Play interactive tour
Edit tourWindows Analysis Report 1ZDvfs8V0D
Overview
General Information
| Sample Name: | 1ZDvfs8V0D (renamed file extension from none to dll) |
| Analysis ID: | 483801 |
| MD5: | 291d328b80fa04b559d8bef5875125f1 |
| SHA1: | 86664f646c9b2d93102046b34b20ec495f3a58da |
| SHA256: | 803674f9a33df4d1a18051592df46f57a5c735367773691ab2bfb17a21aa6eb6 |
| Tags: | Dridexexe |
| Infos: | |
Most interesting Screenshot:  | |
Detection
Dridex
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Benign windows process drops PE files
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for sample
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
Accesses ntoskrnl, likely to find offsets for exploits
Contains functionality to prevent local Windows debugging
Uses Atom Bombing / ProGate to inject into other processes
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Queries the installation date of Windows
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality to read the clipboard data
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Drops files with a non-matching file extension (content does not match file extension)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file contains strange resources
Drops PE files
Binary contains a suspicious time stamp
PE file contains more sections than normal
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
Process Tree |
|---|
|
Malware Configuration |
|---|
| No configs have been found |
|---|
Yara Overview |
|---|
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
| JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
| JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
| JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
| JoeSecurity_Dridex_2 | Yara detected Dridex unpacked file | Joe Security | ||
| Click to see the 15 entries | ||||
Sigma Overview |
|---|
| No Sigma rule has matched |
|---|
Jbx Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
AV Detection: |   |
|---|
| Multi AV Scanner detection for submitted file | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Metadefender: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Antivirus / Scanner detection for submitted sample | Show sources | ||
| Source: | Avira: | ||
| Antivirus detection for dropped file | Show sources | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Machine Learning detection for sample | Show sources | ||
| Source: | Joe Sandbox ML: | ||
| Machine Learning detection for dropped file | Show sources | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
Exploits: | |
|---|
| Accesses ntoskrnl, likely to find offsets for exploits | Show sources | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 1_2_000000014005D290 | |
| Source: | Code function: | 32_2_00007FF72A9E6334 | |
| Source: | Code function: | 32_2_00007FF72A9E72AC | |
| Source: | Code function: | 32_2_00007FF72A9E5DE8 | |
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 32_2_00007FF72A9E7D98 | |
| Source: | Code function: | 32_2_00007FF72A9EA9C4 | |
E-Banking Fraud: | |
|---|
| Yara detected Dridex unpacked file | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 1_2_0000000140034870 | |
| Source: | Code function: | 1_2_0000000140035270 | |
| Source: | Code function: | 1_2_0000000140048AC0 | |
| Source: | Code function: | 1_2_000000014005C340 | |
| Source: | Code function: | 1_2_0000000140065B80 | |
| Source: | Code function: | 1_2_000000014006A4B0 | |
| Source: | Code function: | 1_2_00000001400524B0 | |
| Source: | Code function: | 1_2_0000000140026CC0 | |
| Source: | Code function: | 1_2_000000014004BD40 | |
| Source: | Code function: | 1_2_00000001400495B0 | |
| Source: | Code function: | 1_2_0000000140036F30 | |
| Source: | Code function: | 1_2_0000000140069010 | |
| Source: | Code function: | 1_2_0000000140001010 | |
| Source: | Code function: | 1_2_0000000140066020 | |
| Source: | Code function: | 1_2_000000014002F840 | |
| Source: | Code function: | 1_2_000000014005D850 | |
| Source: | Code function: | 1_2_0000000140064080 | |
| Source: | Code function: | 1_2_0000000140010880 | |
| Source: | Code function: | 1_2_00000001400688A0 | |
| Source: | Code function: | 1_2_000000014002D0D0 | |
| Source: | Code function: | 1_2_00000001400018D0 | |
| Source: | Code function: | 1_2_0000000140016100 | |
| Source: | Code function: | 1_2_000000014001D100 | |
| Source: | Code function: | 1_2_000000014002A110 | |
| Source: | Code function: | 1_2_000000014001D910 | |
| Source: | Code function: | 1_2_0000000140015120 | |
| Source: | Code function: | 1_2_000000014000B120 | |
| Source: | Code function: | 1_2_000000014004F940 | |
| Source: | Code function: | 1_2_0000000140039140 | |
| Source: | Code function: | 1_2_0000000140023140 | |
| Source: | Code function: | 1_2_0000000140057950 | |
| Source: | Code function: | 1_2_000000014001E170 | |
| Source: | Code function: | 1_2_0000000140002980 | |
| Source: | Code function: | 1_2_00000001400611A0 | |
| Source: | Code function: | 1_2_00000001400389A0 | |
| Source: | Code function: | 1_2_00000001400381A0 | |
| Source: | Code function: | 1_2_000000014002E1B0 | |
| Source: | Code function: | 1_2_00000001400139D0 | |
| Source: | Code function: | 1_2_00000001400319F0 | |
| Source: | Code function: | 1_2_000000014002EA00 | |
| Source: | Code function: | 1_2_0000000140022A00 | |
| Source: | Code function: | 1_2_000000014003B220 | |
| Source: | Code function: | 1_2_0000000140067A40 | |
| Source: | Code function: | 1_2_0000000140069A50 | |
| Source: | Code function: | 1_2_0000000140007A60 | |
| Source: | Code function: | 1_2_000000014003AAC0 | |
| Source: | Code function: | 1_2_000000014003A2E0 | |
| Source: | Code function: | 1_2_0000000140062B00 | |
| Source: | Code function: | 1_2_0000000140018300 | |
| Source: | Code function: | 1_2_000000014002FB20 | |
| Source: | Code function: | 1_2_0000000140031340 | |
| Source: | Code function: | 1_2_0000000140022340 | |
| Source: | Code function: | 1_2_0000000140017B40 | |
| Source: | Code function: | 1_2_000000014000BB40 | |
| Source: | Code function: | 1_2_000000014004EB60 | |
| Source: | Code function: | 1_2_0000000140005370 | |
| Source: | Code function: | 1_2_000000014002CB80 | |
| Source: | Code function: | 1_2_000000014006B390 | |
| Source: | Code function: | 1_2_0000000140054BA0 | |
| Source: | Code function: | 1_2_0000000140033BB0 | |
| Source: | Code function: | 1_2_00000001400263C0 | |
| Source: | Code function: | 1_2_00000001400123C0 | |
| Source: | Code function: | 1_2_0000000140063BD0 | |
| Source: | Code function: | 1_2_00000001400663F0 | |
| Source: | Code function: | 1_2_0000000140023BF0 | |
| Source: | Code function: | 1_2_000000014006B41B | |
| Source: | Code function: | 1_2_000000014006B424 | |
| Source: | Code function: | 1_2_000000014006B42D | |
| Source: | Code function: | 1_2_000000014006B436 | |
| Source: | Code function: | 1_2_000000014006B43D | |
| Source: | Code function: | 1_2_0000000140024440 | |
| Source: | Code function: | 1_2_0000000140005C40 | |
| Source: | Code function: | 1_2_000000014006B446 | |
| Source: | Code function: | 32_2_00007FF72A9D9370 | |
| Source: | Code function: | 32_2_00007FF72A9EBD00 | |
| Source: | Code function: | 32_2_00007FF72A9E2210 | |
| Source: | Code function: | 32_2_00007FF72A9EB184 | |
| Source: | Code function: | 32_2_00007FF72A9E72AC | |
| Source: | Code function: | 32_2_00007FF72A9DC314 | |
| Source: | Code function: | 32_2_00007FF72A9E0F98 | |
| Source: | Code function: | 32_2_00007FF72A9EB7AC | |
| Source: | Code function: | 32_2_00007FF72A9DB0E0 | |
| Source: | Code function: | 32_2_00007FF72A9E08D8 | |
| Source: | Code function: | 32_2_00007FF72A9E7D98 | |
| Source: | Code function: | 32_2_00007FF72A9E8F04 | |
| Source: | Code function: | 32_2_00007FF72A9E66F8 | |
| Source: | Code function: | 32_2_00007FF72A9D9E90 | |
| Source: | Code function: | 32_2_00007FF72A9EA670 | |
| Source: | Code function: | ||
| Source: | Code function: | 1_2_0000000140046C90 | |
| Source: | Code function: | 1_2_000000014006A4B0 | |
| Source: | Code function: | 32_2_00007FF72A9E07E8 | |
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Virustotal: | ||
| Source: | Metadefender: | ||
| Source: | ReversingLabs: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Binary string: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 32_2_00007FF72A9D7C40 | |
| Source: | Code function: | 32_2_00007FF72A9EFC05 | |
| Source: | Process created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 1_2_0000000140056A4E | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 1_2_000000014005C340 | |
| Source: | Code function: | 1_2_000000014005D290 | |
| Source: | Code function: | 32_2_00007FF72A9E6334 | |
| Source: | Code function: | 32_2_00007FF72A9E72AC | |
| Source: | Code function: | 32_2_00007FF72A9E5DE8 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 35_2_00007FF7B6DB54A0 | |
| Source: | Code function: | 32_2_00007FF72A9E15C4 | |
| Source: | Code function: | 1_2_0000000140048AC0 | |
| Source: | Code function: | 32_2_00007FF72A9ED120 | |
| Source: | Code function: | 32_2_00007FF72A9ECE08 | |
| Source: | Code function: | 35_2_00007FF7B6DB2D14 | |
| Source: | Code function: | 35_2_00007FF7B6DB29F0 | |
HIPS / PFW / Operating System Protection Evasion: | |
|---|
| Benign windows process drops PE files | Show sources | ||
| Source: | File created: | Jump to dropped file | ||
| Changes memory attributes in foreign processes to executable or writable | Show sources | ||
| Source: | Memory protected: | Jump to behavior | ||
| Source: | Memory protected: | Jump to behavior | ||
| Source: | Memory protected: | Jump to behavior | ||
| Source: | Memory protected: | |||
| Source: | Memory protected: | |||
| Source: | Memory protected: | |||
| Queues an APC in another process (thread injection) | Show sources | ||
| Source: | Thread APC queued: | Jump to behavior | ||
| Contains functionality to prevent local Windows debugging | Show sources | ||
| Source: | Code function: | 35_2_00007FF7B6DB54A0 | |
| Source: | Code function: | 35_2_00007FF7B6DB5730 | |
| Uses Atom Bombing / ProGate to inject into other processes | Show sources | ||
| Source: | Atom created: | Jump to behavior | ||
| Source: | Atom created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Queries volume information: | |||
| Source: | Code function: | 32_2_00007FF72A9D9CEC | |
| Source: | Code function: | 32_2_00007FF72A9D9E90 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 32_2_00007FF72A9ED2B0 | |
| Source: | Code function: | 32_2_00007FF72A9D89B8 | |
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Exploitation for Client Execution1 | Path Interception | Exploitation for Privilege Escalation1 | Masquerading11 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Process Injection412 | Virtualization/Sandbox Evasion1 | LSASS Memory | Security Software Discovery21 | Remote Desktop Protocol | Clipboard Data2 | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection412 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information3 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Rundll321 | Cached Domain Credentials | System Information Discovery35 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing2 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Timestomp1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 66% | Virustotal | Browse | ||
| 66% | Metadefender | Browse | ||
| 73% | ReversingLabs | Win64.Infostealer.Dridex | ||
| 100% | Avira | TR/Crypt.ZPACK.Gen | ||
| 100% | Joe Sandbox ML |
Dropped Files |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | TR/Crypt.ZPACK.Gen | ||
| 100% | Avira | HEUR/AGEN.1114452 | ||
| 100% | Avira | TR/Crypt.ZPACK.Gen | ||
| 100% | Avira | HEUR/AGEN.1114452 | ||
| 100% | Avira | HEUR/AGEN.1114452 | ||
| 100% | Avira | HEUR/AGEN.1114452 | ||
| 100% | Avira | TR/Crypt.ZPACK.Gen | ||
| 100% | Avira | HEUR/AGEN.1114452 | ||
| 100% | Avira | TR/Crypt.ZPACK.Gen | ||
| 100% | Avira | TR/Crypt.ZPACK.Gen | ||
| 100% | Avira | TR/Crypt.ZPACK.Gen | ||
| 100% | Avira | HEUR/AGEN.1114452 | ||
| 100% | Avira | HEUR/AGEN.1114452 | ||
| 100% | Avira | HEUR/AGEN.1114452 | ||
| 100% | Avira | HEUR/AGEN.1114452 | ||
| 100% | Avira | HEUR/AGEN.1114452 | ||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs |
Unpacked PE Files |
|---|
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
| 100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
|---|
| No Antivirus matches |
|---|
URLs |
|---|
| No Antivirus matches |
|---|
Domains and IPs |
|---|
Contacted Domains |
|---|
| No contacted domains info |
|---|
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
Contacted IPs |
|---|
| No contacted IP infos |
|---|
General Information |
|---|
| Joe Sandbox Version: | 33.0.0 White Diamond |
| Analysis ID: | 483801 |
| Start date: | 15.09.2021 |
| Start time: | 14:02:33 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 12m 51s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | 1ZDvfs8V0D (renamed file extension from none to dll) |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 40 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.expl.evad.winDLL@75/33@0/0 |
| EGA Information: | Failed |
| HDC Information: |
|
| HCA Information: | Failed |
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| No simulations |
|---|
Joe Sandbox View / Context |
|---|
IPs |
|---|
| No context |
|---|
Domains |
|---|
| No context |
|---|
ASN |
|---|
| No context |
|---|
JA3 Fingerprints |
|---|
| No context |
|---|
Dropped Files |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\0ubYqNmr\PresentationHost.exe | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse |
Created / dropped Files |
|---|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 259072 |
| Entropy (8bit): | 6.5074250085194665 |
| Encrypted: | false |
| SSDEEP: | 6144:8kfs4/kfxzJTbHfyH5KNXwy3Odjp19k5KNXf:fs4ixzJTbHmKVwy3OdLaKV |
| MD5: | E3053C73EA240F4C2F7971B3905A91CF |
| SHA1: | 1848AD66BD55E5484616FB85E80BA58BE1D5BA4B |
| SHA-256: | 0BACCDB2B5ACB7B3C2E9085655457532964CAFFF1AE250016CE1A80E839B820C |
| SHA-512: | 167BCC3E2552286F7D985A65674DA2FF0D0AA6A7F0C4C3B43193943B606E0133C06EEB33656EFBB8B827AC9221FB1BA00A49ADCC2489BD4F38DF62A015806DE3 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.5713351337971417 |
| Encrypted: | false |
| SSDEEP: | 12288:EVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:hfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | 99DC6214A301EC2785D2CF7C7F97299A |
| SHA1: | CE5582FEC9E8EFA376717CCB48B6EAEC021445A6 |
| SHA-256: | 1159519F2E457E649B58FB718443482D82A881A0BB573CE464B81470A84EE570 |
| SHA-512: | C0A40B686B975552B2850D80404EAAD514AAD0479AE263BAF9EA9C06E66F38AC969A25292BDA4B70E46AD77047FC99975CFD824031BDCBD812D344A57943D184 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.574254178712457 |
| Encrypted: | false |
| SSDEEP: | 12288:vVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1F1:GfP7fWsK5z9A+WGAW+V5SB6Ct4bnbF1 |
| MD5: | 65C65AEB1008B6127B99502410591962 |
| SHA1: | 84DC8DFA5379D435958D9BCCCB659C75024D8ACD |
| SHA-256: | 3CBBCA45DF4E7C729C98EDA87D9D5C22B189816C615D369426A9DE82252438CA |
| SHA-512: | 7E81B68280101B42203E4FE730E64E83A4B0EEFCAC8AAA34046FC410387D593455DF9DC0CAD00625F4912C3A6630853F867430DA85CBBD44DDDDBF056BA65AFE |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 370176 |
| Entropy (8bit): | 6.448503897594857 |
| Encrypted: | false |
| SSDEEP: | 6144:Uca2EiZg+uTUbSFWjSJiIOKZXcmg3GexhxiZEOHHrpm1XUZLxEZEOHHrpm1XUZLx:UB2PsUbSFWWAkZXcmkVx+tLpm1EwtLpr |
| MD5: | C471C6B06F47EA1C66E5FAA8DFCEF108 |
| SHA1: | F8672A2B3B32956CBC948A954CEF236581045B78 |
| SHA-256: | E2255751C1CF58596C8FE70C3093E099F8D71ED89580CFD0156FFCF0FED32861 |
| SHA-512: | F7A2A31910CD4694B58FFCED83A2CCF633B5594859F178AFB9F67C02E3E664DA72701E7E45AA5590C4F1E1C99C82B665F0C0B80401506F0DFA49B61A8EEBD6BA |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.571327907784248 |
| Encrypted: | false |
| SSDEEP: | 12288:0VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:xfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | 313795BA80A00E0FE381B1B67D69E7EB |
| SHA1: | 16A0F08CE8C1037577F53F0B30C0AA6C3E0B93AE |
| SHA-256: | 241A3B55EC2D4071D725E4CC055E0CDD4806D81235380926035938B9D78B2BAD |
| SHA-512: | D77FC2D25910BAE50B42B5B9934C7BB1E403E0DAA17950B089C9BDF9F96A4D6D0713EF60F184D46788A2DD5AE9672BB863573C6971436891159E0A52ABC56C4E |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254976 |
| Entropy (8bit): | 5.093220071075157 |
| Encrypted: | false |
| SSDEEP: | 3072:1t+/6BNqqNRhdutq4jCoNhdxtYEbvyIwYKO8/+9vAwk4OdamabJ9:3Bhhd+7QKb |
| MD5: | 9B517303C58CA8A450B97B0D71594CBB |
| SHA1: | BE75E3F10E17400DA7C0FAF70BF16EE7D0AA93A8 |
| SHA-256: | 2A38BFC3813D7E845F455B31DF099C8A6E657EF4556BFF681315F86A883A3314 |
| SHA-512: | 6A47EC7800E1F1FCDBB44A018147CE4A87FF0F5B94597B182AAE4E8545D9B18FAAAA07379BA1086D8F7785F0F66C36E4B6C68FCF49130333B8A9DC3A9E9E08E8 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2117632 |
| Entropy (8bit): | 3.5930830435644503 |
| Encrypted: | false |
| SSDEEP: | 12288:kVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:BfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | D3EA24EC3BDDCD42696E4921DA40EE85 |
| SHA1: | 66E52EABFD5D7864B146370BF671BAD45EEA0F40 |
| SHA-256: | 422CFB6508CABCCE469D03758CA7F31AB84BCA5023D1E90A1AAA9509606AB4B0 |
| SHA-512: | 9470DA7680C59A6CFAE051B7A7E6F37DBBA86FE9354AEE87F36E1C51C861FE3740D293D8DA89B3415754D6BD01CD823D484FD10B59F1A0309CCD02CDF2A9C5F8 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 49688 |
| Entropy (8bit): | 6.083384253651048 |
| Encrypted: | false |
| SSDEEP: | 768:vcqpeHOwVxW4zmjjJF686T/5Lel2fBetjEWI9Whu3H1PcSP:vcEoVxJodg/tfiEAhu3VPcSP |
| MD5: | 7C3D09D6DB5DB4A272FCF4C1BB3986BD |
| SHA1: | F0C392891B6D73EADB20F669A29064910507E55E |
| SHA-256: | E459FF6CBA8C93589B206C07BDCCD2E6C57766BE6BB4754F2FB1DEF9EF2E3BDE |
| SHA-512: | 6CFE325CD0A78D6ACC9473BA51069E234CB0F9A47F285A6204EE787902C77005491B41C301DD38602CC387329F214E700F9203E4ECE5077E58D30276821640E4 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2109440 |
| Entropy (8bit): | 3.5755825512234485 |
| Encrypted: | false |
| SSDEEP: | 12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | 8E85149714E4AA4F433A4CE1C19D5117 |
| SHA1: | 21AE2AEFEA6183E34401283F8CA8C1DEF8745315 |
| SHA-256: | 8FD182C1E88A8B760F1AAF9426AC013952ED7B6B16CC42C41DFB6BF5426CFC3A |
| SHA-512: | D4FF8559DEFD5D1D0872E080499049B821CDD1DFBD36B98F66517B8ED182E174ADD80DFC0106C0CEBFAB13BAE644677377B4B861755948034C4E0C8953FA7089 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 732160 |
| Entropy (8bit): | 6.573630291630044 |
| Encrypted: | false |
| SSDEEP: | 12288:U4O7JpqBbsczjBmavlNRO5Gy1ay0OBegtkGyLY9d/Dz/sJ+lGDyYgWPL/kc7yfnQ:U40JpqtZzjBRvI5Gdy0OjtwLY9BDz/PW |
| MD5: | 8E2C63E761A22724382338F349C55014 |
| SHA1: | 30C7F92A6E88C368B091E39665545EAFA8A6561F |
| SHA-256: | 4CA6E16BEB57278E60E3EDCBCECDA1442AA344C424421E4B078F1213E6B99376 |
| SHA-512: | 92F289DDBD9D1E5103C36308DA84779708A292DC54F49A0A1B79D65C563378BBF08C98F3732F25365CCF8175589D8E6187CEE2A694AE5FB73CA9E85AECFF4CF1 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.5708430190408773 |
| Encrypted: | false |
| SSDEEP: | 12288:NVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:UfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | DF4DF807E4E527783F510931E7185ED1 |
| SHA1: | AC97907241593E2CFEF95679710AE841D73968CF |
| SHA-256: | 8A23D5924772C1D006A47A6E9D91264F70F8EE4FDF1FBAF59EA6BE4F0A30E578 |
| SHA-512: | 22359AEAB95E9DAE6B5BFE9E1A73AA8AE1B12D8DDC6AE3608D6DF9A9DBC2040CFE19B03F7E3EF143630CD6D37E4AC314B48D69BE0018BF6382397DDC3F70587A |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 83968 |
| Entropy (8bit): | 7.071848641739436 |
| Encrypted: | false |
| SSDEEP: | 1536:5MVEZnXtREC/rMcgEPJV+G57ThjEC0kzJP+V5J9:3XzECTMpuDhjRVJGf |
| MD5: | F325976CDC0F7E9C680B51B35D24D23A |
| SHA1: | 8BA00280B451378802DD2A06BB139B8BEA78C90C |
| SHA-256: | E24A61B15FD191DDC8A2CA82E22A759609E6099A832ADE0B5C0C6E0F1ABB05FE |
| SHA-512: | 9D65A154758B5C38C09AACA1BB51E53FE6E8DEA374EAD88AEA33AB41525B3BB180211D6F6C93CA112197F7455842228960699DF471F47EE83DBC6CA59A5166EC |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.5713215141236527 |
| Encrypted: | false |
| SSDEEP: | 12288:JVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:ofP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | 6E1517DBFD59D8546E0328AAADEAD760 |
| SHA1: | C9559CBC446173A55F6A10E81C933EA3B84A0F00 |
| SHA-256: | 8998DA7CD34E9A15F109AF997A5B353D7E64E5232AA2490A7A77B771743DABE8 |
| SHA-512: | BC1C0B48A1C08196AC17EFD496C9F91C4F04371DC4734E81D5D0A2B4F58DDF6CF56B137020A473D265A7293D6781DF96D8F8FD25B1551F727D0B608AB175CE88 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 143872 |
| Entropy (8bit): | 6.942627183104786 |
| Encrypted: | false |
| SSDEEP: | 3072:0BuGag041hcWp1icKAArDZz4N9GhbkUNEk95l:5hudp0yN90vE |
| MD5: | ED93B350C8EEFC442758A00BC3EEDE2D |
| SHA1: | ADD14417939801C555BBBFFAF7388BD13DE2DE42 |
| SHA-256: | ABD6D466E30626636D380A3C9FCC0D0B909C450F8EA74D8963881D7C46335CED |
| SHA-512: | 7BA8D1411D9AEE3447494E248005A43F522CA684839FCD4C4592946B12DC4E73B1FF86D8E843B25A73E3F2463955815470304E4F219B36DBC94870BEBF700581 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2396160 |
| Entropy (8bit): | 4.105742634696069 |
| Encrypted: | false |
| SSDEEP: | 12288:EVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1SZ:hfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | BE21B6427B06B62C5A09107CCBD8B302 |
| SHA1: | A4B4E769C6F12B48BE095F3DE48F63B8A0E67255 |
| SHA-256: | B606D16A2141A1DDFE5E92612FBE5096D52B23FDB727A032AB53A42103088957 |
| SHA-512: | F44D536D00EC8C153CAC72CABC2F37E611A1AA3EF71708D3A76B4750614B6C92D102987F55335256094236EA18082580A8F995470798B9A0C44C1CA51F095963 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 39304 |
| Entropy (8bit): | 6.292969415106569 |
| Encrypted: | false |
| SSDEEP: | 768:miVyKshA4p2nOCD6DjOxMtjIQfU7r5YdGiEh07tvNZRAER1PnX:QhlkOO74XU7i8iEG7HZR/PX |
| MD5: | 87AF711D6518C0CF91560D7C98301BBB |
| SHA1: | 81B7B8261A33D4D983DFDC47A716686118F582F9 |
| SHA-256: | 1B6381E83463416D9BE6656A81978B2EBA21587BBDE18E8CFEFA1C0F45378AAC |
| SHA-512: | E4534E5A205D44579AB60FAA5B19A2034C688D191ABB8670CD77696ABB000A949F5ABC996E0989FD74B4DFBE43C863FF66FDA9C623B045A771283B1955D28C39 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.570136432932023 |
| Encrypted: | false |
| SSDEEP: | 12288:PVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:mfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | 598089F8BBC211F63426A11C4D1669C5 |
| SHA1: | F49A03775CA30E973ED8A409C3DD1D8DA1FAD8B7 |
| SHA-256: | 6B7F8402BA89CFF5FAEBB6462A2F95A51ACF98ED5F4FE3E5736C41BE8079A96F |
| SHA-512: | C311616C4DC190EE57024925E91D7EC1F315047EE771ECEA552BA62F9CECCD45F22915528AB13E011597666C21B4C86A31F6082D6F2120132B21394C35345039 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 622592 |
| Entropy (8bit): | 5.333446181330722 |
| Encrypted: | false |
| SSDEEP: | 6144:ejoj2QDVJc1OcvH3AdKy9HGeofJgDEvr6slnCUGw/xIRLtxIRLuovZ:koj2UjmNwzaoo |
| MD5: | 88B09DE7D0DF1D2E9BCA9BAE1346CB23 |
| SHA1: | 83EEE4D2BF315730666763D7FA36A584224CA7EC |
| SHA-256: | 7AC4B734A31AC4C29CCC53B7433773911CA46E1063A8B0F033AB9027D3427342 |
| SHA-512: | 38DD3F5A9C60D242AD9BECE1407CBB007ED8A50A1844B9A4378ADB17AAAF0FEDB6A9D1E04642D49560717958A12E668A9A3CDD4484BD049509A89AC2EEB9E478 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 259904 |
| Entropy (8bit): | 5.955701055747905 |
| Encrypted: | false |
| SSDEEP: | 3072:UfYIZJbRydnidilSnGvLqeD358rwW39nuyHjVozZcxSHfcBL1ljbEyB7HbIa+:Uf9JonidFnqLV358rNnJqcRcy10/ |
| MD5: | CDD7C7DF2D0859AC3F4088423D11BD08 |
| SHA1: | 128789A2EA904F684B5DF2384BA6EEF4EB60FB8E |
| SHA-256: | D98DB8339EB1B93A7345EECAC2B7290FA7156E3E12B7632D876BD0FD1F31EC66 |
| SHA-512: | A093BF3C40C880A80164F2CAA87DF76DCD854375C5216D761E60F3770DFA04F4B02EC0CA6313C32413AC99A3EBDC081CF915A7B468EE3CED80F9B1ECF4B49804 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.5759812053784814 |
| Encrypted: | false |
| SSDEEP: | 12288:7VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:afP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | AF795ECED1B9E05426D00B127B0A6D32 |
| SHA1: | DC425E54D63E551BFDC320246287AC1F682BFA3C |
| SHA-256: | 733F5F30574CAD5B08F71F86D9456E3F8F1BD5C88A72FAA9D29E37EB686B6A71 |
| SHA-512: | AE871C28F8DC9D5DFDE7D11FAD7E8833498F1A4F48C5A479B8630B65D2834B58ADA42EBFB068E873E682FEBB2F465C6E32F93A185CDEB3CEE5069BEABB114ED1 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.571082307725634 |
| Encrypted: | false |
| SSDEEP: | 12288:UVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:RfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | 13448A4FB3CA5C06C954D5B93BBBBCE0 |
| SHA1: | D1AF98ED144F61358D72285028C896F52260FC0D |
| SHA-256: | 68BFFD93E893637E289490E3E3A52EB937C9D7712F50A550B444A9CF57E79983 |
| SHA-512: | F6AEFE9A9F5C6D4B1F7AD36A04AA26FB60E685E54DAEF47985AB3EC28AA84BF02B8B288C20381C98744F9F719E2AC17849B700CFA3E0EE38E2C9134F9F3E1FD3 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 266752 |
| Entropy (8bit): | 6.897387942763048 |
| Encrypted: | false |
| SSDEEP: | 6144:D3hz8ahr1HO41TxQZMPALXksYuangs2+UvQ/KpmOq:D3hQAFbTxQUmksYuKSvQ/Kp |
| MD5: | 3E8AFFA54035412F86663C8B44CAA2E5 |
| SHA1: | FEC456E10294F45D6F8F472A6228D3D90CA6A29C |
| SHA-256: | 277341B416424AEA462F74FF03DD1A46DECA687A6751AE9A2D5D5902C03BDE6B |
| SHA-512: | D4070B64AD9A44A841C138E742AA3FD25A79F6DF99C216B5A11C315D8088BCE790F5CAD047B33D35A9DA1D428AA50D6CFB000F73A521D760F22F864D1D41027E |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1189376 |
| Entropy (8bit): | 6.169931271903684 |
| Encrypted: | false |
| SSDEEP: | 24576:+pL4Q4y94x7ZWe6b1B5I2M62kM0s1vt2txc/viVO1IORNfLc:uL4Q3S9b6b1UA9MPwOR5c |
| MD5: | F7E36C20DB953DFF4FDDB817904C0E48 |
| SHA1: | 8C6117B5DD68D397FD7C32F4746FB9B353D5DAE5 |
| SHA-256: | 2C5EDE0807D8A5EC4B6E0FE0C308B37DBBDE12714FD9ADC4CE3EF4E0A5692207 |
| SHA-512: | 32333A33DECD1AF0915FFDC48DA99831DA345010A91630C5245F2548939E33157F6151F596C09D0BEEAC3F15F08F79D4EEF4FAA4158BA023DEDFC4F6F6F56DF8 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.571324793039718 |
| Encrypted: | false |
| SSDEEP: | 12288:wVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:1fP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | 27CCEC84BA6CA777B27110197696FBEF |
| SHA1: | DBB78FB380579999D89F4BDD500646FD6D3B8095 |
| SHA-256: | 203F5FCF722964E9156B799555DE9E8B8E5DA43BE27EC4CEA2A145A537B112B4 |
| SHA-512: | 1760D7393379D23F632820CDAEA112CACB95DA6E6887E8154EE6F0C23A981C26D61624807AA33AF5E53F1D346DCD40847FA4AF36F8872DDC3439267807C90865 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.5708385833605014 |
| Encrypted: | false |
| SSDEEP: | 12288:bVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:6fP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | E4A228EF2BE7A7BB18B82E158B0BF492 |
| SHA1: | E97954CEAFEAB7FC60EB68BF8D944C07DD8C9279 |
| SHA-256: | 2EB2FB1CB783379733187C724170B7FAFF3E672B6126EF774FB898EB9954A59F |
| SHA-512: | 33532604A87278CA1E668148A35A4CE2C78C2D6DAFEB1588FCF03561EE822233AC5582370CBEF7BD54BA59962697416E086D4BD6493B04ED6A4FA481248D3706 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 83968 |
| Entropy (8bit): | 7.065737112404973 |
| Encrypted: | false |
| SSDEEP: | 1536:YKuZAtREC/rMcgEPJV+G57ThjEC0kzJP+V5J8:+AzECTMpuDhjRVJGq |
| MD5: | B6C7834B60F72194E32822CD7F39D7A9 |
| SHA1: | 26AC4990B1203DD53A299857477EB2DE5CDC0DB1 |
| SHA-256: | 02F96A1E1233655997498DF6B11A48270DF05BDA561F004EDC83A165216A04C9 |
| SHA-512: | 96E8E380902866247A2873348C88DB244E87E1F925FF78AF06CE5541C5A1AA535BDA6DEB8941D646A1E7E91801BE934D715C990C96B5764511438BBE597D5F8A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2396160 |
| Entropy (8bit): | 4.105944663139605 |
| Encrypted: | false |
| SSDEEP: | 12288:zVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1/6Z:ifP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | 8EDDD923C44EA882400A14F7E08961E6 |
| SHA1: | 7A3FC8D8000BBF4B889AEE4008B8A8479629D3FC |
| SHA-256: | 92DC9761B348B60FDF62F2A8148E8BE5DAF8614163AF3EDA408C6235D78B5680 |
| SHA-512: | 75C8787B6FF5D0B9434403CE741C013C2A59C6F10A5947990869C64C97B7F06F07ABC9AFE91AB70D570EA44BC24F9F145B718E503BE5D699F389D880DABD3BC4 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 42392 |
| Entropy (8bit): | 5.943178981884173 |
| Encrypted: | false |
| SSDEEP: | 768:zYVfzVTBuXwMHhrdXbsxoXF8Q0no8pV1Pxo:CfuXXrdrXXD0no8xPxo |
| MD5: | 6A3F2F3C36FE45A87E3BFA80B6D92E07 |
| SHA1: | 8C211767AD8393F9F184FC926FE3B8913F414289 |
| SHA-256: | 069608FF0FF5918681A80CF7603275DC6CD7D416A73D033D19962B0F0F1E1EAC |
| SHA-512: | A75669E0481901FC7CFCA55FBC7BD7FC0E8636767537017A41B1C720F34B5AD45AC75555D0AD246AC0DF670FDC31CBA1BEFD21D63E112AD427472DE3EA59CAA6 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.57132661640891 |
| Encrypted: | false |
| SSDEEP: | 12288:VVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:MfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | 5A782F93AABE4F2ED2ACBEC2833C93D6 |
| SHA1: | 995BA0E8D5508D7B53A58CF5C82FF49AB773A191 |
| SHA-256: | 8ACFC387ADF47F1D17569F1051E5D816139F8A7F645E9AA54DCB9B521BEBCAE8 |
| SHA-512: | 0332E470C563975D54E7DBCDAC814348C12652389882D1235FCE426A40250B0E671F49950E322695D7498DA39AB2FAC5957ACCA3E644AD973ACA2F4B2B5C8C63 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 506184 |
| Entropy (8bit): | 6.340311139921773 |
| Encrypted: | false |
| SSDEEP: | 6144:5el0JVJ8W9WUYEBaH2+8yafsjs3hXx6EfjZTheegL57KUgQGEEEsND0ZCYWh9Aig:UCVRAlEBgKyiv3V2e+X |
| MD5: | 872AE9FE08ED1AA78208678967BE2FEF |
| SHA1: | 846E6D44FBD2A5B9AC53427300B71D82355C712E |
| SHA-256: | 457EA0477CB26432088F4EB910CFFBCBFA597EF65D63E9DB9109ED8529C902D4 |
| SHA-512: | 5235DEC4BA556975B07B22729D1ECB0FB513D15D58DB94737B0B8B25AB4C629255B4EA2D8B6854DB53F0E79C3EE7B742850C5C604A0BE04B1C251216A395A427 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2113536 |
| Entropy (8bit): | 3.57775166170893 |
| Encrypted: | false |
| SSDEEP: | 12288:WVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:LfP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| MD5: | 54D6B919887A5134B1B7FBA52D9DB9DC |
| SHA1: | 85808B5A47438F7C1F5F10E86CAE90E3BF6D2225 |
| SHA-256: | A1A68697499261F40AEA56C406DACD945298612BE8CA952264133AFBA68592D8 |
| SHA-512: | B3E9C3659D85815EC8740450CD0AD859AC827A5E0365FC1B45C744D9E64F33A05831ECB25450FE623F22989F683B75FDFF18419AC886E4B3CDCEA1A828E0F079 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 184832 |
| Entropy (8bit): | 5.862106385432374 |
| Encrypted: | false |
| SSDEEP: | 3072:gzPq/xfWlkWmvIGaYLZ4yjchpChlyelcU4uuh0SEslWsXxgCzX0Fhf8LL8FT7:Eq5fWlkjuYLLtHyeFSEiXxZzb8FT |
| MD5: | F1C2D10CA8161DB689CD4FDE756E2DBB |
| SHA1: | C41E86E9755824D3775E2AD6CAC9A46C7AA1C417 |
| SHA-256: | 8854450FEAD134B24FABF4B805434FCFDDF25D2179048410728F8901E0FE0906 |
| SHA-512: | 5EBB1AD4261C689E22FE34CFB0C18D71451DD4F3694D8F521D181EB42FF90582D8EF8C8AB43BFC59D224452944D9602DB1030B633856E139442EEF0C2F4428F5 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\explorer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4462 |
| Entropy (8bit): | 5.481159077284676 |
| Encrypted: | false |
| SSDEEP: | 48:efUhXzCwetqO+hQTEPdQhIU2gwp9HhFTZyfUhy9UL5g8JTisy1m9icqrVWhgPPbH:efKD3ca09oDl8fKyHGnqrGgPP7 |
| MD5: | E7D9B66B57847225C62F450426207762 |
| SHA1: | C8A0768D0248D8EE769F1ADD84404097E8A4961D |
| SHA-256: | 60C2B10062CD62D9B757DAC141989564F46A3653D48A2220300DE94E47BEEF54 |
| SHA-512: | 237BCA55E1EE6C9C1CB857A8460BEC74ED017991CD0A722FE6D564C5E67C5C12FC7844FAF6C970AC167689D6E35D85CD44AD0E15062B7BDFC0C540772FCED818 |
| Malicious: | false |
| Preview: |
|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 3.5770452220314155 |
| TrID: |
|
| File name: | 1ZDvfs8V0D.dll |
| File size: | 2109440 |
| MD5: | 291d328b80fa04b559d8bef5875125f1 |
| SHA1: | 86664f646c9b2d93102046b34b20ec495f3a58da |
| SHA256: | 803674f9a33df4d1a18051592df46f57a5c735367773691ab2bfb17a21aa6eb6 |
| SHA512: | c8e125d84d36b76416bb4f085426ca12ae53bb6f354ef96c6198fa325f1fe5ff02dc04e11a7be9182cbcfcf891f6b4d3ea80d8b238e7cd99b9d30b9883816278 |
| SSDEEP: | 12288:bVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:6fP7fWsK5z9A+WGAW+V5SB6Ct4bnb |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............|...|...|....K.#}...'...}......{}....X.#}....f..|....g..}..*...a|.......}....N..}..*...E}..[.I.E|...'..U}....N.+}..[.K.P|. |
File Icon |
|---|
 | |
| Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x140041070 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows cui |
| Image File Characteristics: | EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
| Time Stamp: | 0x5E4E44CC [Thu Feb 20 08:35:24 2020 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 6668be91e2c948b183827f040944057f |
Entrypoint Preview |
|---|
| Instruction |
|---|
| dec eax |
| xor eax, eax |
| dec eax |
| add eax, 5Ah |
| dec eax |
| mov dword ptr [00073D82h], ecx |
| dec eax |
| lea ecx, dword ptr [FFFFECABh] |
| dec eax |
| mov dword ptr [00073D7Ch], edx |
| dec eax |
| add eax, ecx |
| dec esp |
| mov dword ptr [00073D92h], ecx |
| dec esp |
| mov dword ptr [00073DA3h], ebp |
| dec esp |
| mov dword ptr [00073D7Ch], eax |
| dec esp |
| mov dword ptr [00073D85h], edi |
| dec esp |
| mov dword ptr [00073D86h], esi |
| dec esp |
| mov dword ptr [00073D8Fh], esp |
| dec eax |
| mov ecx, eax |
| dec eax |
| sub ecx, 5Ah |
| dec eax |
| mov dword ptr [00073D89h], esi |
| dec eax |
| test eax, eax |
| je 00007FF4C0A6D33Fh |
| dec eax |
| mov dword ptr [00073D45h], esp |
| dec eax |
| mov dword ptr [00073D36h], ebp |
| dec eax |
| mov dword ptr [00073D7Fh], ebx |
| dec eax |
| mov dword ptr [00073D70h], edi |
| dec eax |
| test eax, eax |
| je 00007FF4C0A6D31Eh |
| jmp ecx |
| dec eax |
| add edi, ecx |
| dec eax |
| mov dword ptr [FFFFEC37h], ecx |
| dec eax |
| xor ecx, eax |
| jmp ecx |
| retn 0008h |
| ud2 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| push ebx |
| dec eax |
| sub esp, 00000080h |
| mov eax, F957B016h |
| mov byte ptr [esp+7Fh], 00000037h |
| mov edx, dword ptr [esp+78h] |
| inc ecx |
| mov eax, edx |
| inc ecx |
| or eax, 5D262B0Ch |
| inc esp |
| mov dword ptr [esp+78h], eax |
| dec eax |
| mov dword ptr [eax+eax+00h], 00000000h |
Rich Headers |
|---|
| Programming Language: |
|
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x202010 | 0x22b | .qlndvj |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa6390 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc0000 | 0x468 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xc1000 | 0x2324 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x42000 | 0xc0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x40796 | 0x41000 | False | 0.776085486779 | data | 7.73364605679 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rdata | 0x42000 | 0x64f2c | 0x65000 | False | 0.702390160891 | data | 7.86574512659 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa7000 | 0x178b8 | 0x18000 | False | 0.0694580078125 | data | 3.31515306295 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .pdata | 0xbf000 | 0x12c | 0x1000 | False | 0.06005859375 | PEX Binary Archive | 0.581723022719 | IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0xc0000 | 0x880 | 0x1000 | False | 0.139892578125 | data | 1.23838501563 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0xc1000 | 0x2324 | 0x3000 | False | 0.0498046875 | data | 4.65321444248 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| .qkm | 0xc4000 | 0x74a | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .cvjb | 0xc5000 | 0x1e66 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .tlmkv | 0xc7000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .wucsxe | 0xc8000 | 0x45174 | 0x46000 | False | 0.0010498046875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .fltwtj | 0x10e000 | 0x1267 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .sfplio | 0x110000 | 0x736 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rpg | 0x111000 | 0x45174 | 0x46000 | False | 0.0010498046875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .bewzc | 0x157000 | 0x1124 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .vksvaw | 0x159000 | 0x736 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .wmhg | 0x15a000 | 0x1278 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .kswemc | 0x15c000 | 0x36d | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .kaxfk | 0x15d000 | 0x197d | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .pjf | 0x15f000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .favk | 0x160000 | 0x1f7 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .vhtukj | 0x161000 | 0x45174 | 0x46000 | False | 0.0010498046875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .hmbyox | 0x1a7000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .txms | 0x1a8000 | 0x3fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .vqqm | 0x1a9000 | 0x1af | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .cbwb | 0x1aa000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .sggk | 0x1ab000 | 0x74a | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .cbotn | 0x1ac000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .urf | 0x1ad000 | 0xebe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .yera | 0x1ae000 | 0x1f7 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .sjj | 0x1af000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .wcro | 0x1b0000 | 0x103 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .imkkq | 0x1b1000 | 0x1278 | 0x2000 | False | 0.0037841796875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .mrdc | 0x1b3000 | 0x45174 | 0x46000 | False | 0.0010498046875 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .eaph | 0x1f9000 | 0x3ba | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .wqzg | 0x1fa000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .uwxw | 0x1fb000 | 0x8fe | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .acz | 0x1fc000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .ktb | 0x1fd000 | 0x896 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .nqplrs | 0x1fe000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .btah | 0x1ff000 | 0x23b | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .majbu | 0x200000 | 0xbde | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .zefvk | 0x201000 | 0x13e | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .qlndvj | 0x202000 | 0x23b | 0x1000 | False | 0.080078125 | data | 1.11857321905 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_VERSION | 0xc00a0 | 0x370 | data | English | United States |
| RT_MANIFEST | 0xc0410 | 0x56 | ASCII text, with CRLF line terminators | English | United States |
Imports |
|---|
| DLL | Import |
|---|---|
| USER32.dll | LookupIconIdFromDirectoryEx, WaitForInputIdle, GetParent, GetFocus |
| SETUPAPI.dll | CM_Get_Resource_Conflict_DetailsW |
| KERNEL32.dll | DeleteCriticalSection, DeleteTimerQueue, TerminateJobObject, GetFileInformationByHandle, GetThreadLocale, GetNamedPipeServerProcessId, GetConsoleFontSize |
| GDI32.dll | CreateBitmapIndirect, GetPolyFillMode |
| CRYPT32.dll | CertGetCTLContextProperty |
| ADVAPI32.dll | AddAccessDeniedObjectAce |
| SHLWAPI.dll | ChrCmpIW |
Exports |
|---|
| Name | Ordinal | Address |
|---|---|---|
| GetFileVersionInfoA | 1 | 0x140037cd0 |
| GetFileVersionInfoByHandle | 2 | 0x140012394 |
| GetFileVersionInfoExA | 3 | 0x14003e42c |
| GetFileVersionInfoExW | 4 | 0x140038c04 |
| GetFileVersionInfoSizeA | 5 | 0x140035ab4 |
| GetFileVersionInfoSizeExA | 6 | 0x140030664 |
| GetFileVersionInfoSizeExW | 7 | 0x14001e37c |
| GetFileVersionInfoSizeW | 8 | 0x14001fde8 |
| GetFileVersionInfoW | 9 | 0x1400394d8 |
| VerFindFileA | 10 | 0x14000bc90 |
| VerFindFileW | 11 | 0x14000d0d4 |
| VerInstallFileA | 12 | 0x140019a78 |
| VerInstallFileW | 13 | 0x140027dfc |
| VerLanguageNameA | 14 | 0x140032fdc |
| VerLanguageNameW | 15 | 0x1400350c0 |
| VerQueryValueA | 16 | 0x14001636c |
| VerQueryValueW | 17 | 0x14000424c |
Version Infos |
|---|
| Description | Data |
|---|---|
| LegalCopyright | Microsoft Corporation. All rights reserv |
| InternalName | bitsp |
| FileVersion | 7.5.7600.16385 (win7_rtm.090713- |
| CompanyName | Microsoft Corporati |
| ProductName | Microsoft Windows Operating S |
| ProductVersion | 6.1.7600 |
| FileDescription | Background Intellig |
| OriginalFilename | kbdy |
| Translation | 0x0409 0x04b0 |
Possible Origin |
|---|
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
| No network behavior found |
|---|
Code Manipulations |
|---|
Statistics |
|---|
CPU Usage |
|---|
Click to jump to process
Memory Usage |
|---|
Click to jump to process
High Level Behavior Distribution |
|---|
back
Click to dive into process behavior distribution
Behavior |
|---|
Click to jump to process
System Behavior |
|---|
General |
|---|
| Start time: | 14:03:29 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\loaddll64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff675f90000 |
| File size: | 140288 bytes |
| MD5 hash: | A84133CCB118CF35D49A423CD836D0EF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
General |
|---|
| Start time: | 14:03:30 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7bf140000 |
| File size: | 273920 bytes |
| MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 14:03:30 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
General |
|---|
| Start time: | 14:03:30 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
General |
|---|
| Start time: | 14:03:32 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\explorer.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff662bf0000 |
| File size: | 3933184 bytes |
| MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 14:03:33 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
General |
|---|
| Start time: | 14:03:37 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
General |
|---|
| Start time: | 14:03:40 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
General |
|---|
| Start time: | 14:03:44 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:03:48 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:03:51 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:03:55 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:03:58 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:04:02 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:04:05 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:04:08 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:04:12 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:04:15 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:04:16 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\msinfo32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6222a0000 |
| File size: | 370176 bytes |
| MD5 hash: | C471C6B06F47EA1C66E5FAA8DFCEF108 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
General |
|---|
| Start time: | 14:04:17 |
| Start date: | 15/09/2021 |
| Path: | C:\Users\user\AppData\Local\5zVf35m1I\msinfo32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff72a9d0000 |
| File size: | 370176 bytes |
| MD5 hash: | C471C6B06F47EA1C66E5FAA8DFCEF108 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Antivirus matches: |
|
General |
|---|
| Start time: | 14:04:19 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:04:20 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\mfpmp.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff705b40000 |
| File size: | 49688 bytes |
| MD5 hash: | 7C3D09D6DB5DB4A272FCF4C1BB3986BD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
General |
|---|
| Start time: | 14:04:21 |
| Start date: | 15/09/2021 |
| Path: | C:\Users\user\AppData\Local\BxU\mfpmp.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b6db0000 |
| File size: | 49688 bytes |
| MD5 hash: | 7C3D09D6DB5DB4A272FCF4C1BB3986BD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Antivirus matches: |
|
General |
|---|
| Start time: | 14:04:23 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64a610000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
General |
|---|
| Start time: | 14:04:24 |
| Start date: | 15/09/2021 |
| Path: | C:\Windows\System32\SystemPropertiesProtection.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7dbdb0000 |
| File size: | 83968 bytes |
| MD5 hash: | B6C7834B60F72194E32822CD7F39D7A9 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
Disassembly |
|---|
Code Analysis |
|---|
Executed Functions |
|---|
Function 00000001400495B0, Relevance: 8.7, APIs: 2, Strings: 2, Instructions: 1727COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140036F30, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005C340, Relevance: 6.1, APIs: 1, Strings: 2, Instructions: 886COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004BD40, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 789COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005D290, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 108COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140048AC0, Relevance: 1.7, APIs: 1, Instructions: 185libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400524B0, Relevance: .8, Instructions: 815COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140065B80, Relevance: .2, Instructions: 183COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140034870, Relevance: .2, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140061360, Relevance: 6.3, APIs: 4, Instructions: 290registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005F9F0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005DBB9, Relevance: 3.1, APIs: 2, Instructions: 79filetimeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005DBD2, Relevance: 3.1, APIs: 2, Instructions: 77filetimeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005DBE8, Relevance: 3.1, APIs: 2, Instructions: 76filetimeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140060D10, Relevance: 3.1, APIs: 2, Instructions: 76registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005DBF8, Relevance: 3.1, APIs: 2, Instructions: 73filetimeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005FDA0, Relevance: 1.6, APIs: 1, Instructions: 144synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140060BA0, Relevance: 1.5, APIs: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004F940, Relevance: .9, Instructions: 873COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140054BA0, Relevance: .8, Instructions: 797COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004EB60, Relevance: .7, Instructions: 687COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003B220, Relevance: .6, Instructions: 645COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140024440, Relevance: .6, Instructions: 566COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140023BF0, Relevance: .5, Instructions: 545COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400123C0, Relevance: .5, Instructions: 544COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000B120, Relevance: .5, Instructions: 531COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400381A0, Relevance: .5, Instructions: 525COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003A2E0, Relevance: .5, Instructions: 521COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B390, Relevance: .5, Instructions: 458COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140005C40, Relevance: .4, Instructions: 450COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140067A40, Relevance: .4, Instructions: 440COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000BB40, Relevance: .4, Instructions: 438COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140069010, Relevance: .4, Instructions: 431COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001E170, Relevance: .4, Instructions: 401COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140002980, Relevance: .4, Instructions: 389COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140010880, Relevance: .4, Instructions: 372COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014001D910, Relevance: .4, Instructions: 369COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140017B40, Relevance: .3, Instructions: 331COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002CB80, Relevance: .3, Instructions: 331COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400018D0, Relevance: .3, Instructions: 320COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014003AAC0, Relevance: .3, Instructions: 312COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140064080, Relevance: .3, Instructions: 304COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002D0D0, Relevance: .3, Instructions: 298COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002A110, Relevance: .3, Instructions: 291COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140062B00, Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B41B, Relevance: .3, Instructions: 258COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140066020, Relevance: .3, Instructions: 255COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140007A60, Relevance: .3, Instructions: 255COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B43D, Relevance: .2, Instructions: 250COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B424, Relevance: .2, Instructions: 248COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B42D, Relevance: .2, Instructions: 248COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B436, Relevance: .2, Instructions: 248COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006B446, Relevance: .2, Instructions: 248COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140069A50, Relevance: .2, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140001010, Relevance: .2, Instructions: 229COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002EA00, Relevance: .2, Instructions: 221COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140018300, Relevance: .2, Instructions: 211COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002E1B0, Relevance: .2, Instructions: 210COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140016100, Relevance: .2, Instructions: 184COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400663F0, Relevance: .2, Instructions: 181COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005D850, Relevance: .2, Instructions: 169COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400319F0, Relevance: .2, Instructions: 155COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400688A0, Relevance: .2, Instructions: 150COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140031340, Relevance: .1, Instructions: 132COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014002F840, Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400611A0, Relevance: .1, Instructions: 121COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140022A00, Relevance: .1, Instructions: 118COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140022340, Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140063BD0, Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140005370, Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 00007FF72A9E6334, Relevance: 82.5, APIs: 46, Strings: 1, Instructions: 226fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EB7AC, Relevance: 81.3, APIs: 54, Instructions: 315windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D9370, Relevance: 58.9, APIs: 39, Instructions: 410synchronizationwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EB184, Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 305windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E08D8, Relevance: 56.3, APIs: 28, Strings: 4, Instructions: 267registrylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D7C40, Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 188comnetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EA9C4, Relevance: 31.6, APIs: 21, Instructions: 140windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D9CEC, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 89COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E15C4, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 139libraryloadermemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EBD00, Relevance: 15.2, APIs: 10, Instructions: 188windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9ED2B0, Relevance: 9.0, APIs: 6, Instructions: 50timethreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4F80, Relevance: 135.0, APIs: 40, Strings: 37, Instructions: 229COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D7860, Relevance: 89.5, APIs: 49, Strings: 2, Instructions: 261COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E48B0, Relevance: 86.1, APIs: 37, Strings: 12, Instructions: 393COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DA938, Relevance: 82.5, APIs: 46, Strings: 1, Instructions: 261COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DEB04, Relevance: 72.0, APIs: 39, Strings: 2, Instructions: 243COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E044C, Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 240COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DE530, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 221COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E4F40, Relevance: 54.5, APIs: 28, Strings: 3, Instructions: 262COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DD1FC, Relevance: 49.4, APIs: 27, Strings: 1, Instructions: 371windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DF8E0, Relevance: 49.3, APIs: 21, Strings: 7, Instructions: 281COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E1C00, Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 258libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D909C, Relevance: 43.9, APIs: 22, Strings: 3, Instructions: 111COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E4240, Relevance: 42.2, APIs: 7, Strings: 17, Instructions: 227COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D69E0, Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 179memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EC2C0, Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 117COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DE888, Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 182COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E12C0, Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D59B0, Relevance: 25.6, APIs: 17, Instructions: 120windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E45BC, Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 191COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E00D0, Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 183COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D6F40, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 94COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E2048, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 112registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EA41C, Relevance: 19.6, APIs: 13, Instructions: 142windowfileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DEF30, Relevance: 18.1, APIs: 12, Instructions: 114windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EC0EC, Relevance: 18.1, APIs: 12, Instructions: 112windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E3A50, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 211COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DF610, Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 177COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DC070, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 173commemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D5C10, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 108COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E1B38, Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 50libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DF480, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 100COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E5350, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 105COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D5814, Relevance: 12.1, APIs: 8, Instructions: 57synchronizationtimeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D6478, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D723C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E7B90, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9DBDC0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4410, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4B80, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3390, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4CC0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3CC0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D34D0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D44B0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3C20, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4C20, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3430, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D49A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D39B0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4AE0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D32F0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4A40, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3250, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3A50, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D47C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D37D0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4720, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3F30, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4900, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4100, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3910, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4860, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3870, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D45F0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4550, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D31B0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3120, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3090, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EC064, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35commemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3600, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9E7C28, Relevance: 6.1, APIs: 4, Instructions: 62librarywindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9EC4A4, Relevance: 6.0, APIs: 4, Instructions: 39registrymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D7140, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3B80, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4370, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4190, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D42D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4230, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3730, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D4060, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3DF0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3AE0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3FC0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF72A9D3D50, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |