function: | 13_2_00876A97 | |
Source: | Code function: | 13_2_00885692 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
E-Banking Fraud: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
.NET source code contains very large strings | Show sources |
Source: | Long String: | ||
Source: | Long String: | ||
Source: | Long String: | ||
Source: | Long String: | ||
Source: | Long String: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_028530C0 | |
Source: | Code function: | 0_2_02856150 | |
Source: | Code function: | 0_2_028530B2 | |
Source: | Code function: | 0_2_028514FA | |
Source: | Code function: | 0_2_02851448 | |
Source: | Code function: | 0_2_02851458 | |
Source: | Code function: | 0_2_02850D88 | |
Source: | Code function: | 0_2_02850D98 | |
Source: | Code function: | 0_2_02852DD7 | |
Source: | Code function: | 0_2_02852DE8 | |
Source: | Code function: | 0_2_04E847B0 | |
Source: | Code function: | 0_2_04E8804C | |
Source: | Code function: | 0_2_04E8BF38 | |
Source: | Code function: | 0_2_04E8EACB | |
Source: | Code function: | 0_2_04E847A3 | |
Source: | Code function: | 0_2_04E8A100 | |
Source: | Code function: | 0_2_04E88104 | |
Source: | Code function: | 2_2_00401030 | |
Source: | Code function: | 2_2_00401174 | |
Source: | Code function: | 2_2_0041B9BD | |
Source: | Code function: | 2_2_0041BA6D | |
Source: | Code function: | 2_2_0041C31E | |
Source: | Code function: | 2_2_0041CB97 | |
Source: | Code function: | 2_2_00408C60 | |
Source: | Code function: | 2_2_00402D87 | |
Source: | Code function: | 2_2_00402D90 | |
Source: | Code function: | 2_2_0041C597 | |
Source: | Code function: | 2_2_0041C77C | |
Source: | Code function: | 2_2_0041BFCB | |
Source: | Code function: | 2_2_0041B7E3 | |
Source: | Code function: | 2_2_00402FB0 | |
Source: | Code function: | 13_2_0369EBB0 | |
Source: | Code function: | 13_2_03686E30 | |
Source: | Code function: | 13_2_03731D55 | |
Source: | Code function: | 13_2_03660D20 | |
Source: | Code function: | 13_2_03684120 | |
Source: | Code function: | 13_2_0366F900 | |
Source: | Code function: | 13_2_0367D5E0 | |
Source: | Code function: | 13_2_03692581 | |
Source: | Code function: | 13_2_03721002 | |
Source: | Code function: | 13_2_0367841F | |
Source: | Code function: | 13_2_036920A0 | |
Source: | Code function: | 13_2_0367B090 | |
Source: | Code function: | 13_2_0088CB97 | |
Source: | Code function: | 13_2_00878C60 | |
Source: | Code function: | 13_2_00872D87 | |
Source: | Code function: | 13_2_00872D90 | |
Source: | Code function: | 13_2_0088C597 | |
Source: | Code function: | 13_2_00872FB0 | |
Source: | Code function: | 13_2_0088B7E3 | |
Source: | Code function: | 13_2_0088C77C |
Source: | Code function: |
Source: | Code function: | 2_2_004181C0 | |
Source: | Code function: | 2_2_00418270 | |
Source: | Code function: | 2_2_004182F0 | |
Source: | Code function: | 2_2_004183A0 | |
Source: | Code function: | 2_2_0041826A | |
Source: | Code function: | 2_2_0041839A | |
Source: | Code function: | 13_2_036A9710 | |
Source: | Code function: | 13_2_036A9FE0 | |
Source: | Code function: | 13_2_036A9780 | |
Source: | Code function: | 13_2_036A9660 | |
Source: | Code function: | 13_2_036A9650 | |
Source: | Code function: | 13_2_036A9A50 | |
Source: | Code function: | 13_2_036A96E0 | |
Source: | Code function: | 13_2_036A96D0 | |
Source: | Code function: | 13_2_036A9540 | |
Source: | Code function: | 13_2_036A9910 | |
Source: | Code function: | 13_2_036A95D0 | |
Source: | Code function: | 13_2_036A99A0 | |
Source: | Code function: | 13_2_036A9860 | |
Source: | Code function: | 13_2_036A9840 | |
Source: | Code function: | 13_2_036A9760 | |
Source: | Code function: | 13_2_036A9770 | |
Source: | Code function: | 13_2_036AA770 | |
Source: | Code function: | 13_2_036A9730 | |
Source: | Code function: | 13_2_036A9B00 | |
Source: | Code function: | 13_2_036AA710 | |
Source: | Code function: | 13_2_036A97A0 | |
Source: | Code function: | 13_2_036AA3B0 | |
Source: | Code function: | 13_2_036A9670 | |
Source: | Code function: | 13_2_036A9A20 | |
Source: | Code function: | 13_2_036A9A00 | |
Source: | Code function: | 13_2_036A9610 | |
Source: | Code function: | 13_2_036A9A10 | |
Source: | Code function: | 13_2_036A9A80 | |
Source: | Code function: | 13_2_036A9560 | |
Source: | Code function: | 13_2_036A9950 | |
Source: | Code function: | 13_2_036A9520 | |
Source: | Code function: | 13_2_036AAD30 | |
Source: | Code function: | 13_2_036A95F0 | |
Source: | Code function: | 13_2_036A99D0 | |
Source: | Code function: | 13_2_036AB040 | |
Source: | Code function: | 13_2_036A9820 | |
Source: | Code function: | 13_2_036A98F0 | |
Source: | Code function: | 13_2_036A98A0 | |
Source: | Code function: | 13_2_008881C0 | |
Source: | Code function: | 13_2_008882F0 | |
Source: | Code function: | 13_2_00888270 | |
Source: | Code function: | 13_2_008883A0 | |
Source: | Code function: | 13_2_0088826A | |
Source: | Code function: | 13_2_0088839A |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_04E8E624 | |
Source: | Code function: | 0_2_04E8D133 | |
Source: | Code function: | 0_2_04E8E907 | |
Source: | Code function: | 0_2_04E8EA5E | |
Source: | Code function: | 2_2_0041C91E | |
Source: | Code function: | 2_2_0041C91E | |
Source: | Code function: | 2_2_0040429E | |
Source: | Code function: | 2_2_0041B408 | |
Source: | Code function: | 2_2_0041B472 | |
Source: | Code function: | 2_2_0041B408 | |
Source: | Code function: | 2_2_0041B472 | |
Source: | Code function: | 13_2_036BD0E4 | |
Source: | Code function: | 13_2_0088C91E | |
Source: | Code function: | 13_2_0088C91E | |
Source: | Code function: | 13_2_0087429E | |
Source: | Code function: | 13_2_0088B408 | |
Source: | Code function: | 13_2_0088B472 | |
Source: | Code function: | 13_2_0088B408 | |
Source: | Code function: | 13_2_0088B472 |
Source: | Static PE information: |
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection: |
---|
Self deletion via cmd delete | Show sources |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 2_2_004088B0 |
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_004088B0 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 13_2_0366DB60 | |
Source: | Code function: | 13_2_0367FF60 | |
Source: | Code function: | 13_2_03693B7A | |
Source: | Code function: | 13_2_03693B7A | |
Source: | Code function: | 13_2_03738F6A | |
Source: | Code function: | 13_2_0366DB40 | |
Source: | Code function: | 13_2_0367EF40 | |
Source: | Code function: | 13_2_03738B58 | |
Source: | Code function: | 13_2_0366F358 | |
Source: | Code function: | 13_2_03664F2E | |
Source: | Code function: | 13_2_03664F2E | |
Source: | Code function: | 13_2_0369E730 | |
Source: | Code function: | 13_2_0369A70E | |
Source: | Code function: | 13_2_0369A70E | |
Source: | Code function: | 13_2_0372131B | |
Source: | Code function: | 13_2_0373070D | |
Source: | Code function: | 13_2_0373070D | |
Source: | Code function: | 13_2_0368F716 | |
Source: | Code function: | 13_2_036FFF10 | |
Source: | Code function: | 13_2_036FFF10 | |
Source: | Code function: | 13_2_036903E2 | |
Source: | Code function: | 13_2_036903E2 | |
Source: | Code function: | 13_2_036903E2 | |
Source: | Code function: | 13_2_036903E2 | |
Source: | Code function: | 13_2_036903E2 | |
Source: | Code function: | 13_2_036903E2 | |
Source: | Code function: | 13_2_036A37F5 | |
Source: | Code function: | 13_2_036E53CA | |
Source: | Code function: | 13_2_036E53CA | |
Source: | Code function: | 13_2_03694BAD | |
Source: | Code function: | 13_2_03694BAD | |
Source: | Code function: | 13_2_03694BAD | |
Source: | Code function: | 13_2_03735BA5 | |
Source: | Code function: | 13_2_03671B8F | |
Source: | Code function: | 13_2_03671B8F | |
Source: | Code function: | 13_2_0371D380 | |
Source: | Code function: | 13_2_03678794 | |
Source: | Code function: | 13_2_0372138A | |
Source: | Code function: | 13_2_0369B390 | |
Source: | Code function: | 13_2_036E7794 | |
Source: | Code function: | 13_2_036E7794 | |
Source: | Code function: | 13_2_036E7794 | |
Source: | Code function: | 13_2_03692397 | |
Source: | Code function: | 13_2_0367766D | |
Source: | Code function: | 13_2_036A927A | |
Source: | Code function: | 13_2_0371B260 | |
Source: | Code function: | 13_2_0371B260 | |
Source: | Code function: | 13_2_03738A62 | |
Source: | Code function: | 13_2_0368AE73 | |
Source: | Code function: | 13_2_0368AE73 | |
Source: | Code function: | 13_2_0368AE73 | |
Source: | Code function: | 13_2_0368AE73 | |
Source: | Code function: | 13_2_0368AE73 | |
Source: | Code function: | 13_2_03669240 | |
Source: | Code function: | 13_2_03669240 | |
Source: | Code function: | 13_2_03669240 | |
Source: | Code function: | 13_2_03669240 | |
Source: | Code function: | 13_2_03677E41 | |
Source: | Code function: | 13_2_03677E41 | |
Source: | Code function: | 13_2_03677E41 | |
Source: | Code function: | 13_2_03677E41 | |
Source: | Code function: | 13_2_03677E41 | |
Source: | Code function: | 13_2_03677E41 | |
Source: | Code function: | 13_2_036F4257 | |
Source: | Code function: | 13_2_0366E620 | |
Source: | Code function: | 13_2_036A4A2C | |
Source: | Code function: | 13_2_036A4A2C | |
Source: | Code function: | 13_2_0371FE3F | |
Source: | Code function: | 13_2_0366C600 | |
Source: | Code function: | 13_2_0366C600 | |
Source: | Code function: | 13_2_0366C600 | |
Source: | Code function: | 13_2_03698E00 | |
Source: | Code function: | 13_2_03678A0A | |
Source: | Code function: | 13_2_0366AA16 | |
Source: | Code function: | 13_2_0366AA16 | |
Source: | Code function: | 13_2_03683A1C | |
Source: | Code function: | 13_2_0369A61C | |
Source: | Code function: | 13_2_0369A61C | |
Source: | Code function: | 13_2_036776E2 | |
Source: | Code function: | 13_2_036916E0 | |
Source: | Code function: | 13_2_03692AE4 | |
Source: | Code function: | 13_2_03692ACB | |
Source: | Code function: | 13_2_03738ED6 | |
Source: | Code function: | 13_2_036936CC | |
Source: | Code function: | 13_2_036A8EC7 | |
Source: | Code function: | 13_2_0371FEC0 | |
Source: | Code function: | 13_2_036652A5 | |
Source: | Code function: | 13_2_036652A5 | |
Source: | Code function: | 13_2_036652A5 | |
Source: | Code function: | 13_2_036652A5 | |
Source: | Code function: | 13_2_036652A5 | |
Source: | Code function: | 13_2_036E46A7 | |
Source: | Code function: | 13_2_03730EA5 | |
Source: | Code function: | 13_2_03730EA5 | |
Source: | Code function: | 13_2_03730EA5 | |
Source: | Code function: | 13_2_0367AAB0 | |
Source: | Code function: | 13_2_0367AAB0 | |
Source: | Code function: | 13_2_0369FAB0 | |
Source: | Code function: | 13_2_036FFE87 | |
Source: | Code function: | 13_2_0369D294 | |
Source: | Code function: | 13_2_0369D294 | |
Source: | Code function: | 13_2_0366C962 | |
Source: | Code function: | 13_2_0366B171 | |
Source: | Code function: | 13_2_0366B171 | |
Source: | Code function: | 13_2_0368C577 | |
Source: | Code function: | 13_2_0368C577 | |
Source: | Code function: | 13_2_036A3D43 | |
Source: | Code function: | 13_2_0368B944 | |
Source: | Code function: | 13_2_0368B944 | |
Source: | Code function: | 13_2_036E3540 | |
Source: | Code function: | 13_2_03687D50 | |
Source: | Code function: | 13_2_03738D34 | |
Source: | Code function: | 13_2_03684120 | |
Source: | Code function: | 13_2_03684120 | |
Source: | Code function: | 13_2_03684120 | |
Source: | Code function: | 13_2_03684120 | |
Source: | Code function: | 13_2_03684120 | |
Source: | Code function: | 13_2_03694D3B | |
Source: | Code function: | 13_2_03694D3B | |
Source: | Code function: | 13_2_03694D3B | |
Source: | Code function: | 13_2_0369513A | |
Source: | Code function: | 13_2_0369513A | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_03673D34 | |
Source: | Code function: | 13_2_0366AD30 | |
Source: | Code function: | 13_2_036EA537 | |
Source: | Code function: | 13_2_03669100 | |
Source: | Code function: | 13_2_03669100 | |
Source: | Code function: | 13_2_03669100 | |
Source: | Code function: | 13_2_03718DF1 | |
Source: | Code function: | 13_2_0366B1E1 | |
Source: | Code function: | 13_2_0366B1E1 | |
Source: | Code function: | 13_2_0366B1E1 | |
Source: | Code function: | 13_2_036F41E8 | |
Source: | Code function: | 13_2_0367D5E0 | |
Source: | Code function: | 13_2_0367D5E0 | |
Source: | Code function: | 13_2_036935A1 | |
Source: | Code function: | 13_2_036E69A6 | |
Source: | Code function: | 13_2_036961A0 | |
Source: | Code function: | 13_2_036961A0 | |
Source: | Code function: | 13_2_036E51BE | |
Source: | Code function: | 13_2_036E51BE | |
Source: | Code function: | 13_2_036E51BE | |
Source: | Code function: | 13_2_036E51BE | |
Source: | Code function: | 13_2_03691DB5 | |
Source: | Code function: | 13_2_03691DB5 | |
Source: | Code function: | 13_2_03691DB5 | |
Source: | Code function: | 13_2_03692581 | |
Source: | Code function: | 13_2_03692581 | |
Source: | Code function: | 13_2_03692581 | |
Source: | Code function: | 13_2_03692581 | |
Source: | Code function: | 13_2_0368C182 | |
Source: | Code function: | 13_2_0369A185 | |
Source: | Code function: | 13_2_03662D8A | |
Source: | Code function: | 13_2_03662D8A | |
Source: | Code function: | 13_2_03662D8A | |
Source: | Code function: | 13_2_03662D8A | |
Source: | Code function: | 13_2_03662D8A | |
Source: | Code function: | 13_2_0369FD9B | |
Source: | Code function: | 13_2_0369FD9B | |
Source: | Code function: | 13_2_03692990 | |
Source: | Code function: | 13_2_03722073 | |
Source: | Code function: | 13_2_0368746D | |
Source: | Code function: | 13_2_03731074 | |
Source: | Code function: | 13_2_0369A44B | |
Source: | Code function: | 13_2_03680050 | |
Source: | Code function: | 13_2_03680050 | |
Source: | Code function: | 13_2_036FC450 | |
Source: | Code function: | 13_2_036FC450 | |
Source: | Code function: | 13_2_0369002D | |
Source: | Code function: | 13_2_0369002D | |
Source: | Code function: | 13_2_0369002D | |
Source: | Code function: | 13_2_0369002D | |
Source: | Code function: | 13_2_0369002D | |
Source: | Code function: | 13_2_0369BC2C | |
Source: | Code function: | 13_2_0367B02A | |
Source: | Code function: | 13_2_0367B02A | |
Source: | Code function: | 13_2_0367B02A | |
Source: | Code function: | 13_2_0367B02A | |
Source: | Code function: | 13_2_036E6C0A | |
Source: | Code function: | 13_2_036E6C0A | |
Source: | Code function: | 13_2_036E6C0A | |
Source: | Code function: | 13_2_036E6C0A | |
Source: | Code function: | 13_2_03734015 | |
Source: | Code function: | 13_2_03734015 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_03721C06 | |
Source: | Code function: | 13_2_036E7016 | |
Source: | Code function: | 13_2_036E7016 | |
Source: | Code function: | 13_2_036E7016 | |
Source: | Code function: | 13_2_0373740D | |
Source: | Code function: | 13_2_0373740D | |
Source: | Code function: | 13_2_0373740D | |
Source: | Code function: | 13_2_037214FB | |
Source: | Code function: | 13_2_036658EC | |
Source: | Code function: | 13_2_036E6CF0 | |
Source: | Code function: | 13_2_036E6CF0 | |
Source: | Code function: | 13_2_036E6CF0 | |
Source: | Code function: | 13_2_03738CD6 | |
Source: | Code function: | 13_2_036FB8D0 | |
Source: | Code function: | 13_2_036FB8D0 | |
Source: | Code function: | 13_2_036FB8D0 | |
Source: | Code function: | 13_2_036FB8D0 | |
Source: | Code function: | 13_2_036FB8D0 | |
Source: | Code function: | 13_2_036FB8D0 | |
Source: | Code function: | 13_2_036A90AF | |
Source: | Code function: | 13_2_036920A0 | |
Source: | Code function: | 13_2_036920A0 | |
Source: | Code function: | 13_2_036920A0 | |
Source: | Code function: | 13_2_036920A0 | |
Source: | Code function: | 13_2_036920A0 | |
Source: | Code function: | 13_2_036920A0 | |
Source: | Code function: | 13_2_0369F0BF | |
Source: | Code function: | 13_2_0369F0BF | |
Source: | Code function: | 13_2_0369F0BF | |
Source: | Code function: | 13_2_03669080 | |
Source: | Code function: | 13_2_036E3884 | |
Source: | Code function: | 13_2_036E3884 | |
Source: | Code function: | 13_2_0367849B |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_00409B20 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: |
Sample uses process hollowing technique | Show sources |
Source: | Section unmapped: | Jump to behavior |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Queues an APC in another process (thread injection) | Show sources |
Source: | Thread APC queued: | Jump to behavior |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Shared Modules1 | Path Interception | Process Injection612 | Masquerading1 | OS Credential Dumping | Security Software Discovery221 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Process Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion31 | Security Account Manager | Virtualization/Sandbox Evasion31 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection612 | NTDS | Remote System Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol12 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Deobfuscate/Decode Files or Information11 | LSA Secrets | System Information Discovery112 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information4 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing13 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Timestomp1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | File Deletion1 | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | Virustotal | Browse | ||
27% | ReversingLabs | ByteCode-MSIL.Spyware.Noon | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.getcenteredwithclay.com | 99.83.154.118 | true | true | unknown | |
www.nordiqueluxury.com | 84.34.147.60 | true | true | unknown | |
quickskiplondon.com | 34.98.99.30 | true | false | unknown | |
valorplanodesaudemaranhao.info | 34.98.99.30 | true | false | unknown | |
www.singularity.institute | 172.67.196.84 | true | true | unknown | |
www.municipiodeanton.net | 35.237.65.63 | true | false | unknown | |
www.valorplanodesaudemaranhao.info | unknown | unknown | true | unknown | |
www.everybankatm.com | unknown | unknown | true | unknown | |
www.parakhonskiy.com | unknown | unknown | true | unknown | |
www.lifewithbriana.com | unknown | unknown | true | unknown | |
www.actonetheatre.com | unknown | unknown | true | unknown | |
www.quickskiplondon.com | unknown | unknown | true | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| low | |
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.196.84 | www.singularity.institute | United States | 13335 | CLOUDFLARENETUS | true | |
35.237.65.63 | www.municipiodeanton.net | United States | 15169 | GOOGLEUS | false | |
34.98.99.30 | quickskiplondon.com | United States | 15169 | GOOGLEUS | false | |
84.34.147.60 | www.nordiqueluxury.com | Finland | 1759 | TSF-IP-CORETeliaFinlandOyjEU | true |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 483582 |
Start date: | 15.09.2021 |
Start time: | 09:29:55 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | scan files 15-9-21.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@7/1@10/4 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:30:58 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
84.34.147.60 | Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
www.nordiqueluxury.com | Get hash | malicious | Browse |
| |
www.getcenteredwithclay.com | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
TSF-IP-CORETeliaFinlandOyjEU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\scan files 15-9-21.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.355304211458859 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr |
MD5: | FED34146BF2F2FA59DCF8702FCC8232E |
SHA1: | B03BFEA175989D989850CF06FE5E7BBF56EAA00A |
SHA-256: | 123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C |
SHA-512: | 1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.19858583337036 |
TrID: |
|
File name: | scan files 15-9-21.exe |
File size: | 569344 |
MD5: | 00e32d8a2cbd54e967bfc8f512086ecf |
SHA1: | f51b70a2117089a87b0daf6f179a3b492acf58f2 |
SHA256: | 36d409b61a0f456cb3e593338ebf2db1fae38ea645392d98030bc7e7a0eb9a3c |
SHA512: | 2996b453b9096b7cbd8eadbe602a80bbf1ba9f721079b657e672fcade97ff8b098aabc81ebb1beb97acaece0ab97e9d0cb33fb90af17bcb66d00ba0787763c48 |
SSDEEP: | 12288:L9QzWHCM2K4C50eP5X3Ev1s9oQuaZMk7zI7h4UkLNr:ap3C50QU7pqMiZr |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Y...............0.................. ........@.. ....................... ............@................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x48c58a |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0xEB59C8A3 [Mon Feb 14 13:50:27 2095 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8c538 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8e000 | 0x5a4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x90000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x8c51c | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x8a590 | 0x8a600 | False | 0.766540692751 | data | 7.20919367006 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x8e000 | 0x5a4 | 0x600 | False | 0.419921875 | data | 4.06388975839 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x90000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x8e090 | 0x314 | data | ||
RT_MANIFEST | 0x8e3b4 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2019 |
Assembly Version | 1.0.0.0 |
InternalName | IObserv.exe |
FileVersion | 1.0.0.0 |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | Disciples |
ProductVersion | 1.0.0.0 |
FileDescription | Disciples |
OriginalFilename | IObserv.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
09/15/21-09:32:30.950508 | TCP | 2031453 | ET TROJAN FormBook CnC Checkin (GET) | 49777 | 80 | 192.168.2.7 | 34.98.99.30 |
09/15/21-09:32:30.950508 | TCP | 2031449 | ET TROJAN FormBook CnC Checkin (GET) | 49777 | 80 | 192.168.2.7 | 34.98.99.30 |
09/15/21-09:32:30.950508 | TCP | 2031412 | ET TROJAN FormBook CnC Checkin (GET) | 49777 | 80 | 192.168.2.7 | 34.98.99.30 |
09/15/21-09:32:31.066398 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49777 | 34.98.99.30 | 192.168.2.7 |
09/15/21-09:32:36.281712 | TCP | 2031453 | ET TROJAN FormBook CnC Checkin (GET) | 49779 | 80 | 192.168.2.7 | 35.237.65.63 |
09/15/21-09:32:36.281712 | TCP | 2031449 | ET TROJAN FormBook CnC Checkin (GET) | 49779 | 80 | 192.168.2.7 | 35.237.65.63 |
09/15/21-09:32:36.281712 | TCP | 2031412 | ET TROJAN FormBook CnC Checkin (GET) | 49779 | 80 | 192.168.2.7 | 35.237.65.63 |
09/15/21-09:32:46.690689 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49783 | 34.98.99.30 | 192.168.2.7 |
09/15/21-09:33:01.969573 | TCP | 2031453 | ET TROJAN FormBook CnC Checkin (GET) | 49785 | 80 | 192.168.2.7 | 99.83.154.118 |
09/15/21-09:33:01.969573 | TCP | 2031449 | ET TROJAN FormBook CnC Checkin (GET) | 49785 | 80 | 192.168.2.7 | 99.83.154.118 |
09/15/21-09:33:01.969573 | TCP | 2031412 | ET TROJAN FormBook CnC Checkin (GET) | 49785 | 80 | 192.168.2.7 | 99.83.154.118 |
09/15/21-09:33:02.127468 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49785 | 99.83.154.118 | 192.168.2.7 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 15, 2021 09:32:25.311448097 CEST | 49776 | 80 | 192.168.2.7 | 84.34.147.60 |
Sep 15, 2021 09:32:25.355458975 CEST | 80 | 49776 | 84.34.147.60 | 192.168.2.7 |
Sep 15, 2021 09:32:25.355602980 CEST | 49776 | 80 | 192.168.2.7 | 84.34.147.60 |
Sep 15, 2021 09:32:25.355875015 CEST | 49776 | 80 | 192.168.2.7 | 84.34.147.60 |
Sep 15, 2021 09:32:25.401727915 CEST | 80 | 49776 | 84.34.147.60 | 192.168.2.7 |
Sep 15, 2021 09:32:25.855149031 CEST | 49776 | 80 | 192.168.2.7 | 84.34.147.60 |
Sep 15, 2021 09:32:25.940481901 CEST | 80 | 49776 | 84.34.147.60 | 192.168.2.7 |
Sep 15, 2021 09:32:26.165246964 CEST | 80 | 49776 | 84.34.147.60 | 192.168.2.7 |
Sep 15, 2021 09:32:26.165589094 CEST | 49776 | 80 | 192.168.2.7 | 84.34.147.60 |
Sep 15, 2021 09:32:30.931153059 CEST | 49777 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:30.950155020 CEST | 80 | 49777 | 34.98.99.30 | 192.168.2.7 |
Sep 15, 2021 09:32:30.950297117 CEST | 49777 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:30.950508118 CEST | 49777 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:30.969476938 CEST | 80 | 49777 | 34.98.99.30 | 192.168.2.7 |
Sep 15, 2021 09:32:31.066397905 CEST | 80 | 49777 | 34.98.99.30 | 192.168.2.7 |
Sep 15, 2021 09:32:31.066421032 CEST | 80 | 49777 | 34.98.99.30 | 192.168.2.7 |
Sep 15, 2021 09:32:31.066636086 CEST | 49777 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:31.066706896 CEST | 49777 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:31.370994091 CEST | 49777 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:31.390058994 CEST | 80 | 49777 | 34.98.99.30 | 192.168.2.7 |
Sep 15, 2021 09:32:36.128412962 CEST | 49779 | 80 | 192.168.2.7 | 35.237.65.63 |
Sep 15, 2021 09:32:36.281326056 CEST | 80 | 49779 | 35.237.65.63 | 192.168.2.7 |
Sep 15, 2021 09:32:36.281476974 CEST | 49779 | 80 | 192.168.2.7 | 35.237.65.63 |
Sep 15, 2021 09:32:36.281712055 CEST | 49779 | 80 | 192.168.2.7 | 35.237.65.63 |
Sep 15, 2021 09:32:36.435966015 CEST | 80 | 49779 | 35.237.65.63 | 192.168.2.7 |
Sep 15, 2021 09:32:36.436259031 CEST | 49779 | 80 | 192.168.2.7 | 35.237.65.63 |
Sep 15, 2021 09:32:36.436321974 CEST | 49779 | 80 | 192.168.2.7 | 35.237.65.63 |
Sep 15, 2021 09:32:36.589621067 CEST | 80 | 49779 | 35.237.65.63 | 192.168.2.7 |
Sep 15, 2021 09:32:46.556646109 CEST | 49783 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:46.573898077 CEST | 80 | 49783 | 34.98.99.30 | 192.168.2.7 |
Sep 15, 2021 09:32:46.574109077 CEST | 49783 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:46.574167967 CEST | 49783 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:46.591782093 CEST | 80 | 49783 | 34.98.99.30 | 192.168.2.7 |
Sep 15, 2021 09:32:46.690689087 CEST | 80 | 49783 | 34.98.99.30 | 192.168.2.7 |
Sep 15, 2021 09:32:46.690709114 CEST | 80 | 49783 | 34.98.99.30 | 192.168.2.7 |
Sep 15, 2021 09:32:46.690870047 CEST | 49783 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:46.690979958 CEST | 49783 | 80 | 192.168.2.7 | 34.98.99.30 |
Sep 15, 2021 09:32:46.712646961 CEST | 80 | 49783 | 34.98.99.30 | 192.168.2.7 |
Sep 15, 2021 09:32:56.832087994 CEST | 49784 | 80 | 192.168.2.7 | 172.67.196.84 |
Sep 15, 2021 09:32:56.849196911 CEST | 80 | 49784 | 172.67.196.84 | 192.168.2.7 |
Sep 15, 2021 09:32:56.849431992 CEST | 49784 | 80 | 192.168.2.7 | 172.67.196.84 |
Sep 15, 2021 09:32:56.849651098 CEST | 49784 | 80 | 192.168.2.7 | 172.67.196.84 |
Sep 15, 2021 09:32:56.866990089 CEST | 80 | 49784 | 172.67.196.84 | 192.168.2.7 |
Sep 15, 2021 09:32:56.879559040 CEST | 80 | 49784 | 172.67.196.84 | 192.168.2.7 |
Sep 15, 2021 09:32:56.879606009 CEST | 80 | 49784 | 172.67.196.84 | 192.168.2.7 |
Sep 15, 2021 09:32:56.879858971 CEST | 49784 | 80 | 192.168.2.7 | 172.67.196.84 |
Sep 15, 2021 09:32:56.879893064 CEST | 49784 | 80 | 192.168.2.7 | 172.67.196.84 |
Sep 15, 2021 09:32:56.896967888 CEST | 80 | 49784 | 172.67.196.84 | 192.168.2.7 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 15, 2021 09:31:02.172333002 CEST | 55411 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:31:02.213270903 CEST | 53 | 55411 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:31:20.911829948 CEST | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:31:20.942398071 CEST | 53 | 63668 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:31:42.785012007 CEST | 54640 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:31:42.816731930 CEST | 53 | 54640 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:31:56.671912909 CEST | 58739 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:31:56.735091925 CEST | 53 | 58739 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:31:57.347942114 CEST | 60338 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:31:57.377293110 CEST | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:31:58.042824984 CEST | 58717 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:31:58.079823017 CEST | 53 | 58717 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:31:58.428492069 CEST | 59762 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:31:58.456912994 CEST | 53 | 59762 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:31:58.853620052 CEST | 54329 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:31:58.879784107 CEST | 53 | 54329 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:31:59.454643011 CEST | 58052 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:31:59.481228113 CEST | 53 | 58052 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:00.086487055 CEST | 54008 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:00.106697083 CEST | 59451 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:00.113393068 CEST | 53 | 54008 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:00.150398016 CEST | 53 | 59451 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:00.999397039 CEST | 52914 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:01.050944090 CEST | 53 | 52914 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:02.049164057 CEST | 64569 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:02.075681925 CEST | 53 | 64569 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:02.655895948 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:02.682467937 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:06.774791956 CEST | 50781 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:06.810134888 CEST | 53 | 50781 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:15.156395912 CEST | 54230 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:15.200252056 CEST | 53 | 54230 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:20.220448017 CEST | 54911 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:20.252281904 CEST | 53 | 54911 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:25.266566992 CEST | 49958 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:25.306921959 CEST | 53 | 49958 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:30.899986982 CEST | 50860 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:30.930033922 CEST | 53 | 50860 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:35.332555056 CEST | 50452 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:35.367420912 CEST | 53 | 50452 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:36.077837944 CEST | 59730 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:36.127427101 CEST | 53 | 59730 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:37.048358917 CEST | 59310 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:37.086397886 CEST | 53 | 59310 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:46.523246050 CEST | 51919 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:46.555305958 CEST | 53 | 51919 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:51.709719896 CEST | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:51.762979031 CEST | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:32:56.789498091 CEST | 56680 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:32:56.830826044 CEST | 53 | 56680 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:33:01.890949965 CEST | 58820 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:33:01.949892998 CEST | 53 | 58820 | 8.8.8.8 | 192.168.2.7 |
Sep 15, 2021 09:33:07.141978025 CEST | 60983 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 15, 2021 09:33:07.173832893 CEST | 53 | 60983 | 8.8.8.8 | 192.168.2.7 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 15, 2021 09:32:15.156395912 CEST | 192.168.2.7 | 8.8.8.8 | 0xb760 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:32:20.220448017 CEST | 192.168.2.7 | 8.8.8.8 | 0xe076 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:32:25.266566992 CEST | 192.168.2.7 | 8.8.8.8 | 0x46a3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:32:30.899986982 CEST | 192.168.2.7 | 8.8.8.8 | 0x9434 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:32:36.077837944 CEST | 192.168.2.7 | 8.8.8.8 | 0x4f9b | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:32:46.523246050 CEST | 192.168.2.7 | 8.8.8.8 | 0x26ed | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:32:51.709719896 CEST | 192.168.2.7 | 8.8.8.8 | 0x1078 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:32:56.789498091 CEST | 192.168.2.7 | 8.8.8.8 | 0x8524 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:33:01.890949965 CEST | 192.168.2.7 | 8.8.8.8 | 0x47f8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:33:07.141978025 CEST | 192.168.2.7 | 8.8.8.8 | 0x33ee | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 15, 2021 09:32:15.200252056 CEST | 8.8.8.8 | 192.168.2.7 | 0xb760 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:32:20.252281904 CEST | 8.8.8.8 | 192.168.2.7 | 0xe076 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:32:25.306921959 CEST | 8.8.8.8 | 192.168.2.7 | 0x46a3 | No error (0) | 84.34.147.60 | A (IP address) | IN (0x0001) | ||
Sep 15, 2021 09:32:30.930033922 CEST | 8.8.8.8 | 192.168.2.7 | 0x9434 | No error (0) | valorplanodesaudemaranhao.info | CNAME (Canonical name) | IN (0x0001) | ||
Sep 15, 2021 09:32:30.930033922 CEST | 8.8.8.8 | 192.168.2.7 | 0x9434 | No error (0) | 34.98.99.30 | A (IP address) | IN (0x0001) | ||
Sep 15, 2021 09:32:36.127427101 CEST | 8.8.8.8 | 192.168.2.7 | 0x4f9b | No error (0) | 35.237.65.63 | A (IP address) | IN (0x0001) | ||
Sep 15, 2021 09:32:46.555305958 CEST | 8.8.8.8 | 192.168.2.7 | 0x26ed | No error (0) | quickskiplondon.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 15, 2021 09:32:46.555305958 CEST | 8.8.8.8 | 192.168.2.7 | 0x26ed | No error (0) | 34.98.99.30 | A (IP address) | IN (0x0001) | ||
Sep 15, 2021 09:32:51.762979031 CEST | 8.8.8.8 | 192.168.2.7 | 0x1078 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Sep 15, 2021 09:32:56.830826044 CEST | 8.8.8.8 | 192.168.2.7 | 0x8524 | No error (0) | 172.67.196.84 | A (IP address) | IN (0x0001) | ||
Sep 15, 2021 09:32:56.830826044 CEST | 8.8.8.8 | 192.168.2.7 | 0x8524 | No error (0) | 104.21.44.60 | A (IP address) | IN (0x0001) | ||
Sep 15, 2021 09:33:01.949892998 CEST | 8.8.8.8 | 192.168.2.7 | 0x47f8 | No error (0) | 99.83.154.118 | A (IP address) | IN (0x0001) | ||
Sep 15, 2021 09:33:07.173832893 CEST | 8.8.8.8 | 192.168.2.7 | 0x33ee | Name error (3) | none | none | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.7 | 49776 | 84.34.147.60 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 09:32:25.355875015 CEST | 5201 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.7 | 49777 | 34.98.99.30 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 09:32:30.950508118 CEST | 5202 | OUT | |
Sep 15, 2021 09:32:31.066397905 CEST | 5202 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.7 | 49779 | 35.237.65.63 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 09:32:36.281712055 CEST | 5212 | OUT | |
Sep 15, 2021 09:32:36.435966015 CEST | 5213 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.7 | 49783 | 34.98.99.30 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 09:32:46.574167967 CEST | 5226 | OUT | |
Sep 15, 2021 09:32:46.690689087 CEST | 5226 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.7 | 49784 | 172.67.196.84 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 15, 2021 09:32:56.849651098 CEST | 5227 | OUT | |
Sep 15, 2021 09:32:56.879559040 CEST | 5228 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 09:30:56 |
Start date: | 15/09/2021 |
Path: | C:\Users\user\Desktop\scan files 15-9-21.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x580000 |
File size: | 569344 bytes |
MD5 hash: | 00E32D8A2CBD54E967BFC8F512086ECF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 09:30:59 |
Start date: | 15/09/2021 |
Path: | C:\Users\user\Desktop\scan files 15-9-21.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfd0000 |
File size: | 569344 bytes |
MD5 hash: | 00E32D8A2CBD54E967BFC8F512086ECF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 09:31:01 |
Start date: | 15/09/2021 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff662bf0000 |
File size: | 3933184 bytes |
MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:31:31 |
Start date: | 15/09/2021 |
Path: | C:\Windows\SysWOW64\WWAHost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb40000 |
File size: | 829856 bytes |
MD5 hash: | 370C260333EB3149EF4E49C8F64652A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 09:31:38 |
Start date: | 15/09/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x870000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:31:39 |
Start date: | 15/09/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff774ee0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 04E8BF38, Relevance: .7, Instructions: 723COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E8EACB, Relevance: .6, Instructions: 553COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E8804C, Relevance: .5, Instructions: 505COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E847A3, Relevance: .4, Instructions: 376COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E847B0, Relevance: .4, Instructions: 373COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02856150, Relevance: .4, Instructions: 356COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028530C0, Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02851A35, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E82310, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02851A89, Relevance: 1.6, APIs: 1, Instructions: 74memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02851C70, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02851C78, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02851AC8, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02850CE0, Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028553C2, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02850CE8, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028553C8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028549D8, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028549E0, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02852DE8, Relevance: 2.7, Strings: 2, Instructions: 179COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02852DD7, Relevance: 2.7, Strings: 2, Instructions: 177COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E8A100, Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E88104, Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02851458, Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02851448, Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028514FA, Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028530B2, Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02850D98, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02850D88, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 0041826A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004182F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004088B0, Relevance: .1, Instructions: 92COMMON
C-Code - Quality: 93% |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004184C2, Relevance: 3.0, APIs: 2, Instructions: 33memoryCOMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418622, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418503, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 25% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418510, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00406A97, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415692, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 008881C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008882F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00886ED6, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 102sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00886EE0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008884C2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008884D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00888622, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00887010, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00888490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00888630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0087D40C, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0087D410, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0371B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03721C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
C-Code - Quality: 44% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03673D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03698E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
C-Code - Quality: 44% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03678794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
C-Code - Quality: 83% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03677E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
C-Code - Quality: 98% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0366E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
C-Code - Quality: 93% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036E51BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
C-Code - Quality: 77% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0366B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
C-Code - Quality: 80% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03662D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
C-Code - Quality: 63% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03730EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
C-Code - Quality: 80% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
C-Code - Quality: 75% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036E3540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
C-Code - Quality: 75% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036E3884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
C-Code - Quality: 72% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
C-Code - Quality: 33% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03671B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
C-Code - Quality: 72% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03718DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
C-Code - Quality: 71% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036FFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03735BA5, Relevance: .6, Instructions: 592COMMON
C-Code - Quality: 88% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03684120, Relevance: .4, Instructions: 444COMMONCrypto
C-Code - Quality: 92% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036920A0, Relevance: .4, Instructions: 420COMMONCrypto
C-Code - Quality: 92% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367D5E0, Relevance: .4, Instructions: 353COMMONCrypto
C-Code - Quality: 87% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367849B, Relevance: .3, Instructions: 290COMMON
C-Code - Quality: 92% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369513A, Relevance: .3, Instructions: 258COMMON
C-Code - Quality: 67% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036903E2, Relevance: .3, Instructions: 254COMMON
C-Code - Quality: 74% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0366C600, Relevance: .2, Instructions: 225COMMON
C-Code - Quality: 67% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036FB8D0, Relevance: .2, Instructions: 199COMMON
C-Code - Quality: 39% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036652A5, Relevance: .2, Instructions: 161COMMON
C-Code - Quality: 78% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03692AE4, Relevance: .2, Instructions: 159COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367EF40, Relevance: .1, Instructions: 147COMMON
C-Code - Quality: 96% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0373740D, Relevance: .1, Instructions: 141COMMON
C-Code - Quality: 84% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03692990, Relevance: .1, Instructions: 133COMMON
C-Code - Quality: 97% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03694BAD, Relevance: .1, Instructions: 131COMMON
C-Code - Quality: 85% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03694D3B, Relevance: .1, Instructions: 131COMMON
C-Code - Quality: 78% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03678A0A, Relevance: .1, Instructions: 120COMMON
C-Code - Quality: 94% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036E69A6, Relevance: .1, Instructions: 108COMMON
C-Code - Quality: 69% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369A61C, Relevance: .1, Instructions: 106COMMON
C-Code - Quality: 78% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A3D43, Relevance: .1, Instructions: 106COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368C182, Relevance: .1, Instructions: 104COMMON
C-Code - Quality: 68% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036E7016, Relevance: .1, Instructions: 104COMMON
C-Code - Quality: 76% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369A70E, Relevance: .1, Instructions: 96COMMON
C-Code - Quality: 92% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0366AA16, Relevance: .1, Instructions: 93COMMON
C-Code - Quality: 95% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036961A0, Relevance: .1, Instructions: 93COMMON
C-Code - Quality: 97% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A4A2C, Relevance: .1, Instructions: 92COMMON
C-Code - Quality: 58% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A8EC7, Relevance: .1, Instructions: 92COMMON
C-Code - Quality: 93% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369E730, Relevance: .1, Instructions: 89COMMON
C-Code - Quality: 74% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369BC2C, Relevance: .1, Instructions: 88COMMON
C-Code - Quality: 67% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03669100, Relevance: .1, Instructions: 87COMMON
C-Code - Quality: 76% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03691DB5, Relevance: .1, Instructions: 87COMMON
C-Code - Quality: 60% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03680050, Relevance: .1, Instructions: 81COMMON
C-Code - Quality: 53% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036E6C0A, Relevance: .1, Instructions: 79COMMON
C-Code - Quality: 77% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A90AF, Relevance: .1, Instructions: 76COMMON
C-Code - Quality: 82% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03693B7A, Relevance: .1, Instructions: 75COMMON
C-Code - Quality: 59% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036E6CF0, Relevance: .1, Instructions: 74COMMON
C-Code - Quality: 80% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0373070D, Relevance: .1, Instructions: 72COMMON
C-Code - Quality: 67% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036E7794, Relevance: .1, Instructions: 70COMMON
C-Code - Quality: 82% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368AE73, Relevance: .1, Instructions: 70COMMON
C-Code - Quality: 96% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369FD9B, Relevance: .1, Instructions: 69COMMON
C-Code - Quality: 93% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369B390, Relevance: .1, Instructions: 63COMMON
C-Code - Quality: 54% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03669240, Relevance: .1, Instructions: 63COMMON
C-Code - Quality: 77% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036F4257, Relevance: .1, Instructions: 60COMMON
C-Code - Quality: 90% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03692397, Relevance: .1, Instructions: 59COMMON
C-Code - Quality: 29% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036E46A7, Relevance: .1, Instructions: 59COMMON
C-Code - Quality: 93% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A37F5, Relevance: .1, Instructions: 57COMMON
C-Code - Quality: 87% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0366C962, Relevance: .1, Instructions: 57COMMON
C-Code - Quality: 42% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369002D, Relevance: .1, Instructions: 55COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367766D, Relevance: .1, Instructions: 54COMMON
C-Code - Quality: 94% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036FC450, Relevance: .1, Instructions: 53COMMON
C-Code - Quality: 46% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03669080, Relevance: .1, Instructions: 53COMMON
C-Code - Quality: 69% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03734015, Relevance: .0, Instructions: 49COMMON
C-Code - Quality: 86% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0372138A, Relevance: .0, Instructions: 48COMMON
C-Code - Quality: 61% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 037214FB, Relevance: .0, Instructions: 48COMMON
C-Code - Quality: 61% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036658EC, Relevance: .0, Instructions: 47COMMON
C-Code - Quality: 91% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0371FE3F, Relevance: .0, Instructions: 46COMMON
C-Code - Quality: 59% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0371FEC0, Relevance: .0, Instructions: 46COMMON
C-Code - Quality: 59% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03731074, Relevance: .0, Instructions: 46COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367B02A, Relevance: .0, Instructions: 46COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03738A62, Relevance: .0, Instructions: 44COMMON
C-Code - Quality: 54% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03738ED6, Relevance: .0, Instructions: 44COMMON
C-Code - Quality: 54% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0366DB60, Relevance: .0, Instructions: 43COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0366B1E1, Relevance: .0, Instructions: 42COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036FFE87, Relevance: .0, Instructions: 38COMMON
C-Code - Quality: 46% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03738F6A, Relevance: .0, Instructions: 36COMMON
C-Code - Quality: 48% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0372131B, Relevance: .0, Instructions: 36COMMON
C-Code - Quality: 48% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368C577, Relevance: .0, Instructions: 33COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A927A, Relevance: .0, Instructions: 32COMMON
C-Code - Quality: 54% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03738D34, Relevance: .0, Instructions: 32COMMON
C-Code - Quality: 43% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03722073, Relevance: .0, Instructions: 32COMMON
C-Code - Quality: 94% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03738B58, Relevance: .0, Instructions: 31COMMON
C-Code - Quality: 36% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03664F2E, Relevance: .0, Instructions: 31COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368746D, Relevance: .0, Instructions: 31COMMON
C-Code - Quality: 88% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03738CD6, Relevance: .0, Instructions: 31COMMON
C-Code - Quality: 36% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369A44B, Relevance: .0, Instructions: 29COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0366F358, Relevance: .0, Instructions: 28COMMON
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367FF60, Relevance: .0, Instructions: 22COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0371D380, Relevance: .0, Instructions: 21COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036F41E8, Relevance: .0, Instructions: 21COMMON
C-Code - Quality: 82% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369A185, Relevance: .0, Instructions: 20COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036916E0, Relevance: .0, Instructions: 17COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036E53CA, Relevance: .0, Instructions: 16COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367AAB0, Relevance: .0, Instructions: 12COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036935A1, Relevance: .0, Instructions: 12COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0366DB40, Relevance: .0, Instructions: 11COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036EA537, Relevance: .0, Instructions: 11COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03683A1C, Relevance: .0, Instructions: 10COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036776E2, Relevance: .0, Instructions: 10COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036936CC, Relevance: .0, Instructions: 10COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0366AD30, Relevance: .0, Instructions: 10COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03687D50, Relevance: .0, Instructions: 7COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03692ACB, Relevance: .0, Instructions: 5COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |