Windows Analysis Report GU#U00cdA DE CARGA...exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Snake Keylogger |
---|
{"Exfil Mode": "SMTP", "Username": "24310@24310.gr", "Password": "?_bEpvL{rN$%", "Host": "mail.24310.gr", "Port": "themainlogs@gmail.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 22 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 67 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Compliance: |
---|
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: |
Detected unpacking (creates a PE file in dynamic memory) | Show sources |
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00405EC2 | |
Source: | Code function: | 1_2_004054EC | |
Source: | Code function: | 1_2_00402671 | |
Source: | Code function: | 2_2_00404A29 |
Source: | Code function: | 2_2_047FE6E8 | |
Source: | Code function: | 2_2_047FE28B | |
Source: | Code function: | 2_2_047FBE7F | |
Source: | Code function: | 2_2_047FCE78 | |
Source: | Code function: | 2_2_047FDE29 | |
Source: | Code function: | 2_2_047FD9C8 | |
Source: | Code function: | 2_2_047FCA0E | |
Source: | Code function: | 2_2_047FEB4B | |
Source: | Code function: | 2_2_047FD1BE | |
Source: | Code function: | 2_2_047FB3A0 | |
Source: | Code function: | 2_2_047FCE68 | |
Source: | Code function: | 2_2_047FB9D3 | |
Source: | Code function: | 2_2_047FBBB4 | |
Source: | Code function: | 2_2_05809DA0 | |
Source: | Code function: | 2_2_0580D1C0 | |
Source: | Code function: | 2_2_0580A1F8 | |
Source: | Code function: | 2_2_0580C910 | |
Source: | Code function: | 2_2_05809948 | |
Source: | Code function: | 2_2_0580CD68 | |
Source: | Code function: | 2_2_05809098 | |
Source: | Code function: | 2_2_0580C4B8 | |
Source: | Code function: | 2_2_058094F0 | |
Source: | Code function: | 2_2_0580BC08 | |
Source: | Code function: | 2_2_05808C40 | |
Source: | Code function: | 2_2_0580C060 | |
Source: | Code function: | 2_2_05808390 | |
Source: | Code function: | 2_2_0580B7B0 | |
Source: | Code function: | 2_2_058087E8 | |
Source: | Code function: | 2_2_0580AF00 | |
Source: | Code function: | 2_2_0580B358 | |
Source: | Code function: | 2_2_0580AAA8 | |
Source: | Code function: | 2_2_0580D618 | |
Source: | Code function: | 2_2_0580A650 | |
Source: | Code function: | 2_2_0580DA70 | |
Source: | Code function: | 2_2_05824588 | |
Source: | Code function: | 2_2_05823400 | |
Source: | Code function: | 2_2_058256E8 | |
Source: | Code function: | 2_2_058226F8 | |
Source: | Code function: | 2_2_05824130 | |
Source: | Code function: | 2_2_05825290 | |
Source: | Code function: | 2_2_058222A0 | |
Source: | Code function: | 2_2_05823CD8 | |
Source: | Code function: | 2_2_05822FA8 | |
Source: | Code function: | 2_2_05821E20 | |
Source: | Code function: | 2_2_05824E38 | |
Source: | Code function: | 2_2_058249E0 | |
Source: | Code function: | 2_2_05823858 | |
Source: | Code function: | 2_2_05825B40 | |
Source: | Code function: | 2_2_05822B50 |
Networking: |
---|
May check the online IP address of the machine | Show sources |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | HTTPS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Code function: | 1_2_00404FF1 |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 1_2_0040312A |
Source: | Code function: | 1_2_00406354 | |
Source: | Code function: | 1_2_00404802 | |
Source: | Code function: | 1_2_00406B2B | |
Source: | Code function: | 1_2_7333BA95 | |
Source: | Code function: | 1_2_7333BA86 | |
Source: | Code function: | 2_2_0040A2A5 | |
Source: | Code function: | 2_2_047F3430 | |
Source: | Code function: | 2_2_047F8570 | |
Source: | Code function: | 2_2_047FE6E8 | |
Source: | Code function: | 2_2_047F5070 | |
Source: | Code function: | 2_2_047FE28B | |
Source: | Code function: | 2_2_047FD308 | |
Source: | Code function: | 2_2_047FBE7F | |
Source: | Code function: | 2_2_047FDE29 | |
Source: | Code function: | 2_2_047FD9C8 | |
Source: | Code function: | 2_2_047F4A48 | |
Source: | Code function: | 2_2_047FCA0E | |
Source: | Code function: | 2_2_047FEB4B | |
Source: | Code function: | 2_2_047FD2FB | |
Source: | Code function: | 2_2_047FB3A0 | |
Source: | Code function: | 2_2_047FB390 | |
Source: | Code function: | 2_2_05809DA0 | |
Source: | Code function: | 2_2_0580D1C0 | |
Source: | Code function: | 2_2_0580F5C0 | |
Source: | Code function: | 2_2_05800DE8 | |
Source: | Code function: | 2_2_0580A1F8 | |
Source: | Code function: | 2_2_0580C910 | |
Source: | Code function: | 2_2_05809948 | |
Source: | Code function: | 2_2_0580CD68 | |
Source: | Code function: | 2_2_05809098 | |
Source: | Code function: | 2_2_0580C4B8 | |
Source: | Code function: | 2_2_058094F0 | |
Source: | Code function: | 2_2_0580BC08 | |
Source: | Code function: | 2_2_05808C40 | |
Source: | Code function: | 2_2_0580C060 | |
Source: | Code function: | 2_2_05808390 | |
Source: | Code function: | 2_2_0580B7B0 | |
Source: | Code function: | 2_2_058087E8 | |
Source: | Code function: | 2_2_0580AF00 | |
Source: | Code function: | 2_2_05805308 | |
Source: | Code function: | 2_2_0580B358 | |
Source: | Code function: | 2_2_0580AAA8 | |
Source: | Code function: | 2_2_0580DEC8 | |
Source: | Code function: | 2_2_0580D618 | |
Source: | Code function: | 2_2_0580A650 | |
Source: | Code function: | 2_2_0580DA70 | |
Source: | Code function: | 2_2_05809D93 | |
Source: | Code function: | 2_2_0580D1B0 | |
Source: | Code function: | 2_2_05800DE2 | |
Source: | Code function: | 2_2_0580A1E9 | |
Source: | Code function: | 2_2_0580C900 | |
Source: | Code function: | 2_2_0580F519 | |
Source: | Code function: | 2_2_0580993C | |
Source: | Code function: | 2_2_05804950 | |
Source: | Code function: | 2_2_0580CD58 | |
Source: | Code function: | 2_2_05804960 | |
Source: | Code function: | 2_2_0580908B | |
Source: | Code function: | 2_2_0580C4AC | |
Source: | Code function: | 2_2_058094E3 | |
Source: | Code function: | 2_2_05808C30 | |
Source: | Code function: | 2_2_0580C053 | |
Source: | Code function: | 2_2_0580B7A1 | |
Source: | Code function: | 2_2_058087D9 | |
Source: | Code function: | 2_2_0580BBFC | |
Source: | Code function: | 2_2_0580B34B | |
Source: | Code function: | 2_2_0580837F | |
Source: | Code function: | 2_2_0580AA9B | |
Source: | Code function: | 2_2_0580AEF3 | |
Source: | Code function: | 2_2_0580D60B | |
Source: | Code function: | 2_2_0580A640 | |
Source: | Code function: | 2_2_0580DA63 | |
Source: | Code function: | 2_2_05824588 | |
Source: | Code function: | 2_2_05826548 | |
Source: | Code function: | 2_2_058284C8 | |
Source: | Code function: | 2_2_05823400 | |
Source: | Code function: | 2_2_058297B8 | |
Source: | Code function: | 2_2_058256E8 | |
Source: | Code function: | 2_2_058226F8 | |
Source: | Code function: | 2_2_058271E8 | |
Source: | Code function: | 2_2_05824130 | |
Source: | Code function: | 2_2_05829168 | |
Source: | Code function: | 2_2_058210B8 | |
Source: | Code function: | 2_2_058203B8 | |
Source: | Code function: | 2_2_05825290 | |
Source: | Code function: | 2_2_058222A0 | |
Source: | Code function: | 2_2_05823CD8 | |
Source: | Code function: | 2_2_05822FA8 | |
Source: | Code function: | 2_2_05829E00 | |
Source: | Code function: | 2_2_05821E20 | |
Source: | Code function: | 2_2_05824E38 | |
Source: | Code function: | 2_2_05827E78 | |
Source: | Code function: | 2_2_058249E0 | |
Source: | Code function: | 2_2_05827830 | |
Source: | Code function: | 2_2_05823858 | |
Source: | Code function: | 2_2_05826B98 | |
Source: | Code function: | 2_2_05828B18 | |
Source: | Code function: | 2_2_05825B40 | |
Source: | Code function: | 2_2_05822B50 | |
Source: | Code function: | 2_2_05826537 | |
Source: | Code function: | 2_2_0582457C | |
Source: | Code function: | 2_2_058284B8 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 1_2_00402053 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 1_2_004042C1 |
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 2_2_00401489 |
Source: | String found in binary or memory: |
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: |
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Detected unpacking (creates a PE file in dynamic memory) | Show sources |
Source: | Unpacked PE file: |
Source: | Code function: | 2_2_00401F29 |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_00405EC2 | |
Source: | Code function: | 1_2_004054EC | |
Source: | Code function: | 1_2_00402671 | |
Source: | Code function: | 2_2_00404A29 |
Source: | Code function: | 2_2_0040446F |
Source: | Code function: | 2_2_004067FE |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_7333B472 | |
Source: | Code function: | 1_2_7333B737 | |
Source: | Code function: | 1_2_7333B776 | |
Source: | Code function: | 1_2_7333B7B4 | |
Source: | Code function: | 1_2_7333B686 | |
Source: | Code function: | 2_2_004035F1 |
Source: | Code function: | 2_2_047FD308 |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 2_2_00401E1D | |
Source: | Code function: | 2_2_0040446F | |
Source: | Code function: | 2_2_00401C88 | |
Source: | Code function: | 2_2_00401F30 |
HIPS / PFW / Operating System Protection Evasion: |
---|
.NET source code references suspicious native API functions | Show sources |
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_0040208D |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_00401B74 |
Source: | Code function: | 1_2_0040312A |
Stealing of Sensitive Information: |
---|
Yara detected Snake Keylogger | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Telegram RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Snake Keylogger | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Telegram RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Command and Scripting Interpreter2 | Path Interception | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | System Time Discovery1 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection112 | LSASS Memory | Security Software Discovery2 | Remote Desktop Protocol | Archive Collected Data11 | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Deobfuscate/Decode Files or Information1 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information2 | NTDS | Remote System Discovery1 | Distributed Component Object Model | Clipboard Data1 | Scheduled Transfer | Application Layer Protocol13 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing31 | LSA Secrets | System Network Configuration Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | File and Directory Discovery2 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery26 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
9% | ReversingLabs | Win32.Trojan.InjectorX |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1130366 | Download File | ||
100% | Avira | HEUR/AGEN.1130366 | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1130366 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
freegeoip.app | 104.21.19.200 | true | false |
| unknown |
checkip.dyndns.com | 216.146.43.70 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.146.43.70 | checkip.dyndns.com | United States | 33517 | DYNDNSUS | false | |
104.21.19.200 | freegeoip.app | United States | 13335 | CLOUDFLARENETUS | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 491666 |
Start date: | 27.09.2021 |
Start time: | 19:42:44 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | GU#U00cdA DE CARGA...exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/2@3/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
216.146.43.70 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
checkip.dyndns.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
freegeoip.app | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DYNDNSUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\GU#U00cdA DE CARGA...exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286207 |
Entropy (8bit): | 7.97789916669033 |
Encrypted: | false |
SSDEEP: | 6144:guGADqFm61UqReSJr/m81S3kqvtxmZr7pEyAqR7WJuVcQTJYiL2A01:HGADqVLReSJcMr7nAE7WJeJY+2b1 |
MD5: | 58E960ADA46422911469C6736EC07378 |
SHA1: | 8E6E429BA453A550DEEAC0143F5A89B0BE16A90E |
SHA-256: | 4A32B80C0753D81B6675D53341FD77D1622C9AE376F2D6654FD2A20FB8E5749E |
SHA-512: | 54337928AAA67D141916602756C25698174E72E9156BAF742A91E28FA7AFF2E01BD9FC67B920FACE07DDC0889BD12B0E33A79D632BB456700DEC27469CF474DC |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\GU#U00cdA DE CARGA...exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 6.207441110517842 |
Encrypted: | false |
SSDEEP: | 768:yiljJiW4mQHeRfNzHMUNAf7momUEKRnJyQuJYDc2y2NnAHKlv/JWQvI2jIRo1imj:ljJiW4qzSzxvlv/JWQVZHVuIXxCReqdC |
MD5: | 1982C77D094D91EA36D299F4E8879B9E |
SHA1: | 4FAF7DD4BF9F8BEC2C0F421980B8FB2AB628835D |
SHA-256: | 7660CDD2DB7356C36ACB9D2472AC2C89EBDFD79EEF56DE9DBFED34FCDE381790 |
SHA-512: | 75CA8A3BA5DD36C30805C13F5739F9E868D48AAA84D20A1E3B58923580726E40A3E4B850C66646CA1EE9AE46AE7A8ACCFF089D5BADE2677D7E8B4438087ED3BA |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.911140442126515 |
TrID: |
|
File name: | GU#U00cdA DE CARGA...exe |
File size: | 325929 |
MD5: | fcce8f5a7e5fcdf78c02d6543c1af2bd |
SHA1: | b2ea7197933811fc65425d46324af8ee231117f3 |
SHA256: | 9ff6781bac4d77465a973def710d9619cfa7fc6fe16a78225b7e22d3a89d0be0 |
SHA512: | dbdb5ca75513d15f94a14ca771fbb55e3d4ba204b3d9ce243327b439e28ffd01c4a7f7ee7dda34c43ac1c3f51c5abd420ccb54af1e80d32e5c7cbe899b787537 |
SSDEEP: | 6144:F8LxBs9fvNLROF9fYjzpeoG7DDCImlUR7WJDVcQTJ8iL2A03cu:/p1LQUj9eL7SIm87WJHJ8+2b3cu |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...m:.V.................`..........*1.......p....@ |
File Icon |
---|
Icon Hash: | b2a88c96b2ca6a72 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40312a |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x56FF3A6D [Sat Apr 2 03:20:13 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b76363e9cb88bf9390860da8e50999d2 |
Entrypoint Preview |
---|
Instruction |
---|
sub esp, 00000184h |
push ebx |
push ebp |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+20h], ebx |
mov dword ptr [esp+14h], 00409168h |
mov dword ptr [esp+1Ch], ebx |
mov byte ptr [esp+18h], 00000020h |
call dword ptr [004070B0h] |
call dword ptr [004070ACh] |
cmp ax, 00000006h |
je 00007FB3FCD28603h |
push ebx |
call 00007FB3FCD2B3E4h |
cmp eax, ebx |
je 00007FB3FCD285F9h |
push 00000C00h |
call eax |
mov esi, 00407280h |
push esi |
call 00007FB3FCD2B360h |
push esi |
call dword ptr [00407108h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007FB3FCD285DDh |
push 0000000Dh |
call 00007FB3FCD2B3B8h |
push 0000000Bh |
call 00007FB3FCD2B3B1h |
mov dword ptr [0042EC24h], eax |
call dword ptr [00407038h] |
push ebx |
call dword ptr [0040726Ch] |
mov dword ptr [0042ECD8h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 00429058h |
call dword ptr [0040715Ch] |
push 0040915Ch |
push 0042E420h |
call 00007FB3FCD2AFE4h |
call dword ptr [0040710Ch] |
mov ebp, 00434000h |
push eax |
push ebp |
call 00007FB3FCD2AFD2h |
push ebx |
call dword ptr [00407144h] |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7524 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x37000 | 0x9e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x27c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5e66 | 0x6000 | False | 0.670572916667 | data | 6.44065573436 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x12a2 | 0x1400 | False | 0.4455078125 | data | 5.0583287871 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x25d18 | 0x600 | False | 0.458984375 | data | 4.18773476617 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x2f000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x37000 | 0x9e0 | 0xa00 | False | 0.45390625 | data | 4.4968702957 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x37190 | 0x2e8 | data | English | United States |
RT_DIALOG | 0x37478 | 0x100 | data | English | United States |
RT_DIALOG | 0x37578 | 0x11c | data | English | United States |
RT_DIALOG | 0x37698 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x376f8 | 0x14 | data | English | United States |
RT_MANIFEST | 0x37710 | 0x2cc | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary |
USER32.dll | SetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA |
ADVAPI32.dll | RegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2021 19:43:58.692723989 CEST | 49739 | 80 | 192.168.2.5 | 216.146.43.70 |
Sep 27, 2021 19:43:58.731369019 CEST | 80 | 49739 | 216.146.43.70 | 192.168.2.5 |
Sep 27, 2021 19:43:58.735291004 CEST | 49739 | 80 | 192.168.2.5 | 216.146.43.70 |
Sep 27, 2021 19:43:58.736373901 CEST | 49739 | 80 | 192.168.2.5 | 216.146.43.70 |
Sep 27, 2021 19:43:58.775042057 CEST | 80 | 49739 | 216.146.43.70 | 192.168.2.5 |
Sep 27, 2021 19:43:58.775068998 CEST | 80 | 49739 | 216.146.43.70 | 192.168.2.5 |
Sep 27, 2021 19:43:58.775084972 CEST | 80 | 49739 | 216.146.43.70 | 192.168.2.5 |
Sep 27, 2021 19:43:58.775247097 CEST | 49739 | 80 | 192.168.2.5 | 216.146.43.70 |
Sep 27, 2021 19:43:58.777354002 CEST | 49739 | 80 | 192.168.2.5 | 216.146.43.70 |
Sep 27, 2021 19:43:58.818202019 CEST | 80 | 49739 | 216.146.43.70 | 192.168.2.5 |
Sep 27, 2021 19:43:58.939796925 CEST | 49740 | 80 | 192.168.2.5 | 216.146.43.70 |
Sep 27, 2021 19:43:58.980545044 CEST | 80 | 49740 | 216.146.43.70 | 192.168.2.5 |
Sep 27, 2021 19:43:58.980680943 CEST | 49740 | 80 | 192.168.2.5 | 216.146.43.70 |
Sep 27, 2021 19:43:58.981575012 CEST | 49740 | 80 | 192.168.2.5 | 216.146.43.70 |
Sep 27, 2021 19:43:59.019995928 CEST | 80 | 49740 | 216.146.43.70 | 192.168.2.5 |
Sep 27, 2021 19:43:59.020028114 CEST | 80 | 49740 | 216.146.43.70 | 192.168.2.5 |
Sep 27, 2021 19:43:59.020040989 CEST | 80 | 49740 | 216.146.43.70 | 192.168.2.5 |
Sep 27, 2021 19:43:59.020114899 CEST | 49740 | 80 | 192.168.2.5 | 216.146.43.70 |
Sep 27, 2021 19:43:59.020462990 CEST | 49740 | 80 | 192.168.2.5 | 216.146.43.70 |
Sep 27, 2021 19:43:59.058743954 CEST | 80 | 49740 | 216.146.43.70 | 192.168.2.5 |
Sep 27, 2021 19:44:00.376888037 CEST | 49741 | 443 | 192.168.2.5 | 104.21.19.200 |
Sep 27, 2021 19:44:00.376948118 CEST | 443 | 49741 | 104.21.19.200 | 192.168.2.5 |
Sep 27, 2021 19:44:00.378215075 CEST | 49741 | 443 | 192.168.2.5 | 104.21.19.200 |
Sep 27, 2021 19:44:00.454566956 CEST | 49741 | 443 | 192.168.2.5 | 104.21.19.200 |
Sep 27, 2021 19:44:00.454607010 CEST | 443 | 49741 | 104.21.19.200 | 192.168.2.5 |
Sep 27, 2021 19:44:00.501405954 CEST | 443 | 49741 | 104.21.19.200 | 192.168.2.5 |
Sep 27, 2021 19:44:00.501524925 CEST | 49741 | 443 | 192.168.2.5 | 104.21.19.200 |
Sep 27, 2021 19:44:00.506860018 CEST | 49741 | 443 | 192.168.2.5 | 104.21.19.200 |
Sep 27, 2021 19:44:00.506887913 CEST | 443 | 49741 | 104.21.19.200 | 192.168.2.5 |
Sep 27, 2021 19:44:00.507334948 CEST | 443 | 49741 | 104.21.19.200 | 192.168.2.5 |
Sep 27, 2021 19:44:00.550594091 CEST | 49741 | 443 | 192.168.2.5 | 104.21.19.200 |
Sep 27, 2021 19:44:01.994297028 CEST | 49741 | 443 | 192.168.2.5 | 104.21.19.200 |
Sep 27, 2021 19:44:02.035144091 CEST | 443 | 49741 | 104.21.19.200 | 192.168.2.5 |
Sep 27, 2021 19:44:02.056082010 CEST | 443 | 49741 | 104.21.19.200 | 192.168.2.5 |
Sep 27, 2021 19:44:02.056166887 CEST | 443 | 49741 | 104.21.19.200 | 192.168.2.5 |
Sep 27, 2021 19:44:02.056307077 CEST | 49741 | 443 | 192.168.2.5 | 104.21.19.200 |
Sep 27, 2021 19:44:02.060013056 CEST | 49741 | 443 | 192.168.2.5 | 104.21.19.200 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2021 19:43:42.217348099 CEST | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:43:42.238398075 CEST | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:43:53.645126104 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:43:53.683273077 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:43:58.510322094 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:43:58.523349047 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:43:58.534156084 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:43:58.546883106 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:44:00.354196072 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:44:00.374561071 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:44:13.677108049 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:44:13.691576004 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:44:30.873433113 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:44:30.893045902 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:44:35.501491070 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:44:35.534218073 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:44:49.152272940 CEST | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:44:49.180003881 CEST | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:44:51.560977936 CEST | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:44:51.588670969 CEST | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:45:25.898906946 CEST | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:45:25.926074982 CEST | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Sep 27, 2021 19:45:27.594351053 CEST | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Sep 27, 2021 19:45:27.628565073 CEST | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 27, 2021 19:43:58.510322094 CEST | 192.168.2.5 | 8.8.8.8 | 0xcbd0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 19:43:58.534156084 CEST | 192.168.2.5 | 8.8.8.8 | 0x4482 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 19:44:00.354196072 CEST | 192.168.2.5 | 8.8.8.8 | 0x13d6 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 27, 2021 19:43:58.523349047 CEST | 8.8.8.8 | 192.168.2.5 | 0xcbd0 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.523349047 CEST | 8.8.8.8 | 192.168.2.5 | 0xcbd0 | No error (0) | 216.146.43.70 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.523349047 CEST | 8.8.8.8 | 192.168.2.5 | 0xcbd0 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.523349047 CEST | 8.8.8.8 | 192.168.2.5 | 0xcbd0 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.523349047 CEST | 8.8.8.8 | 192.168.2.5 | 0xcbd0 | No error (0) | 216.146.43.71 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.523349047 CEST | 8.8.8.8 | 192.168.2.5 | 0xcbd0 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.523349047 CEST | 8.8.8.8 | 192.168.2.5 | 0xcbd0 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.523349047 CEST | 8.8.8.8 | 192.168.2.5 | 0xcbd0 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.546883106 CEST | 8.8.8.8 | 192.168.2.5 | 0x4482 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.546883106 CEST | 8.8.8.8 | 192.168.2.5 | 0x4482 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.546883106 CEST | 8.8.8.8 | 192.168.2.5 | 0x4482 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.546883106 CEST | 8.8.8.8 | 192.168.2.5 | 0x4482 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.546883106 CEST | 8.8.8.8 | 192.168.2.5 | 0x4482 | No error (0) | 216.146.43.70 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.546883106 CEST | 8.8.8.8 | 192.168.2.5 | 0x4482 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.546883106 CEST | 8.8.8.8 | 192.168.2.5 | 0x4482 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:43:58.546883106 CEST | 8.8.8.8 | 192.168.2.5 | 0x4482 | No error (0) | 216.146.43.71 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:44:00.374561071 CEST | 8.8.8.8 | 192.168.2.5 | 0x13d6 | No error (0) | 104.21.19.200 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 19:44:00.374561071 CEST | 8.8.8.8 | 192.168.2.5 | 0x13d6 | No error (0) | 172.67.188.154 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49741 | 104.21.19.200 | 443 | C:\Users\user\Desktop\GU#U00cdA DE CARGA...exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49739 | 216.146.43.70 | 80 | C:\Users\user\Desktop\GU#U00cdA DE CARGA...exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2021 19:43:58.736373901 CEST | 943 | OUT | |
Sep 27, 2021 19:43:58.775068998 CEST | 943 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.5 | 49740 | 216.146.43.70 | 80 | C:\Users\user\Desktop\GU#U00cdA DE CARGA...exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Sep 27, 2021 19:43:58.981575012 CEST | 944 | OUT | |
Sep 27, 2021 19:43:59.020028114 CEST | 944 | IN |
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49741 | 104.21.19.200 | 443 | C:\Users\user\Desktop\GU#U00cdA DE CARGA...exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-27 17:44:01 UTC | 0 | OUT | |
2021-09-27 17:44:02 UTC | 0 | IN | |
2021-09-27 17:44:02 UTC | 0 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 19:43:47 |
Start date: | 27/09/2021 |
Path: | C:\Users\user\Desktop\GU#U00cdA DE CARGA...exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 325929 bytes |
MD5 hash: | FCCE8F5A7E5FCDF78C02D6543C1AF2BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 19:43:49 |
Start date: | 27/09/2021 |
Path: | C:\Users\user\Desktop\GU#U00cdA DE CARGA...exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 325929 bytes |
MD5 hash: | FCCE8F5A7E5FCDF78C02D6543C1AF2BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 0040312A, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054EC, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405EC2, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004039B0, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040361A, Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E8E, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 174fileCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 7333C1DA, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237processthreadCOMMON
C-Code - Quality: 29% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405EE9, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 7333B070, Relevance: 7.7, APIs: 5, Instructions: 199fileCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040589E, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040587F, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004053F2, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004030B0, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004030E2, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056E5, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00404FF1, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404802, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004042C1, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406354, Relevance: .3, Instructions: 334COMMONCrypto
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 7333BA86, Relevance: .3, Instructions: 332COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 7333BA95, Relevance: .3, Instructions: 324COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406B2B, Relevance: .3, Instructions: 300COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 7333B686, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 7333B776, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 7333B7B4, Relevance: .0, Instructions: 23COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 7333B737, Relevance: .0, Instructions: 7COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403FCB, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405915, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405BE9, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403EEA, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404782, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 35% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 17% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404678, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
C-Code - Quality: 77% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056BA, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404E03, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405427, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405701, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405813, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05824588, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05822FA8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058249E0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05824130, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05825B40, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05822B50, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05825290, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058222A0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05823CD8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058256E8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058226F8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05823400, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05821E20, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05824E38, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05823858, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05808390, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05809098, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05809DA0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580AAA8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580B7B0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580C4B8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580D1C0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058087E8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058094F0, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580A1F8, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580AF00, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580BC08, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580C910, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580D618, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05808C40, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05809948, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580A650, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580B358, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580C060, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580CD68, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580DA70, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FCA0E, Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058087D9, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580B7A1, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580A1E9, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580908B, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05809D93, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580AA9B, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058094E3, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580BBFC, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05808C30, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580B34B, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580C053, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580CD58, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0582457C, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580C4AC, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580D1B0, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580C900, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580993C, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580A640, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580837F, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580AEF3, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580D60B, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580DA63, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401E1D, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FD308, Relevance: .4, Instructions: 357COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FE6E8, Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FD9C8, Relevance: .3, Instructions: 272COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FE28B, Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FEB4B, Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FDE29, Relevance: .3, Instructions: 269COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FCE78, Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FCE68, Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FD1BE, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055C5, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FA003, Relevance: 1.7, APIs: 1, Instructions: 202COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FA010, Relevance: 1.7, APIs: 1, Instructions: 199COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05807DF8, Relevance: 1.6, APIs: 1, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05807F93, Relevance: 1.6, APIs: 1, Instructions: 122COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0580824C, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 058081EC, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0582F590, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0582F598, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403E3D, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 020CD514, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 020DD030, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 020DD006, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 020CD50F, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 020CD006, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 020CD01D, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0040446F, Relevance: 4.6, APIs: 3, Instructions: 78COMMON
C-Code - Quality: 74% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004067FE, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FB3A0, Relevance: .6, Instructions: 596COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FB9D3, Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 047FBBB4, Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004078CF, Relevance: 12.2, APIs: 8, Instructions: 216COMMON
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408223, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403632, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
C-Code - Quality: 27% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004062B8, Relevance: 7.6, APIs: 5, Instructions: 110COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404320, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
C-Code - Quality: 71% |
|
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004025BA, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |