Play interactive tour

Edit tour

Windows Analysis Report 0G0AO3HYEI.dll

Overview

General Information

Sample Name:	0G0AO3HYEI.dll
Analysis ID:	492188
MD5:	c50f692a715db805e68e9655ff6a9ab2
SHA1:	229b257301ed99d518364afd22c4276daa5b3d20
SHA256:	ff3aa75e4d4637599d3e97fb8b42ce8a1254425f856671ae56377df2676b1033
Tags:	Dridexexe
Infos:
Most interesting Screenshot:

Detection

Dridex

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Dridex unpacked file

Multi AV Scanner detection for submitted file

Queues an APC in another process (thread injection)

PE file has nameless sections

Potential time zone aware malware

Uses Windows timers to delay execution

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Queries the installation date of Windows

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to call native functions

PE file contains executable resources (Code or Archives)

Program does not show much activity (idle)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

PE file contains an invalid checksum

PE file contains strange resources

Contains capabilities to detect virtual machines

PE file contains more sections than normal

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

loaddll64.exe (PID: 396 cmdline: loaddll64.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll' MD5: A84133CCB118CF35D49A423CD836D0EF)

cmd.exe (PID: 5468 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

rundll32.exe (PID: 4716 cmdline: rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1 MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 5612 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,CheckDriverSoftwareDependenciesSatisfied MD5: 73C519F050C20580F8A62C849D49215A)

explorer.exe (PID: 3440 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

rundll32.exe (PID: 7056 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DeviceInternetSettingUiW MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 5184 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDevice MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 1360 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverA MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 1520 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverW MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 3912 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiRollbackDriver MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 5624 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDevice MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 6764 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDriver MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 2892 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDevice MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 3444 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverA MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 784 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverW MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 3692 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,GetInternetPolicies MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 348 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallNewDevice MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 6296 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallSelectedDriver MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 3440 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriver MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 2384 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriverEx MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 2152 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDrivers MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 1148 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,QueryWindowsUpdateDriverStatus MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 4224 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,SetInternetPolicies MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 1432 cmdline: rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,UpdateDriverForPlugAndPlayDevicesA MD5: 73C519F050C20580F8A62C849D49215A)

explorer.exe (PID: 7080 cmdline: explorer.exe MD5: AD5296B280E8F522A8A897C96BAB0E1D)

explorer.exe (PID: 3208 cmdline: explorer.exe MD5: AD5296B280E8F522A8A897C96BAB0E1D)

explorer.exe (PID: 5252 cmdline: explorer.exe MD5: AD5296B280E8F522A8A897C96BAB0E1D)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000024.00000002.750032138.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
0000001B.00000002.749674160.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000008.00000002.748754528.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
0000000B.00000002.749145318.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000029.00000002.750110395.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
0000000C.00000002.749353008.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
0000000E.00000002.748916641.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000028.00000002.750108429.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
0000001D.00000002.749906681.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000003.00000002.748525341.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
00000007.00000002.748435609.0000000140001000.00000020.00020000.sdmp	JoeSecurity_Dridex_2	Yara detected Dridex unpacked file	Joe Security
Click to see the 6 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: 0G0AO3HYEI.dll	Virustotal: Detection: 58%			Perma Link
Source: 0G0AO3HYEI.dll	ReversingLabs: Detection: 62%

Source: 0G0AO3HYEI.dll

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Source:	Binary string: ntdll.pdb source: loaddll64.exe, 00000001.00000003.509139941.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.351019675.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.351451557.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.358591483.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.366205997.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000009.00000003.372920749.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000B.00000003.380853578.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000C.00000003.387914054.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000E.00000003.398049744.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000012.00000003.405753737.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000013.00000003.412564987.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000017.00000003.424643088.0000000180000000.00000004.00000001.sdmp
Source:	Binary string: ntdll.pdbUGP source: loaddll64.exe, 00000001.00000003.509139941.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.351019675.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.351451557.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.358591483.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.366205997.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000009.00000003.372920749.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000B.00000003.380853578.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000C.00000003.387914054.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000E.00000003.398049744.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000012.00000003.405753737.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000013.00000003.412564987.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000017.00000003.424643088.0000000180000000.00000004.00000001.sdmp

Source: C:\Windows\System32\loaddll64.exe

Code function: 1_2_000000014004FBF8 FindFirstFileExW,

1_2_000000014004FBF8

Source: explorer.exe, 0000000A.00000000.431707527.0000000004DEC000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: explorer.exe, 00000005.00000000.370340780.000000000095C000.00000004.00000020.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J

E-Banking Fraud:

Yara detected Dridex unpacked file

Show sources

Source: Yara match	File source: 00000024.00000002.750032138.0000000140001000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.749674160.0000000140001000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.748754528.0000000140001000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.749145318.0000000140001000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.750110395.0000000140001000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.749353008.0000000140001000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.748916641.0000000140001000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.750108429.0000000140001000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.749906681.0000000140001000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.748525341.0000000140001000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.748435609.0000000140001000.00000020.00020000.sdmp, type: MEMORY

System Summary:

PE file has nameless sections

Show sources

Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:

Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400421C8	1_2_00000001400421C8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400431CC	1_2_00000001400431CC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400504E4	1_2_00000001400504E4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014003A688	1_2_000000014003A688
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014004271C	1_2_000000014004271C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400447B8	1_2_00000001400447B8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140027954	1_2_0000000140027954
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140053AF0	1_2_0000000140053AF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140045BE0	1_2_0000000140045BE0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014004ED58	1_2_000000014004ED58
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140026FF0	1_2_0000000140026FF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140019054	1_2_0000000140019054
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001C05C	1_2_000000014001C05C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140005078	1_2_0000000140005078
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140053094	1_2_0000000140053094
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400330C4	1_2_00000001400330C4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014003B0C8	1_2_000000014003B0C8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400380D0	1_2_00000001400380D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014003F0FC	1_2_000000014003F0FC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140063102	1_2_0000000140063102
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140052110	1_2_0000000140052110
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001311C	1_2_000000014001311C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140001154	1_2_0000000140001154
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400311B0	1_2_00000001400311B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400021C8	1_2_00000001400021C8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400231DC	1_2_00000001400231DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014006D1F0	1_2_000000014006D1F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140032214	1_2_0000000140032214
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002A214	1_2_000000014002A214
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002E228	1_2_000000014002E228
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140035268	1_2_0000000140035268
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140046264	1_2_0000000140046264
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140069278	1_2_0000000140069278
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002F278	1_2_000000014002F278
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014004B288	1_2_000000014004B288
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140068292	1_2_0000000140068292
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400362A0	1_2_00000001400362A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400172A8	1_2_00000001400172A8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001E2E4	1_2_000000014001E2E4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140029320	1_2_0000000140029320
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014000732C	1_2_000000014000732C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002C348	1_2_000000014002C348
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140038424	1_2_0000000140038424
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014006B428	1_2_000000014006B428
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014005343C	1_2_000000014005343C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014005B470	1_2_000000014005B470
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014004F4C8	1_2_000000014004F4C8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001B52C	1_2_000000014001B52C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140026540	1_2_0000000140026540
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140044584	1_2_0000000140044584
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140061598	1_2_0000000140061598
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014004759C	1_2_000000014004759C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400215FC	1_2_00000001400215FC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140051620	1_2_0000000140051620
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140032648	1_2_0000000140032648
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140053644	1_2_0000000140053644
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140067663	1_2_0000000140067663
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001A66C	1_2_000000014001A66C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014003C6B0	1_2_000000014003C6B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001D6C4	1_2_000000014001D6C4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400356F4	1_2_00000001400356F4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014004F708	1_2_000000014004F708
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140024718	1_2_0000000140024718
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001276C	1_2_000000014001276C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014000F76C	1_2_000000014000F76C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140056790	1_2_0000000140056790
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400557DC	1_2_00000001400557DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140057820	1_2_0000000140057820
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014003E8E0	1_2_000000014003E8E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400258FC	1_2_00000001400258FC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014005C8FC	1_2_000000014005C8FC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014006D904	1_2_000000014006D904
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140005918	1_2_0000000140005918
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140020924	1_2_0000000140020924
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140068928	1_2_0000000140068928
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140031928	1_2_0000000140031928
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140019928	1_2_0000000140019928
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140024940	1_2_0000000140024940
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002D95C	1_2_000000014002D95C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140032964	1_2_0000000140032964
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014005497C	1_2_000000014005497C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140033984	1_2_0000000140033984
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400479E0	1_2_00000001400479E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002CA14	1_2_000000014002CA14
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014006BA1C	1_2_000000014006BA1C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140002A20	1_2_0000000140002A20
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140026A24	1_2_0000000140026A24
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002AA90	1_2_000000014002AA90
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140005AB8	1_2_0000000140005AB8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001CAC8	1_2_000000014001CAC8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014006AAD8	1_2_000000014006AAD8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140024AEC	1_2_0000000140024AEC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140041AF4	1_2_0000000140041AF4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002BB18	1_2_000000014002BB18
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014000EB3C	1_2_000000014000EB3C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140014B68	1_2_0000000140014B68
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140001B74	1_2_0000000140001B74
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002AB7A	1_2_000000014002AB7A
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002AB7F	1_2_000000014002AB7F
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002AB84	1_2_000000014002AB84
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140006B88	1_2_0000000140006B88
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002AB89	1_2_000000014002AB89
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002AB8E	1_2_000000014002AB8E
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002AB93	1_2_000000014002AB93
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002AB98	1_2_000000014002AB98
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002AB9D	1_2_000000014002AB9D
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002ABA2	1_2_000000014002ABA2
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002ABA7	1_2_000000014002ABA7
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001DBB8	1_2_000000014001DBB8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014000BBC4	1_2_000000014000BBC4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140003BE0	1_2_0000000140003BE0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140034BF8	1_2_0000000140034BF8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140050BF4	1_2_0000000140050BF4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140016BFC	1_2_0000000140016BFC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014005ABFC	1_2_000000014005ABFC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140036C08	1_2_0000000140036C08
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140029C1C	1_2_0000000140029C1C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140026C30	1_2_0000000140026C30
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014003CC38	1_2_000000014003CC38
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140035C80	1_2_0000000140035C80
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140022C84	1_2_0000000140022C84
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140032CC8	1_2_0000000140032CC8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014004CCD4	1_2_000000014004CCD4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014003BCE4	1_2_000000014003BCE4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140015D04	1_2_0000000140015D04
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001AD0C	1_2_000000014001AD0C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140037D24	1_2_0000000140037D24
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001CD24	1_2_000000014001CD24
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014005CD24	1_2_000000014005CD24
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001FD44	1_2_000000014001FD44
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140052D60	1_2_0000000140052D60
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014000AD5C	1_2_000000014000AD5C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014003DDA4	1_2_000000014003DDA4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140050DA8	1_2_0000000140050DA8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014005CDAB	1_2_000000014005CDAB
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140030DC0	1_2_0000000140030DC0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140051DE4	1_2_0000000140051DE4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140018DE8	1_2_0000000140018DE8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014006BE28	1_2_000000014006BE28
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140006E34	1_2_0000000140006E34
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014002AE48	1_2_000000014002AE48
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140068E58	1_2_0000000140068E58
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014001EE68	1_2_000000014001EE68
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140004E68	1_2_0000000140004E68
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014000CEAC	1_2_000000014000CEAC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140011EB4	1_2_0000000140011EB4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140014EBC	1_2_0000000140014EBC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140013ED4	1_2_0000000140013ED4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140057FA8	1_2_0000000140057FA8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014005CFCA	1_2_000000014005CFCA
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140047FCC	1_2_0000000140047FCC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140025FD4	1_2_0000000140025FD4

Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_00000001400455F8 NtAllocateVirtualMemory,	1_2_00000001400455F8
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140059688 NtTerminateProcess,	1_2_0000000140059688
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014004386C NtDelayExecution,	1_2_000000014004386C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_0000000140049CF8 NtClose,	1_2_0000000140049CF8

Source: 0G0AO3HYEI.dll

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: 0G0AO3HYEI.dll	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 0G0AO3HYEI.dll	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: 0G0AO3HYEI.dll

Static PE information: Number of sections : 28 > 10

Source: 0G0AO3HYEI.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: 0G0AO3HYEI.dll	Virustotal: Detection: 58%
Source: 0G0AO3HYEI.dll	ReversingLabs: Detection: 62%

Source: 0G0AO3HYEI.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll'
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,CheckDriverSoftwareDependenciesSatisfied
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DeviceInternetSettingUiW
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDevice
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverA
Source: unknown	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverW
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiRollbackDriver
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDevice
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDriver
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDevice
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverA
Source: unknown	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverW
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,GetInternetPolicies
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallNewDevice
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallSelectedDriver
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriver
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriverEx
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDrivers
Source: unknown	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,QueryWindowsUpdateDriverStatus
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,SetInternetPolicies
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,UpdateDriverForPlugAndPlayDevicesA
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,CheckDriverSoftwareDependenciesSatisfied	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DeviceInternetSettingUiW	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDevice	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverA	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverW	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiRollbackDriver	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDevice	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDriver	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDevice	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverA	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverW	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,GetInternetPolicies	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallNewDevice	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallSelectedDriver	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\explorer.exe C:\Windows\Explorer.EXE	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriverEx	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDrivers	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,QueryWindowsUpdateDriverStatus	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,SetInternetPolicies	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,UpdateDriverForPlugAndPlayDevicesA	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1	Jump to behavior

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{660b90c8-73a9-4b58-8cae-355b7f55341b}\InProcServer32

Jump to behavior

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000016.db

Jump to behavior

Source: classification engine

Classification label: mal72.troj.evad.winDLL@48/0@0/0

Source: C:\Windows\explorer.exe

File read: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,CheckDriverSoftwareDependenciesSatisfied

Source: unknown	Process created: C:\Windows\explorer.exe
Source: unknown	Process created: C:\Windows\explorer.exe
Source: unknown	Process created: C:\Windows\explorer.exe
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\explorer.exe	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 0G0AO3HYEI.dll

Static PE information: Image base 0x140000000 > 0x60000000

Source: 0G0AO3HYEI.dll

Static file information: File size 1110016 > 1048576

Source: 0G0AO3HYEI.dll	Static PE information: section name: RT_CURSOR
Source: 0G0AO3HYEI.dll	Static PE information: section name: RT_BITMAP
Source: 0G0AO3HYEI.dll	Static PE information: section name: RT_ICON
Source: 0G0AO3HYEI.dll	Static PE information: section name: RT_MENU
Source: 0G0AO3HYEI.dll	Static PE information: section name: RT_DIALOG
Source: 0G0AO3HYEI.dll	Static PE information: section name: RT_STRING
Source: 0G0AO3HYEI.dll	Static PE information: section name: RT_ACCELERATOR
Source: 0G0AO3HYEI.dll	Static PE information: section name: RT_GROUP_ICON

Source: 0G0AO3HYEI.dll

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

Source: 0G0AO3HYEI.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: ntdll.pdb source: loaddll64.exe, 00000001.00000003.509139941.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.351019675.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.351451557.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.358591483.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.366205997.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000009.00000003.372920749.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000B.00000003.380853578.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000C.00000003.387914054.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000E.00000003.398049744.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000012.00000003.405753737.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000013.00000003.412564987.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000017.00000003.424643088.0000000180000000.00000004.00000001.sdmp
Source:	Binary string: ntdll.pdbUGP source: loaddll64.exe, 00000001.00000003.509139941.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.351019675.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000004.00000003.351451557.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000003.358591483.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.366205997.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000009.00000003.372920749.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000B.00000003.380853578.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000C.00000003.387914054.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 0000000E.00000003.398049744.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000012.00000003.405753737.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000013.00000003.412564987.0000000180000000.00000004.00000001.sdmp, rundll32.exe, 00000017.00000003.424643088.0000000180000000.00000004.00000001.sdmp

Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014006E5C9 push 00000031h; retf		1_2_000000014006E5CB
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000000014006E6A4 push rsp; retf		1_2_000000014006E6A5

Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:
Source: 0G0AO3HYEI.dll	Static PE information: section name:

Source: 0G0AO3HYEI.dll

Static PE information: real checksum: 0x70461819 should be: 0x11e8a9

Source: initial sample

Static PE information: section name: .text entropy: 7.84727441246

Source: C:\Windows\explorer.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Potential time zone aware malware

Show sources

Source: C:\Windows\explorer.exe	System information queried: CurrentTimeZoneInformation	Jump to behavior
Source: C:\Windows\explorer.exe	System information queried: CurrentTimeZoneInformation
Source: C:\Windows\explorer.exe	System information queried: CurrentTimeZoneInformation

Uses Windows timers to delay execution

Show sources

Source: C:\Windows\explorer.exe

User Timer Set: Timeout: 100ms

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe TID: 6008	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe TID: 6008	Thread sleep count: 340 > 30	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe TID: 6008	Thread sleep time: -34000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\rundll32.exe	Last function: Thread delayed

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 599	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 921	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 709	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 500	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 776	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 818
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 838
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 697
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 546
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 477
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 700
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 500
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 540
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 417
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 618
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 400
Source: C:\Windows\System32\rundll32.exe	Window / User API: threadDelayed 400

Source: C:\Windows\explorer.exe

File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 1_2_00000001400447B8 GetTokenInformation,GetTokenInformation,GetSystemInfo,

1_2_00000001400447B8

Source: C:\Windows\System32\loaddll64.exe

Code function: 1_2_000000014004FBF8 FindFirstFileExW,

1_2_000000014004FBF8

Source: explorer.exe, 00000005.00000000.377450572.0000000008430000.00000004.00000001.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: explorer.exe, 0000000A.00000000.428112330.0000000004B40000.00000004.00000001.sdmp	Binary or memory string: VMware SATA CD00dRom0
Source: explorer.exe, 0000000A.00000000.431707527.0000000004DEC000.00000004.00000001.sdmp	Binary or memory string: NECVMWarVMware SATA CD001.00
Source: explorer.exe, 0000000A.00000000.429107747.0000000004BFE000.00000004.00000001.sdmp	Binary or memory string: NECVMWarVMware SATA CD001.00WB
Source: explorer.exe, 00000005.00000000.363182861.00000000082E2000.00000004.00000001.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000A.00000000.431358780.0000000004D1A000.00000004.00000001.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000rif
Source: explorer.exe, 00000005.00000000.357133797.00000000062E0000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000A.00000000.429107747.0000000004BFE000.00000004.00000001.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 0000000A.00000000.431707527.0000000004DEC000.00000004.00000001.sdmp	Binary or memory string: NECVMWarVMware SATA CD001.00h
Source: explorer.exe, 0000000A.00000000.391394548.00000000011F9000.00000004.00000020.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: explorer.exe, 0000000A.00000000.431812055.0000000004E01000.00000004.00000001.sdmp	Binary or memory string: war&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c9yJq
Source: explorer.exe, 0000000A.00000000.431670144.0000000004DDD000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}exe
Source: explorer.exe, 0000000A.00000000.431812055.0000000004E01000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b
Source: explorer.exe, 00000005.00000000.356192320.00000000045BE000.00000004.00000001.sdmp	Binary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000018.00000000.460496296.00000000013C7000.00000004.00000020.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000s
Source: explorer.exe, 0000000A.00000000.431670144.0000000004DDD000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000A.00000000.430192039.0000000004CA6000.00000004.00000001.sdmp	Binary or memory string: 9Tm\Device\HarddiskVolume2\??\Volume{ef47ea26-ec76-4a6e-8680-9e53b539546d}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D: @@@@````
Source: explorer.exe, 00000005.00000000.363394723.00000000083EB000.00000004.00000001.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000018.00000000.460496296.00000000013C7000.00000004.00000020.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000A.00000003.393331278.00000000071D8000.00000004.00000001.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\b8b}
Source: explorer.exe, 00000018.00000003.472927955.0000000004DE3000.00000004.00000001.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}m
Source: explorer.exe, 0000000A.00000000.431670144.0000000004DDD000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}B
Source: explorer.exe, 00000005.00000000.363182861.00000000082E2000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
Source: explorer.exe, 0000000A.00000000.428112330.0000000004B40000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000mberK6C
Source: explorer.exe, 00000005.00000000.363182861.00000000082E2000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
Source: explorer.exe, 00000005.00000000.377450572.0000000008430000.00000004.00000001.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
Source: explorer.exe, 00000005.00000000.370340780.000000000095C000.00000004.00000020.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll64.exe

Code function: 1_2_00000001400421C8 LdrLoadDll,

1_2_00000001400421C8

Source: C:\Windows\System32\loaddll64.exe

Code function: 1_2_0000000140045800 RtlAddVectoredExceptionHandler,

1_2_0000000140045800

HIPS / PFW / Operating System Protection Evasion:

Queues an APC in another process (thread injection)

Show sources

Source: C:\Windows\System32\rundll32.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1

Jump to behavior

Source: explorer.exe, 0000000A.00000000.391913129.00000000017D0000.00000002.00020000.sdmp, explorer.exe, 00000018.00000000.462105202.0000000001950000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000005.00000000.370797161.0000000000EE0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.393659763.0000000005560000.00000004.00000001.sdmp, rundll32.exe, 00000017.00000002.782810021.0000020E68820000.00000002.00020000.sdmp, explorer.exe, 00000018.00000000.462105202.0000000001950000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000005.00000000.370797161.0000000000EE0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.393659763.0000000005560000.00000004.00000001.sdmp, rundll32.exe, 00000017.00000002.782810021.0000020E68820000.00000002.00020000.sdmp, explorer.exe, 00000018.00000000.462105202.0000000001950000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000018.00000000.460496296.00000000013C7000.00000004.00000020.sdmp	Binary or memory string: ProgmanI/
Source: rundll32.exe, 00000017.00000002.782810021.0000020E68820000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWndearch
Source: explorer.exe, 00000005.00000000.370797161.0000000000EE0000.00000002.00020000.sdmp	Binary or memory string: &Program Manager
Source: rundll32.exe, 00000017.00000002.782810021.0000020E68820000.00000002.00020000.sdmp	Binary or memory string: bProgram Manager\
Source: explorer.exe, 00000005.00000000.370797161.0000000000EE0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.391913129.00000000017D0000.00000002.00020000.sdmp, rundll32.exe, 00000017.00000002.782810021.0000020E68820000.00000002.00020000.sdmp, explorer.exe, 00000018.00000000.462105202.0000000001950000.00000002.00020000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000018.00000000.462105202.0000000001950000.00000002.00020000.sdmp	Binary or memory string: KProgram Manager
Source: explorer.exe, 00000018.00000000.467158553.0000000005477000.00000004.00000001.sdmp	Binary or memory string: ProgmanI@
Source: explorer.exe, 0000000A.00000000.391394548.00000000011F9000.00000004.00000020.sdmp	Binary or memory string: Progman0

Source: C:\Windows\System32\loaddll64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 1_2_0000000140043FF0 GetUserNameW,

1_2_0000000140043FF0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection112	Masquerading1	OS Credential Dumping	System Time Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion12	LSASS Memory	Query Registry1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection112	Security Account Manager	Security Software Discovery11	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information2	NTDS	Virtualization/Sandbox Evasion12	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Rundll321	LSA Secrets	Process Discovery2	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Software Packing2	Cached Domain Credentials	Application Window Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	Account Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Owner/User Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	File and Directory Discovery2	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	System Information Discovery13	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
0G0AO3HYEI.dll	59%	Virustotal		Browse
0G0AO3HYEI.dll	62%	ReversingLabs	Win64.Trojan.Injexa

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.autoitscript.com/autoit3/J	explorer.exe, 00000005.00000000.370340780.000000000095C000.00000004.00000020.sdmp	false		high

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	492188
Start date:	28.09.2021
Start time:	13:17:48
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	0G0AO3HYEI.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	41
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.troj.evad.winDLL@48/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 19.6% (good quality ratio 17.4%) Quality average: 82.8% Quality standard deviation: 33.2%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Sleeps bigger than 120000ms are automatically reduced to 1000ms Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, SearchUI.exe, BackgroundTransferHost.exe, ShellExperienceHost.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.50.102.62, 131.253.33.200, 13.107.22.200, 80.67.82.235, 80.67.82.211, 40.112.88.60, 23.211.4.86, 20.54.110.249, 20.189.173.20, 204.79.197.200, 13.107.21.200 Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, www.bing.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, onedsblobprdwus15.westus.cloudapp.azure.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:19:08	API Interceptor	15x Sleep call for process: explorer.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy (8bit):	5.0210157653928675
TrID:	Win64 Dynamic Link Library (generic) (102004/3) 86.43% Win64 Executable (generic) (12005/4) 10.17% Generic Win/DOS Executable (2004/3) 1.70% DOS Executable Generic (2002/1) 1.70% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
File name:	0G0AO3HYEI.dll
File size:	1110016
MD5:	c50f692a715db805e68e9655ff6a9ab2
SHA1:	229b257301ed99d518364afd22c4276daa5b3d20
SHA256:	ff3aa75e4d4637599d3e97fb8b42ce8a1254425f856671ae56377df2676b1033
SHA512:	ad74f556ccef1f8fd4a3c18a18c27adcafd2f552025bf7f83864261c6944db5423c719ea161c341e593800499c6e01aba846031e79caf1e771b2b16e7d6e33d1
SSDEEP:	12288:4dMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:SMIJxSDX3bqjhcfHk7MzH6z
File Content Preview:	MZ......................@........................................[.r.:.!.:.!.:.!..[!n;.!.:.!d:.!..8!.:.!.Br!j:.!...!N:.!.hL!>:.!(d. \|;.!x.^!.:.!-d. .;.!.g. .;.!P^. .:.!.BN!.:.!.._!.;.!.._!.;.!..Y!v;.!!._!M;.!Rich.:.!....................................PE.

File Icon


Icon Hash:	54b26869f8c8cc00

Static PE Info

General
Entrypoint:	0x140078760
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
DLL Characteristics:	TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Time Stamp:	0x60ADEC84 [Wed May 26 06:36:52 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	c6b4c2eec8a93016c63563421e15f011

Entrypoint Preview

Instruction
xor eax, edx
jmp 00007FD1A0EE075Ah
inc ecx
pop ecx
dec ecx
add ecx, 08h
call edi
push edi
dec eax
mov edi, dword ptr [00014784h]
dec esp
xor dword ptr [0001476Dh], ecx
jmp 00007FD1A0EE0739h
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
xor eax, edx
ud2
int3
push ebx
push edi
push esi
dec eax
sub esp, 000000D0h
mov eax, 919AD45Fh
inc ecx
mov eax, eax
mov eax, 1F739ECFh
mov word ptr [esp+000000CEh], 804Dh
inc esp
mov ecx, dword ptr [esp+000000C8h]
inc esp
sub eax, ecx
mov dword ptr [esp+000000C8h], eax
dec eax
mov dword ptr [esp+000000B0h], 0074A7F1h
inc sp
mov edx, dword ptr [esp+000000C4h]
inc sp
mov dword ptr [esp+000000C4h], edx
dec esp
mov ebx, dword ptr [esp+000000B0h]
dec ebp
sub eax, ebx
dec esp
mov dword ptr [esp+000000A8h], eax
dec eax
mov dword ptr [esp+70h], ecx
dec eax
mov ecx, edx
dec eax
mov dword ptr [esp+68h], edx
inc sp
mov dword ptr [esp+66h], edx

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x10e010	0x35d
IMAGE_DIRECTORY_ENTRY_IMPORT	0x891b0	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x99000	0x2f98	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x9c000	0x244	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x7d010	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7d000	0x10	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x7bb10	0x7c000	False	0.803878291961	data	7.84727441246	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x7d000	0xc210	0xd000	False	0.772648737981	data	7.6188975428	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x8a000	0xd218	0xe000	False	0.125104631696	data	1.89187623617	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.pdata	0x98000	0x138	0x1000	False	0.060791015625	data	0.590508203574	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x99000	0x2f98	0x3000	False	0.302408854167	data	3.73793039709	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x9c000	0x244	0x1000	False	0.076171875	data	1.23641369386	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
	0x9d000	0x6cd0	0x7000	False	0.00177873883929	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xa4000	0x1f2a	0x2000	False	0.0037841796875	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xa6000	0x13e	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xa7000	0x6cd0	0x7000	False	0.00177873883929	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xae000	0x7fd	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xaf000	0x13e	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xb0000	0x1f7	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xb1000	0x23b	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xb2000	0x1278	0x2000	False	0.0037841796875	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xb4000	0x13e	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xb5000	0x9cd	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xb6000	0x1124	0x2000	False	0.0037841796875	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xb8000	0x23b	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xb9000	0x896	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xba000	0x6cd0	0x7000	False	0.00177873883929	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xc1000	0x13e	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xc2000	0x1af	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0xc3000	0x45174	0x46000	False	0.0010498046875	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x109000	0x197d	0x2000	False	0.0037841796875	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x10b000	0x197d	0x2000	False	0.0037841796875	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x10d000	0x1ee	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x10e000	0x36d	0x1000	False	0.1259765625	data	1.6701021982	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_CURSOR	0x99640	0x134	data	English	United States
RT_BITMAP	0x99778	0x3e8	data	Hebrew	Israel
RT_BITMAP	0x99b60	0xd8	data	English	United States
RT_BITMAP	0x99c38	0xd8	data	English	United States
RT_ICON	0x99d10	0x2e8	data	Hebrew	Israel
RT_ICON	0x99ff8	0x128	GLS_BINARY_LSB_FIRST	Hebrew	Israel
RT_ICON	0x9a120	0x128	GLS_BINARY_LSB_FIRST	Hebrew	Israel
RT_MENU	0x9a248	0x430	data	English	United States
RT_MENU	0x9a678	0x1a0	data	English	United States
RT_DIALOG	0x9a818	0xa2	data	Hebrew	Israel
RT_DIALOG	0x9a8c0	0x296	data	Hebrew	Israel
RT_DIALOG	0x9ab58	0x99a	data	Hebrew	Israel
RT_DIALOG	0x9b4f8	0xfa	data	Hebrew	Israel
RT_STRING	0x9b5f8	0x230	data	English	United States
RT_STRING	0x9b828	0x116	data	English	United States
RT_STRING	0x9b940	0x4c	data	English	United States
RT_STRING	0x9b990	0x50	data	English	United States
RT_STRING	0x9b9e0	0xd6	data	English	United States
RT_STRING	0x9bab8	0x2e	data	English	United States
RT_STRING	0x9bae8	0x42	data	English	United States
RT_STRING	0x9bb30	0x6a	data	English	United States
RT_STRING	0x9bba0	0x34	data	English	United States
RT_STRING	0x9bbd8	0x62	data	English	United States
RT_ACCELERATOR	0x9bc40	0x48	data	Hebrew	Israel
RT_GROUP_CURSOR	0x9bc88	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_ICON	0x9bca0	0x22	data	Hebrew	Israel
RT_GROUP_ICON	0x9bcc8	0x14	data	Hebrew	Israel
RT_VERSION	0x9bce0	0x2b8	COM executable for DOS	Hebrew	Israel

Imports

DLL	Import
CRYPT32.dll	CryptImportPublicKeyInfo

Exports

Name	Ordinal	Address
CheckDriverSoftwareDependenciesSatisfied	1	0x1400296ac
DeviceInternetSettingUiW	2	0x14004a758
DiInstallDevice	3	0x14006f114
DiInstallDriverA	4	0x1400097c8
DiInstallDriverW	5	0x1400430c8
DiRollbackDriver	6	0x140046938
DiShowUpdateDevice	7	0x14000d420
DiShowUpdateDriver	8	0x140043b6c
DiUninstallDevice	9	0x14002b514
DiUninstallDriverA	10	0x14001b7c0
DiUninstallDriverW	11	0x140059c8c
GetInternetPolicies	12	0x14004b8a4
InstallNewDevice	13	0x140038e68
InstallSelectedDriver	14	0x140045cac
InstallWindowsUpdateDriver	15	0x14002e854
InstallWindowsUpdateDriverEx	16	0x14005c290
InstallWindowsUpdateDrivers	17	0x1400116a8
QueryWindowsUpdateDriverStatus	18	0x1400782d0
SetInternetPolicies	19	0x14002bb64
UpdateDriverForPlugAndPlayDevicesA	20	0x140005c30
UpdateDriverForPlugAndPlayDevicesW	21	0x1400558a0
pDiDoDeviceInstallAsAdmin	22	0x14004f77c
pDiDoNullDriverInstall	23	0x140052f18
pDiRunFinishInstallOperations	24	0x1400669bc

Version Infos

Description	Data
LegalCopyright	Copyright 2005 - 2009 Nir Sofer
InternalName	TeltwFoo
FileVersion	9.74
CompanyName	NirSoft
ProductName	TeltwFoo
ProductVersion	9.74
FileDescription	ProduKey
OriginalFilename	TeltwFoo.exe
Translation	0x0409 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Hebrew	Israel

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2021 13:18:43.583139896 CEST	58377	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:18:43.617150068 CEST	53	58377	8.8.8.8	192.168.2.6
Sep 28, 2021 13:19:18.947300911 CEST	55074	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:19:18.966747046 CEST	53	55074	8.8.8.8	192.168.2.6
Sep 28, 2021 13:19:31.537863016 CEST	54513	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:19:31.555735111 CEST	53	54513	8.8.8.8	192.168.2.6
Sep 28, 2021 13:19:37.554872036 CEST	62044	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:19:37.575942993 CEST	53	62044	8.8.8.8	192.168.2.6
Sep 28, 2021 13:19:58.386310101 CEST	63791	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:19:58.413980007 CEST	53	63791	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:09.479140043 CEST	64267	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:09.502712011 CEST	53	64267	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:19.340456963 CEST	49448	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:19.393934011 CEST	53	49448	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:19.764108896 CEST	60342	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:19.809118032 CEST	53	60342	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:20.315531969 CEST	61346	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:20.360470057 CEST	53	61346	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:20.680387020 CEST	51774	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:20.699815989 CEST	53	51774	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:21.044486046 CEST	56023	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:21.062028885 CEST	53	56023	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:21.455703020 CEST	58384	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:21.476475954 CEST	53	58384	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:21.906523943 CEST	60261	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:21.923650980 CEST	53	60261	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:22.561836958 CEST	56061	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:22.595350981 CEST	53	56061	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:23.126105070 CEST	58336	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:23.188782930 CEST	53	58336	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:23.626601934 CEST	53781	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:23.643975019 CEST	53	53781	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:32.126229048 CEST	54064	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:32.153063059 CEST	53	54064	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:46.831938982 CEST	52811	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:46.851619959 CEST	53	52811	8.8.8.8	192.168.2.6
Sep 28, 2021 13:20:49.211165905 CEST	55299	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:20:49.239561081 CEST	53	55299	8.8.8.8	192.168.2.6
Sep 28, 2021 13:21:10.138825893 CEST	63745	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:21:10.157629967 CEST	53	63745	8.8.8.8	192.168.2.6
Sep 28, 2021 13:21:30.378813028 CEST	50055	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:21:30.406480074 CEST	53	50055	8.8.8.8	192.168.2.6
Sep 28, 2021 13:21:48.490989923 CEST	61374	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:21:48.519038916 CEST	53	61374	8.8.8.8	192.168.2.6
Sep 28, 2021 13:22:08.021627903 CEST	50339	53	192.168.2.6	8.8.8.8
Sep 28, 2021 13:22:08.049892902 CEST	53	50339	8.8.8.8	192.168.2.6

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll64.exe PID: 396 Parent PID: 6692

General

Start time:	13:18:48
Start date:	28/09/2021
Path:	C:\Windows\System32\loaddll64.exe
Wow64 process (32bit):	false
Commandline:	loaddll64.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll'
Imagebase:	0x7ff770a50000
File size:	140288 bytes
MD5 hash:	A84133CCB118CF35D49A423CD836D0EF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 5468 Parent PID: 396

General

Start time:	13:18:49
Start date:	28/09/2021
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1
Imagebase:	0x7ff7180e0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 5612 Parent PID: 396

General

Start time:	13:18:49
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,CheckDriverSoftwareDependenciesSatisfied
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 00000003.00000002.748525341.0000000140001000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 4716 Parent PID: 5468

General

Start time:	13:18:49
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe 'C:\Users\user\Desktop\0G0AO3HYEI.dll',#1
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: explorer.exe PID: 3440 Parent PID: 5612

General

Start time:	13:18:50
Start date:	28/09/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff6f22f0000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7056 Parent PID: 396

General

Start time:	13:18:52
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DeviceInternetSettingUiW
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 00000007.00000002.748435609.0000000140001000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 5184 Parent PID: 396

General

Start time:	13:18:56
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDevice
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 00000008.00000002.748754528.0000000140001000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 1360 Parent PID: 396

General

Start time:	13:18:59
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverA
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: explorer.exe PID: 7080 Parent PID: 568

General

Start time:	13:19:01
Start date:	28/09/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	explorer.exe
Imagebase:	0x7ff6f22f0000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 1520 Parent PID: 396

General

Start time:	13:19:03
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiInstallDriverW
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 0000000B.00000002.749145318.0000000140001000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: rundll32.exe PID: 3912 Parent PID: 396

General

Start time:	13:19:06
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiRollbackDriver
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 0000000C.00000002.749353008.0000000140001000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: rundll32.exe PID: 5624 Parent PID: 396

General

Start time:	13:19:10
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDevice
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 0000000E.00000002.748916641.0000000140001000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: rundll32.exe PID: 6764 Parent PID: 396

General

Start time:	13:19:13
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiShowUpdateDriver
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 2892 Parent PID: 396

General

Start time:	13:19:17
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDevice
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 3444 Parent PID: 396

General

Start time:	13:19:21
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverA
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: explorer.exe PID: 3208 Parent PID: 568

General

Start time:	13:19:24
Start date:	28/09/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	explorer.exe
Imagebase:	0x7ff6f22f0000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 784 Parent PID: 396

General

Start time:	13:19:26
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,DiUninstallDriverW
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 3692 Parent PID: 396

General

Start time:	13:19:30
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,GetInternetPolicies
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 0000001B.00000002.749674160.0000000140001000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: rundll32.exe PID: 348 Parent PID: 396

General

Start time:	13:19:34
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallNewDevice
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 0000001D.00000002.749906681.0000000140001000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: rundll32.exe PID: 6296 Parent PID: 396

General

Start time:	13:19:37
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallSelectedDriver
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 3440 Parent PID: 396

General

Start time:	13:19:41
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriver
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 2384 Parent PID: 396

General

Start time:	13:19:45
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDriverEx
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 2152 Parent PID: 396

General

Start time:	13:19:48
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,InstallWindowsUpdateDrivers
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 00000024.00000002.750032138.0000000140001000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: explorer.exe PID: 5252 Parent PID: 568

General

Start time:	13:19:51
Start date:	28/09/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	explorer.exe
Imagebase:	0x7ff6f22f0000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 1148 Parent PID: 396

General

Start time:	13:19:52
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,QueryWindowsUpdateDriverStatus
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 4224 Parent PID: 396

General

Start time:	13:19:56
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,SetInternetPolicies
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 00000028.00000002.750108429.0000000140001000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: rundll32.exe PID: 1432 Parent PID: 396

General

Start time:	13:19:59
Start date:	28/09/2021
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\0G0AO3HYEI.dll,UpdateDriverForPlugAndPlayDevicesA
Imagebase:	0x7ff773d70000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_2, Description: Yara detected Dridex unpacked file, Source: 00000029.00000002.750110395.0000000140001000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll64.exe PID: 396 Parent PID: 6692 loaddll64.exeCOMMON

Executed Functions

Function 00000001400447B8, Relevance: 5.1, APIs: 3, Instructions: 597COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE ref: 000000014004491D
GetTokenInformation.KERNELBASE ref: 0000000140044999
GetSystemInfo.KERNELBASE ref: 0000000140045090

Part of subcall function 0000000140049CF8: NtClose.NTDLL ref: 0000000140049D20

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: InformationToken$CloseInfoSystem
String ID:
API String ID: 1157706368-0
Opcode ID: a83559fb72d6260fc1c2ae38cd75bc31c466cf2fdb383e88e0635db12c3972b4
Instruction ID: 60e802ebdcbefcefe9ab0a59f2a3189d782f1f4db6a1cb29122af2eddfc1bef2
Opcode Fuzzy Hash: a83559fb72d6260fc1c2ae38cd75bc31c466cf2fdb383e88e0635db12c3972b4
Instruction Fuzzy Hash: FA42C07260868080FB72EB27E4943EE6791EB897D4F464232BB59476F6DF34C845CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400504E4, Relevance: 3.2, APIs: 2, Instructions: 165registryCOMMON

Download Yara Rule

APIs

RegEnumKeyW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,-3FA727B001CC7BF9,00000000,?,?), ref: 00000001400505AD
RegOpenKeyExW.KERNELBASE ref: 0000000140050686

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: EnumOpen
String ID:
API String ID: 3231578192-0
Opcode ID: 59a756a2ff28f2d875096423fbf6ead70a9f35056555c4862f031c653ad6f2ef
Instruction ID: 6d0864972cfa7fb4f3d248e841212fa2b7e853476a4eb29515eeedf77acb74b4
Opcode Fuzzy Hash: 59a756a2ff28f2d875096423fbf6ead70a9f35056555c4862f031c653ad6f2ef
Instruction Fuzzy Hash: B251E17221468086EA62DF23E4507EE63A0F7887E4F545221BF6A477F5DF7AC856CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004ED58, Relevance: 3.1, APIs: 2, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c261923aa9bd5efd89de3999fea563bdc7fd1040e4d9383a6b4af18ce7841e5c
Instruction ID: bd5c34e684ee8b2bc5c6ba6dd375b8b4083e2d7119d59d9bd93e46edb771ef39
Opcode Fuzzy Hash: c261923aa9bd5efd89de3999fea563bdc7fd1040e4d9383a6b4af18ce7841e5c
Instruction Fuzzy Hash: DC41E8B271469441FB63EA639A05BEA1291B7CD7C4F465435BF0B0B2E2DE78C485C318

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140027954, Relevance: 1.8, Strings: 1, Instructions: 547COMMON

Download Yara Rule

Strings

)8GV, xrefs: 0000000140028123

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: InformationToken
String ID: )8GV
API String ID: 4114910276-3946227331
Opcode ID: aa97810cd0cceb01665aa261e9c1c1e5780a096fd275aca5b5d5e0637d8d3eb5
Instruction ID: 11c64b8e34554738ed0a021c9f1285209fdd718c6ad3a012a9715c2ca20613a7
Opcode Fuzzy Hash: aa97810cd0cceb01665aa261e9c1c1e5780a096fd275aca5b5d5e0637d8d3eb5
Instruction Fuzzy Hash: 03426E3231468091EA62EB26E4517EE6361E7D97C4F814036BB4E479F7EF38C94ACB05

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400421C8, Relevance: 1.7, APIs: 1, Instructions: 200libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004FBF8: FindFirstFileExW.KERNELBASE ref: 000000014004FC59

LdrLoadDll.NTDLL ref: 0000000140042420

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindFirstLoad
String ID:
API String ID: 2522874304-0
Opcode ID: 7c44d7bef9123269798e8405a556c9e1ce5b24642bb9ec3d08751229248720cc
Instruction ID: bb43424f113edd1072a8f27b4ce4a6986183f57915aa202baf486a0090cba6e6
Opcode Fuzzy Hash: 7c44d7bef9123269798e8405a556c9e1ce5b24642bb9ec3d08751229248720cc
Instruction Fuzzy Hash: 98913E323085C091EA72EB26E4553EE6361EBD97D4F824132BB59439F7DE38C54ACB48

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004FBF8, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400447B8: GetTokenInformation.KERNELBASE ref: 000000014004491D

FindFirstFileExW.KERNELBASE ref: 000000014004FC59

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindFirstInformationToken
String ID:
API String ID: 3675931825-0
Opcode ID: 7ecba18ada49a144c6509f0fe90df3ccc2b200899012c5c88adc43e53c0e817c
Instruction ID: 7db4bca2be820ac942d722cddd460c7f068b99c60cfa0fc718aee5541e856b57
Opcode Fuzzy Hash: 7ecba18ada49a144c6509f0fe90df3ccc2b200899012c5c88adc43e53c0e817c
Instruction Fuzzy Hash: 2731A53250424945FE779A22A2903F9639197193E4F264331BFB6476F2CB75F442B319

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140059688, Relevance: 1.5, APIs: 1, Instructions: 39nativeCOMMON

Download Yara Rule

APIs

NtTerminateProcess.NTDLL(?,?,?,?,?,?,?,?,?,00000000,00000000,0000000140027C8A), ref: 00000001400596D7

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 9f532d2d87891e5bf862241f7550b46671da1992ffa8bbd59e682ee9b4e22499
Instruction ID: 047d3f2e51e1b11709a1e04c02542c7b98b1952106d8fcd88c0dda496a8ba30b
Opcode Fuzzy Hash: 9f532d2d87891e5bf862241f7550b46671da1992ffa8bbd59e682ee9b4e22499
Instruction Fuzzy Hash: CAF0BEB172024180FE9BE63769957E902C56F9EBC0F560C70AF1A873A2DE3AC54A5360

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140043FF0, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?,?,?,?,00000001,0000000140043FCF,?,?,?,?,00000000,0000000140049E28), ref: 000000014004404B

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: bc401a17161ad4cb7ae198718275a9185e8adc2233cdef8632d993ed908a25d6
Instruction ID: bc0029f980419e498ccb46db5e002df5ccb2c346641d5072cedeeeccdb32de4e
Opcode Fuzzy Hash: bc401a17161ad4cb7ae198718275a9185e8adc2233cdef8632d993ed908a25d6
Instruction Fuzzy Hash: 42014B7221054092EE52EB5BD8113ED2361BBC9BC8F824422BF8D477A7DE3CC506C754

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400455F8, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL ref: 0000000140045648

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: f127d242809d97ca908363193cd24a03b76cbfffee8668c6e7b7a453e9ecd6ea
Instruction ID: b9e67c52549a19b765a407d03e59be34886c9765c5b5813abd4b4c73bfa33a58
Opcode Fuzzy Hash: f127d242809d97ca908363193cd24a03b76cbfffee8668c6e7b7a453e9ecd6ea
Instruction Fuzzy Hash: A6F0E2B232479495D751EF2BB440B5AA7A4F788BD0F925021BE8E87B65EE34C011CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004386C, Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON

Download Yara Rule

APIs

NtDelayExecution.NTDLL(?,?,?,?,?,?,?,00000001400282A3), ref: 00000001400438A9

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: d436027846ca2947f8498c9f40df080fd2862fc952f90064f548782accd3a284
Instruction ID: 19f770493e311d9c0997ff8f72bd8435b6b89262e1d90723e65da2158467533b
Opcode Fuzzy Hash: d436027846ca2947f8498c9f40df080fd2862fc952f90064f548782accd3a284
Instruction Fuzzy Hash: 15E04F72B5634089DE6DA766641136EA1D0BBCC344F45123E768E837A5EF3CC6018B48

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140049CF8, Relevance: 1.5, APIs: 1, Instructions: 16nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL ref: 0000000140049D20

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 7ea39bda04495e70f2efefb1fe3f554fef6bf952ee667373fa2064ca9a84462f
Instruction ID: 6b2c6cf86b919e81b47f3235a509161c5d2e7720e8260aa51c3b4cff3db5bcbe
Opcode Fuzzy Hash: 7ea39bda04495e70f2efefb1fe3f554fef6bf952ee667373fa2064ca9a84462f
Instruction Fuzzy Hash: D7D09E76A5065580FE667B93B1413E552505F9D7C0F0B54706FD8077A6DD3948824314

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004271C, Relevance: .6, Instructions: 577COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb9fa69fecdab36775b44b09a7b26ea81668c22c4d8dcd95cb1cbf109c0212f3
Instruction ID: c2c0d1a6b589db8d75f93e07a21950cab1d10a8e768b21fc6f7e431ea7080baa
Opcode Fuzzy Hash: eb9fa69fecdab36775b44b09a7b26ea81668c22c4d8dcd95cb1cbf109c0212f3
Instruction Fuzzy Hash: BF428372615A8481EB62EB26E4543DEB7A1F7887C4F824132FB8D477A6EF38C549C704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003A688, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: ed27a40ed4b2e1c9f194dfad3544493bf67d3df3a0fd2d18adc9557efa8cd11f
Instruction ID: e27d8be78f3596b786bc9a5026c261f0f5f7843106ea287111c2b3cdda562445
Opcode Fuzzy Hash: ed27a40ed4b2e1c9f194dfad3544493bf67d3df3a0fd2d18adc9557efa8cd11f
Instruction Fuzzy Hash: B8D12E3221498051FA63E726E5527EE6351EBD97C0F854032BB8E475F7EE78C94AC704

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400431CC, Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 333b3cecbb9219aaad4223bef895ad8ca278d2bfd05b4bafe2a3856fb304f36b
Instruction ID: 7cbdad4493fe3af49b03be2d39fca700649f93a176ae41ceb7e664016ca2f87b
Opcode Fuzzy Hash: 333b3cecbb9219aaad4223bef895ad8ca278d2bfd05b4bafe2a3856fb304f36b
Instruction Fuzzy Hash: BCB1C072200A4091FA66DF17E4557EE63A1F799BC0F866036BB49476E6DB78C885C304

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140053AF0, Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6df429a82e206470af0cdf23cebd4985cb5f2bd775537dddfe5e64a339015ac2
Instruction ID: 0fdb0cdf0d472f9d1b4f92fe41089ec25c0114d730e384dc442d5f4c95866c11
Opcode Fuzzy Hash: 6df429a82e206470af0cdf23cebd4985cb5f2bd775537dddfe5e64a339015ac2
Instruction Fuzzy Hash: EE51293131424140FE63EA27A5517EA5A92ABDC7E4F880221BF695B6F3EF37C8098715

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140045BE0, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18186506607b3ba3a34d6ac96d73757a16d7be88df8b63b30c18dfa220694384
Instruction ID: f50615edb5a5df1a4c229ce64c7c0df82d772f4c4c7a538366d7f45c708fb1a2
Opcode Fuzzy Hash: 18186506607b3ba3a34d6ac96d73757a16d7be88df8b63b30c18dfa220694384
Instruction Fuzzy Hash: 2611FE7270060050F75BF737D8597DA2356EBA9384F8A803AB70A435A6DD3DC58BC308

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140045800, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78d61a8ba99d4b801a8a99695b673d2904ea83ed50687b0f271758746e4807da
Instruction ID: a44944d72caab567585fc562bff8cf15b294ce337cae6f7657e80cf73b6eee54
Opcode Fuzzy Hash: 78d61a8ba99d4b801a8a99695b673d2904ea83ed50687b0f271758746e4807da
Instruction Fuzzy Hash: 74F0397060468099F702AB63A8453E43BA1A31C7C5F05102BBB0C6B672EE3CA0908B69

Uniqueness

Uniqueness Score: -1.00%

Function 0000023A84F62251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 0000023A84F623A9
VirtualProtect.KERNELBASE ref: 0000023A84F6246A
RtlAvlRemoveNode.NTDLL ref: 0000023A84F625AC
VirtualProtect.KERNELBASE ref: 0000023A84F62672

Memory Dump Source

Source File: 00000001.00000002.760042207.0000023A84F60000.00000040.00000001.sdmp, Offset: 0000023A84F60000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: f669005f9c35b8107210185306171f12202f6a91e1bf67fa6f0f2a715295ed0e
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: 54B13576618BC586E770CB1AE4407AEB7A1F7C9B80F10802AEEC957B59DB7DC9418F40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400378D0, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 221COMMON

Download Yara Rule

APIs

EntryPoint.0G0AO3HYEI ref: 0000000140037A13

Strings

)8GV, xrefs: 00000001400379C3

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: EntryPoint
String ID: )8GV
API String ID: 3225343992-3946227331
Opcode ID: 277968e17de3dea6953029b92cd12b574d6f00553a2afee851bb8f4ea11f66d3
Instruction ID: 30f480b0fa57001bb2fe3e04df2189e1212c3a164dc0711a875eab596bf9548d
Opcode Fuzzy Hash: 277968e17de3dea6953029b92cd12b574d6f00553a2afee851bb8f4ea11f66d3
Instruction Fuzzy Hash: 83919F7222468051EA63E723E851BEE63A0BBC97D4F955132BB5E4B2F7DE78C845C304

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004524C, Relevance: 3.1, APIs: 2, Instructions: 134COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE ref: 00000001400452D7
GetTokenInformation.KERNELBASE ref: 0000000140045330

Part of subcall function 0000000140049CF8: NtClose.NTDLL ref: 0000000140049D20

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: InformationToken$Close
String ID:
API String ID: 2126238950-0
Opcode ID: eccd7fbd02d052a6ef390e3e0de5c5a24942d907b77578f6dc5eaee3686b5ebd
Instruction ID: 815aa264d46fb8bdeaa843cd553f33f95f514acae1cac6ac295956a74bdff777
Opcode Fuzzy Hash: eccd7fbd02d052a6ef390e3e0de5c5a24942d907b77578f6dc5eaee3686b5ebd
Instruction Fuzzy Hash: B241073231569082FAA3B613A4517ED5690A7CCBD6F164031BF4E4B6F7DAB8C981C704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140050AA4, Relevance: 3.1, APIs: 2, Instructions: 71registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE ref: 0000000140050B1E
RegQueryValueExA.KERNELBASE(?,?,-3FA727B001CC7BF9,?,?,00000001,0000000140050BBD), ref: 0000000140050B77

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: f486ebd64d593ee86f9370ef1fb808c6193fffce51adef5e662ca72e5427e83b
Instruction ID: 517f7063c24002fe097d8899ace396ffdc11ae0d76264d61a8b816b5c1da6242
Opcode Fuzzy Hash: f486ebd64d593ee86f9370ef1fb808c6193fffce51adef5e662ca72e5427e83b
Instruction Fuzzy Hash: F921C232311B5185FB92DE23A944B9E2394F789BE4F458121BE29477A1EB36C842C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004EE00, Relevance: 3.1, APIs: 2, Instructions: 66filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 000000014004EE9E
SetFileTime.KERNELBASE(?,?,?,?,?,00000000,00000001,00000000,00000000,000000014004EF8A), ref: 000000014004EEFE

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: File$CreateTime
String ID:
API String ID: 1043708186-0
Opcode ID: 7b54bfc3b8c376e2484aed8bef43abaa061974c3bcb080f5381599911e95cbad
Instruction ID: 4965a2f0ada33bbef9bb485caa991f6d4dee6eb8172efecfce58e40d26985bdd
Opcode Fuzzy Hash: 7b54bfc3b8c376e2484aed8bef43abaa061974c3bcb080f5381599911e95cbad
Instruction Fuzzy Hash: 57112C7235528442FB63DA57A906BF962856BCDBD4F4B0435BF0A0B7D2DE74C486C308

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004EE2C, Relevance: 3.1, APIs: 2, Instructions: 66filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 000000014004EE9E
SetFileTime.KERNELBASE(?,?,?,?,?,00000000,00000001,00000000,00000000,000000014004EF8A), ref: 000000014004EEFE

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: File$CreateTime
String ID:
API String ID: 1043708186-0
Opcode ID: 7dbd639522359edf84f1325039a0e177737775ed75b20e8c0f305b198d5a329c
Instruction ID: 0f6b8c235dc485c170bc8e773cbd41a4b314d672eaac20dc234d77e59a93f560
Opcode Fuzzy Hash: 7dbd639522359edf84f1325039a0e177737775ed75b20e8c0f305b198d5a329c
Instruction Fuzzy Hash: 4A11EB7235528442FB63DA57A90ABE9628567CD7D4F4B0435BF0A0B3E2DF74C585C318

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004EE17, Relevance: 3.1, APIs: 2, Instructions: 65filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 000000014004EE9E
SetFileTime.KERNELBASE(?,?,?,?,?,00000000,00000001,00000000,00000000,000000014004EF8A), ref: 000000014004EEFE

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: File$CreateTime
String ID:
API String ID: 1043708186-0
Opcode ID: c1f618fb17d8d5f7cdbbaab43a5feaaa2fd0f0f75dc1c915156d14d1cf5b44ad
Instruction ID: c0479f22c635c3150f300bf61dcf8dbc6a4dbe2676c29cb3dd22d41c272d7466
Opcode Fuzzy Hash: c1f618fb17d8d5f7cdbbaab43a5feaaa2fd0f0f75dc1c915156d14d1cf5b44ad
Instruction Fuzzy Hash: CC112C7275528442FB63D657AA067FA62826BCDBD4F4B4435BF0A0B3D2DE78C486C308

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004EDF6, Relevance: 3.1, APIs: 2, Instructions: 61filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 000000014004EE9E
SetFileTime.KERNELBASE(?,?,?,?,?,00000000,00000001,00000000,00000000,000000014004EF8A), ref: 000000014004EEFE

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: File$CreateTime
String ID:
API String ID: 1043708186-0
Opcode ID: ba094f71801e8ed88aee0053561641b4316ac0fe88022ca4e5159deea8a1fa41
Instruction ID: b098bd92ed46f1a14ea65591fe5dc81009e3fa7f6566438aa721ce67196eacbf
Opcode Fuzzy Hash: ba094f71801e8ed88aee0053561641b4316ac0fe88022ca4e5159deea8a1fa41
Instruction Fuzzy Hash: 4A11E97235528442FA63DA57A9067E962856BCDBD4F4A0435BF0A0B3E2DE74C589C308

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004EE4B, Relevance: 3.1, APIs: 2, Instructions: 59filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 000000014004EE9E
SetFileTime.KERNELBASE(?,?,?,?,?,00000000,00000001,00000000,00000000,000000014004EF8A), ref: 000000014004EEFE

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: File$CreateTime
String ID:
API String ID: 1043708186-0
Opcode ID: da34cd3329cd6f1ac532136db3e349b43c57658d3b22f1587ad125d20782ea2c
Instruction ID: 7ec738e19081c986d461a256423ab6647baf5e76da3078fceb27b7aa070ae054
Opcode Fuzzy Hash: da34cd3329cd6f1ac532136db3e349b43c57658d3b22f1587ad125d20782ea2c
Instruction Fuzzy Hash: 4E110C7235524441FA63DA57A5067E952856BCDBD4F4A0435BF0A0B3D2DE74C586C308

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400466B8, Relevance: 3.0, APIs: 2, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,?,?,-3FA727B001CC7BF9,00000000,0000000140053DFA), ref: 00000001400466FA
RtlCreateHeap.NTDLL(?,?,?,-3FA727B001CC7BF9,00000000,0000000140053DFA), ref: 0000000140046752

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocateCreate
String ID:
API String ID: 2875408731-0
Opcode ID: c78a6b20e998b2a0863b6beb35c9ee27c153e8ee6b6c48c296a29747fa189a80
Instruction ID: e8168db5e0586839b18fa96fa0a2c061a30582a59b7c4b798cabda7e74edde1d
Opcode Fuzzy Hash: c78a6b20e998b2a0863b6beb35c9ee27c153e8ee6b6c48c296a29747fa189a80
Instruction Fuzzy Hash: C601D47235161591F612EBA7B90ABAA2294634CBE4F428432BF0D4B7A1FD358042C71A

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140059880, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140049CF8: NtClose.NTDLL ref: 0000000140049D20

GetExitCodeProcess.KERNEL32 ref: 000000014005993A

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCodeExitProcess
String ID:
API String ID: 1252061823-0
Opcode ID: d088bfd658ea8b2f5116aea242bc3e41650b626661552948db14a64ea25351ea
Instruction ID: 83e82dffd6968143bff17c1fe49ae92a75aa765cafbda8ad152459bed589c72c
Opcode Fuzzy Hash: d088bfd658ea8b2f5116aea242bc3e41650b626661552948db14a64ea25351ea
Instruction Fuzzy Hash: 6B31BF7221474286EF12DB5AE4507AE77A4FBC9BC0F560029AF89477A2DF79C501CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004F1A8, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE ref: 000000014004F209

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 5b5d08ed94846bc216aab545921e26eee04ba0f8b2f0368fbd1f98072fe5f5d9
Instruction ID: 634dbe856b0751620063b59c3f51cff5f47b37c42158a0dd7a9870b58b6fbfd0
Opcode Fuzzy Hash: 5b5d08ed94846bc216aab545921e26eee04ba0f8b2f0368fbd1f98072fe5f5d9
Instruction Fuzzy Hash: A701F77632428296EA92DF237901BBA3390B74C7C0F431431BF4A8B7A1DB78D002E708

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004FD1C, Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,-3FA727B001CC7BF9,-3FA727B001CC7BF9,000000014004FCF9,?,?,?,?,?,?,?,00000001400422AE), ref: 000000014004FD4B

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 030ce8bd5da0ec6e7cbebd772c24d17eca63428c6a4732388e53c2d46ef12bad
Instruction ID: 3668fdd341d13e7383fac044b9d457da258575c02d17fa6d5a8a5bef4b38353c
Opcode Fuzzy Hash: 030ce8bd5da0ec6e7cbebd772c24d17eca63428c6a4732388e53c2d46ef12bad
Instruction Fuzzy Hash: 01018131F1120155FE67E6635445BF912C69B4D7C8F430835BF298B2F1EA74E447A309

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004F11C, Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE ref: 000000014004F174

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 341636cc73d4ba590c3b193dd3a03a2b3be0b6c8cd03cc52ad757502253323c0
Instruction ID: a0915f61e9bfde404d1e5d3434a783e7dec780e19e09d353d3244ebd8b91a8a6
Opcode Fuzzy Hash: 341636cc73d4ba590c3b193dd3a03a2b3be0b6c8cd03cc52ad757502253323c0
Instruction Fuzzy Hash: 8801F4B1700680C1FAA6DA23E9007BA26D0A78D3D8F424631FF9D877B5EB38D4429748

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400508D4, Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON

Download Yara Rule

APIs

RegEnumValueA.ADVAPI32 ref: 0000000140050939

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: EnumValue
String ID:
API String ID: 2814608202-0
Opcode ID: 9ed8f359153f7a316a5f66244d12db11a142e47d3948bae118383c5bc0dec960
Instruction ID: 7e2766d4525fd58cd3d69c204a454ebb63a73fa674891528886be41876368a17
Opcode Fuzzy Hash: 9ed8f359153f7a316a5f66244d12db11a142e47d3948bae118383c5bc0dec960
Instruction Fuzzy Hash: 0A015A32200B0081EB52DF56E845BD976A4F7887D9F65413AAF9C47754DF76C94AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400451C4, Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE ref: 000000014004522D

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 22f0f941c7aa5a3053fe439c030574998dee2c15e808160a166e3a2c6234fcf2
Instruction ID: 3310ddc9c40c1bf9efbc1bd687d2f3733fcb87448684b1dd695d4f358ab71de7
Opcode Fuzzy Hash: 22f0f941c7aa5a3053fe439c030574998dee2c15e808160a166e3a2c6234fcf2
Instruction Fuzzy Hash: FE012831364741C0FA92A663A502BEE12D47B8ABD5F4500337F4A8F7E2EEB8C8C5C614

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400440B8, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32(?,?,?,?,?,00000001,0000000140044097,?,?,?,?,00000000,0000000140049D96), ref: 0000000140044113

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 5ac91c3158037f1daa3cb5af00181d527f403fb85ce5849737c7777152384c0b
Instruction ID: a497da57bce658a283fdc2c033c119a01fcf3192d3414c3e29961b469315da8b
Opcode Fuzzy Hash: 5ac91c3158037f1daa3cb5af00181d527f403fb85ce5849737c7777152384c0b
Instruction Fuzzy Hash: D301FB7171454482EE52EB56D8523E92361FBCDBC8F824422BF8D4B7A6DE3CC5068754

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140050740, Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(?,?,?,0000000140050714,?,?,?,?,?,?,?,?,?,?,?), ref: 000000014005075F

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: d0e926472a0d5fd1457cccc99c2e05852b631758e75cc8c3a530b7fc14c246f7
Instruction ID: f71e4032bab4cf6bec162a1ab0a9df5ecefd686c173f0238a635de3e8ea2280d
Opcode Fuzzy Hash: d0e926472a0d5fd1457cccc99c2e05852b631758e75cc8c3a530b7fc14c246f7
Instruction Fuzzy Hash: 1AC01224B9E50888F96766B325613F901941B9CBC0E1C04302E1F4A392D81671914924

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140046AE8, Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

RtlDeleteBoundaryDescriptor.NTDLL(?,?,?,?,00000000,000000014004C008,-3FA727B001CC7BF9,000000014004A8A7,?,?,?,?,?,00000001400435A3), ref: 0000000140046B10

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: BoundaryDeleteDescriptor
String ID:
API String ID: 3203483114-0
Opcode ID: 8678201136c86982c4deef6fda293be041d6ae6f38f76fc7de58201ce8abb08b
Instruction ID: 593adbc4618781ce20a713c8316992fccca3aa15fce3ef34a1d7600fe6bc3d34
Opcode Fuzzy Hash: 8678201136c86982c4deef6fda293be041d6ae6f38f76fc7de58201ce8abb08b
Instruction Fuzzy Hash: FFD0226075018040FD06A3E3BE053A540610FCCBC0F4C80322E2C533B6DD3881C20204

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004FBCC, Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?,?,?,000000014004FCBA,?,?,?,?,?,?,?,00000001400422AE), ref: 000000014004FBEB

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 153aa7d0758e6bdd324707022a8545b1745d4a1247f5290230369271eaa7cb26
Instruction ID: 81ef945d985d3455bdadbf3a2d093a262a04cdbd17192f27ea12c9304e553ffc
Opcode Fuzzy Hash: 153aa7d0758e6bdd324707022a8545b1745d4a1247f5290230369271eaa7cb26
Instruction Fuzzy Hash: 21C012207A504889F95672B368223F40044479D7D0E1D08303F2E8F392ED6850D16274

Uniqueness

Uniqueness Score: -1.00%

Function 0000023A84F62057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,0000023A84F6298F), ref: 0000023A84F620A4

Memory Dump Source

Source File: 00000001.00000002.760042207.0000023A84F60000.00000040.00000001.sdmp, Offset: 0000023A84F60000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: c744f249599dd2abc84adf833e7e2829baf0a1064bd7c570872440d772ccc286
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: 44315A72614B9486D790DF5AE05475A7BA1F389FC4F20402AEF8D87B18DF3AC842CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 000000014002CA14, Relevance: 8.2, Strings: 6, Instructions: 748COMMON

Download Yara Rule

Strings

4040, xrefs: 000000014002D030
3050, xrefs: 000000014002D7C9
3050, xrefs: 000000014002CF79
0020, xrefs: 000000014002D69D
0020, xrefs: 000000014002D7C4
GNOP, xrefs: 000000014002CFB8

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0020$0020$3050$3050$4040$GNOP
API String ID: 0-829999343
Opcode ID: ee14df4c5c31a17e28e00c8b68dd2907e3337761399c16e200a2c993d78d17c1
Instruction ID: 356b16f34d02ccaf899abe365f203e32873e5895a0f8793735cc37a5e8280d15
Opcode Fuzzy Hash: ee14df4c5c31a17e28e00c8b68dd2907e3337761399c16e200a2c993d78d17c1
Instruction Fuzzy Hash: AA728072214A84A1EB72EB26D4557DE6360F7987C4F814036BB4D476F7EE38CA4ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005CD24, Relevance: 7.2, Strings: 5, Instructions: 927COMMON

Download Yara Rule

Strings

a, xrefs: 000000014005E2E8
X, xrefs: 000000014005E368
0u, xrefs: 000000014005DF79
Z, xrefs: 000000014005DF59
O, xrefs: 000000014005E7E1

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0u$O$X$Z$a
API String ID: 0-4014663077
Opcode ID: 2f1889f8629d691bc5e9b2e56e4b389abc8fdba6f84189d4658499a9c1e45239
Instruction ID: 387181aede0dbe1f7c90b6151e51e2f0886461034603560bccaca51b53138e34
Opcode Fuzzy Hash: 2f1889f8629d691bc5e9b2e56e4b389abc8fdba6f84189d4658499a9c1e45239
Instruction Fuzzy Hash: 0FA206721087C48AE776CF2AE4447DEBBA0F389784F548116EBC947BA9DB39C594CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140061598, Relevance: 5.7, Strings: 4, Instructions: 735COMMON

Download Yara Rule

Strings

VUUU, xrefs: 0000000140061996
VUUU, xrefs: 00000001400619D8
VUUU, xrefs: 0000000140061A50
ERCP, xrefs: 00000001400616C4

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU
API String ID: 0-2165971703
Opcode ID: fb00d0ce2cb50678b811d0fa78faa5923409941479328ec4d3a1be59f43228a0
Instruction ID: 6fe43a953f165d6d2dde0bc928034c8a3e4858e429b67e4e167dfc745c5571b2
Opcode Fuzzy Hash: fb00d0ce2cb50678b811d0fa78faa5923409941479328ec4d3a1be59f43228a0
Instruction Fuzzy Hash: EE62B5722087C486E7728F16E8447EAB7A2F3997D4F684915EB9D47BE4CB78C485CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005078, Relevance: 5.4, Strings: 4, Instructions: 442COMMON

Download Yara Rule

Strings

GET, xrefs: 0000000140005120
POST, xrefs: 0000000140005659
P, xrefs: 00000001400051F4
*/*, xrefs: 0000000140005665

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: */*$GET$P$POST
API String ID: 0-3922522044
Opcode ID: 90afb1f8064a757d53a9a6ff84dbeaf3cc88042f59099d4bffd08dd2567e76a8
Instruction ID: 90e870cde1f07be08e25ff8751178486e86e5381b3927819218e9ef55f0fd372
Opcode Fuzzy Hash: 90afb1f8064a757d53a9a6ff84dbeaf3cc88042f59099d4bffd08dd2567e76a8
Instruction Fuzzy Hash: 0F228E72214AC095EB62EB26E8957DE7360FB897C4F854022FB4D47ABADF78C549C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005CDAB, Relevance: 4.2, Strings: 3, Instructions: 413COMMON

Download Yara Rule

Strings

O, xrefs: 000000014005F1B7
L, xrefs: 000000014005F17A
, xrefs: 000000014005F125

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: $L$O
API String ID: 0-1186474355
Opcode ID: 71fd0ce76d69c146db88b23a84eceada58584cbdf6fb681526888234026e345f
Instruction ID: d40effe4a4273526e113f78d71c97953415dea4327bad108e34916f54511fd68
Opcode Fuzzy Hash: 71fd0ce76d69c146db88b23a84eceada58584cbdf6fb681526888234026e345f
Instruction Fuzzy Hash: BF125272208BC48AE772CF16E4447EEB7A1F389B94F544116EB8947BA9CB7DC481DB01

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002D95C, Relevance: 4.2, Strings: 3, Instructions: 411COMMON

Download Yara Rule

Strings

0020, xrefs: 000000014002DDED
4040, xrefs: 000000014002DDF4
0020, xrefs: 000000014002DAB2

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0020$0020$4040
API String ID: 0-2301653233
Opcode ID: aa067af31c941e6983b1e43ce2853e5141d01e48bf0c6e16292fc14b0dc7777a
Instruction ID: 243e9e2a0b9b919a5f6bcc45d3c0caa8ea8a2dafb0fc456be01a8150b6359153
Opcode Fuzzy Hash: aa067af31c941e6983b1e43ce2853e5141d01e48bf0c6e16292fc14b0dc7777a
Instruction Fuzzy Hash: 0012E072214AD091EB62EB26D0557EE6324FB983C4F818422FB4D476E6EF74CD4ACB01

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005CFCA, Relevance: 3.2, Strings: 2, Instructions: 669COMMON

Download Yara Rule

Strings

R, xrefs: 000000014005FB94
X, xrefs: 000000014005FADA

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: R$X
API String ID: 0-69278636
Opcode ID: da336ed34350ac00bc865c028a8e733b27c177f0b5c27b1449611788459f5bab
Instruction ID: f58951c9dc4a898353c81f999da1d7884c596c0bc0f199cb12e3ea76cb90fc99
Opcode Fuzzy Hash: da336ed34350ac00bc865c028a8e733b27c177f0b5c27b1449611788459f5bab
Instruction Fuzzy Hash: E7626E725086C4CAE772CB1AE4447EEBBA1F389784F144117EB9887AA9DB7DC484DF01

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038424, Relevance: 2.7, Strings: 1, Instructions: 1407COMMON

Download Yara Rule

Strings

m", xrefs: 00000001400392C8

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: m"
API String ID: 0-521656021
Opcode ID: 8aab6e3e3e091dfc79b7a88fb7453cbdaa56b681cf6d948a7f2076bb24361572
Instruction ID: d07ebffd0d397aab17b09172a24752fdb8a1908e683a01bf6f682d2955ee2413
Opcode Fuzzy Hash: 8aab6e3e3e091dfc79b7a88fb7453cbdaa56b681cf6d948a7f2076bb24361572
Instruction Fuzzy Hash: EEE25272218AC091EA73EB26E4557DF6360E7D9780F814122BB8E879F6EF78C545CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003CC38, Relevance: 2.1, Strings: 1, Instructions: 846COMMON

Download Yara Rule

Strings

@, xrefs: 000000014003D793

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: DelayExecution
String ID: @
API String ID: 1249177460-2766056989
Opcode ID: c90ae3790efe080f616e7e6a5c6c77c7d47846fd1559427b55e15d5efa5a9c85
Instruction ID: 7b948741ba49495318ff39dfa16fe85eed064e81c9b6c4d8989e4fa6c196ccc2
Opcode Fuzzy Hash: c90ae3790efe080f616e7e6a5c6c77c7d47846fd1559427b55e15d5efa5a9c85
Instruction Fuzzy Hash: 2482837221468091EB52EB66E4453DE7360E7D87D0F844532BB8E876FAEF38C54ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140019928, Relevance: 1.8, Strings: 1, Instructions: 594COMMON

Download Yara Rule

Strings

h, xrefs: 0000000140019AE3

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: 7072d96ede4ce2052cc70d6ef0381f38c960d039c50ea8920bbf8fac9ba9c183
Instruction ID: f4f4607ba5750f3ff218fb8169964a6d9d9f9615f11e83ccdc491b6a9728f9a3
Opcode Fuzzy Hash: 7072d96ede4ce2052cc70d6ef0381f38c960d039c50ea8920bbf8fac9ba9c183
Instruction Fuzzy Hash: 5A42B37220868051EA63EB26E4513EE6350EBD97D0F854132BB4D875FBEF79C64ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003DDA4, Relevance: 1.8, Strings: 1, Instructions: 525COMMON

Download Yara Rule

Strings

, xrefs: 000000014003E45F

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: c4516ee4fa31e825e768167dd26b25eb75157d82213b077c0e118d073c47ebee
Instruction ID: 8954ed08cc38ac81b7865467fd67f211b8599e4697586564a349b60f878bbc72
Opcode Fuzzy Hash: c4516ee4fa31e825e768167dd26b25eb75157d82213b077c0e118d073c47ebee
Instruction Fuzzy Hash: BF227C7230468086EA16FB27D8513EE6360B789BD1F554536BB1A877F7EF38C9068B04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003BCE4, Relevance: 1.8, Strings: 1, Instructions: 522COMMON

Download Yara Rule

Strings

, xrefs: 000000014003C393

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 491769197850fbadf460cb7f1b73974daa3d478765df957b0e2084d87bf72e50
Instruction ID: 6b75672cfe595151bbde2052339f63db7ba53f0296456aeae95220ba28780588
Opcode Fuzzy Hash: 491769197850fbadf460cb7f1b73974daa3d478765df957b0e2084d87bf72e50
Instruction Fuzzy Hash: 1C22B27230468086EA26EB27D8413EE6361F7897D1F554531BB59877F7EE38C9068704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140029320, Relevance: 1.7, Strings: 1, Instructions: 482COMMON

Download Yara Rule

Strings

)8GV, xrefs: 0000000140029917

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateMemoryVirtual
String ID: )8GV
API String ID: 2167126740-3946227331
Opcode ID: 30296fd78cdb420f4370f4f4d72f2f91adabd2b943d04a01910592743206352e
Instruction ID: 10c1279177a0494aae23dfb2c842b3d5bf0b76b302c94a360202407208e8e320
Opcode Fuzzy Hash: 30296fd78cdb420f4370f4f4d72f2f91adabd2b943d04a01910592743206352e
Instruction Fuzzy Hash: 37226F72314A8190EA62EB26E8517DE6361FBC97C4F854036BB4D47AE7EF38C905CB05

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002BB18, Relevance: 1.7, Strings: 1, Instructions: 469COMMON

Download Yara Rule

Strings

4:Lx, xrefs: 000000014002C01C

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: EnumValue
String ID: 4:Lx
API String ID: 2814608202-1977821611
Opcode ID: dff6cadcbe25e22d7873d8fbd8f844d5b0b311d8c582249d3658d38b8c9f267d
Instruction ID: 9de206c3fcf31fdab87be55fbd22058f8cf9662c311e7a688b94ac5a8ceb0971
Opcode Fuzzy Hash: dff6cadcbe25e22d7873d8fbd8f844d5b0b311d8c582249d3658d38b8c9f267d
Instruction Fuzzy Hash: 5222A73221858091FA72EB22E4513EE6360E7D93E4F954522B75E875F7EF78CA49CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400258FC, Relevance: 1.7, Strings: 1, Instructions: 418COMMON

Download Yara Rule

Strings

Content-Type, xrefs: 0000000140025C23

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: Content-Type
API String ID: 0-2058190213
Opcode ID: 76ab9dfae0b11dbe7bb647bc6894e7fdfd72da687d5fcb1a173cb8e56e19003b
Instruction ID: dd2961d55033f1dd2f49be00355e95955b690614fa1f9469657962adc0d9727f
Opcode Fuzzy Hash: 76ab9dfae0b11dbe7bb647bc6894e7fdfd72da687d5fcb1a173cb8e56e19003b
Instruction Fuzzy Hash: 9202C23231468096EB76FB27E4553EE6351F7987C4F804026BB4A47AF6EE38C94AC704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001A66C, Relevance: 1.6, Strings: 1, Instructions: 374COMMON

Download Yara Rule

Strings

h, xrefs: 000000014001A807

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: 83b62bd43344fdf653918ceeaabdee0fd21b0dfca2a2d24e4b2e08479a436939
Instruction ID: 15c79e4ea189db81c61871ae3d03f1958243f6cf3faf1ce9dfff72c7a1c885b8
Opcode Fuzzy Hash: 83b62bd43344fdf653918ceeaabdee0fd21b0dfca2a2d24e4b2e08479a436939
Instruction Fuzzy Hash: 53F17D3221868051EA77EB22D4513EE6355EBC97C0F854132BB4D4B5F7EE79CA4ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400557DC, Relevance: 1.6, Strings: 1, Instructions: 347COMMON

Download Yara Rule

Strings

(, xrefs: 0000000140055837

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 15b50b05b69eca941ebcda77cf7c0e1d699335a0ab907b65294bfde504a6b7e0
Instruction ID: ef74a4811f00421b3861909ae3df24c126d53536f14d1dae71c2132744ce6877
Opcode Fuzzy Hash: 15b50b05b69eca941ebcda77cf7c0e1d699335a0ab907b65294bfde504a6b7e0
Instruction Fuzzy Hash: 3CE1BB732046449BEB26FB23D4517DD33A5F78CBC1F428126BB4A476A6EB38DA45CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001C05C, Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

h, xrefs: 000000014001C315

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFind$FirstNext
String ID: h
API String ID: 1690352074-2439710439
Opcode ID: 384bcf0001c1886dbb90596a02059b026ebe1ef8cd0e1dd8ea76b6dc5a2a6d7c
Instruction ID: 37ef1e29a1df68750ab3a8fe2a391ee9352076786285f0e4a1679bc3fa2bf329
Opcode Fuzzy Hash: 384bcf0001c1886dbb90596a02059b026ebe1ef8cd0e1dd8ea76b6dc5a2a6d7c
Instruction Fuzzy Hash: ACE19F322186C091EA72EB26E4557EE6350EBC97C0F854122BB4D479F6DF79CA4ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006BA1C, Relevance: 1.6, Strings: 1, Instructions: 308COMMON

Download Yara Rule

Strings

@, xrefs: 000000014006BD31

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 432128fce391129affea0ab4d67771d1ab4b326bf8c185cb5b208fbc6bb7dd3c
Instruction ID: c764f7acc1e29c3b1bfd69998f5e68c0e1c35fb3069282f589f0608e9acfd4d8
Opcode Fuzzy Hash: 432128fce391129affea0ab4d67771d1ab4b326bf8c185cb5b208fbc6bb7dd3c
Instruction Fuzzy Hash: 99C12CB311879486E7768F2AD8403AB77A6F39C394F245615FB8D436A4EB7CC585CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002A214, Relevance: 1.5, Strings: 1, Instructions: 299COMMON

Download Yara Rule

Strings

)8GV, xrefs: 000000014002A66B

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: )8GV
API String ID: 0-3946227331
Opcode ID: 63a008e5d3d5618c7697fa34d8125e4173dbb919cfe2a74b1d3e7aa1d21e8c7c
Instruction ID: e7784f472742022b51f178041a01eac8b853474124928506b79cafec91966f0d
Opcode Fuzzy Hash: 63a008e5d3d5618c7697fa34d8125e4173dbb919cfe2a74b1d3e7aa1d21e8c7c
Instruction Fuzzy Hash: E9E16172314A8091EA62EB26E4513EE6361F7D97C4F814432BB4E439F7EE78C949CB05

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000732C, Relevance: 1.5, Strings: 1, Instructions: 278COMMON

Download Yara Rule

Strings

8, xrefs: 000000014000772C

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: de4ba8dc5be3dd3d107c9b3860031b49117ff171f93bd796e265596493e8eb8b
Instruction ID: 0c96b3bb1331349ee828202f0b2b8fdbd7f34504e29c4ac9316ccd82cb7bbd2a
Opcode Fuzzy Hash: de4ba8dc5be3dd3d107c9b3860031b49117ff171f93bd796e265596493e8eb8b
Instruction Fuzzy Hash: E2C13172314AC0A1EA62EB66E8517EE6361F7D87C4F818022BB4D476B7DF78C549CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037D24, Relevance: 1.5, Strings: 1, Instructions: 209COMMON

Download Yara Rule

Strings

, xrefs: 0000000140037DAF

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8c45dc1fd867d1931896ac1289c7850d3831d3ec5854943dc15611896e371279
Instruction ID: bd013b986bccb95e863d4b9fb9a0bea60b924e773faef38dfdeb094c765e5923
Opcode Fuzzy Hash: 8c45dc1fd867d1931896ac1289c7850d3831d3ec5854943dc15611896e371279
Instruction Fuzzy Hash: 8F91D472305AC599EB62EB26E4147DEA351E7887C4F404131BB8D47BAAEF39C54ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140033984, Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

VUUU, xrefs: 0000000140033C18

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: VUUU
API String ID: 0-2040033107
Opcode ID: 557f118729934538ec9e7075a254316694112f95248f80aa637d74695574ae24
Instruction ID: 6d17721f05edd813b04858801196553dff24e9a7dea1ceeb8acb8170bbb443e8
Opcode Fuzzy Hash: 557f118729934538ec9e7075a254316694112f95248f80aa637d74695574ae24
Instruction Fuzzy Hash: 3771503232458091EA62E766E8927EE6361FBC97C4F815132BB4D479F7DE78C949CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140057820, Relevance: 1.4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

0, xrefs: 000000014005786F

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 616aa20273784b9d670229da0a79f5fa514c4c21989a5eae6e8a0268e64fac22
Instruction ID: ac8f5048f8f68a7313ea225b74f00c7150461265de9df7fa90f3e8bfcf568688
Opcode Fuzzy Hash: 616aa20273784b9d670229da0a79f5fa514c4c21989a5eae6e8a0268e64fac22
Instruction Fuzzy Hash: A971AD76218A8081EB52EB66E450BEE6361FBC8BC0F454026FF4E47BA6DF39C509C745

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000BBC4, Relevance: .9, Instructions: 916COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a7adb053c3018cc79c4a0768b5738d7bacf7675c3af03762da024360d3b600
Instruction ID: de61da9168f792ab320152e590739c0cbea05f6200c3328605642294cf45bf87
Opcode Fuzzy Hash: a8a7adb053c3018cc79c4a0768b5738d7bacf7675c3af03762da024360d3b600
Instruction Fuzzy Hash: 7B82F5B2225A8092FA63EB17F451BEE6350F789BC8F414022FB4A479F6DE79C585C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140056790, Relevance: .9, Instructions: 875COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindFirstInformationToken
String ID:
API String ID: 3675931825-0
Opcode ID: d6fdab5164cccfa2e6eddff2be38634ff96178e765bfa9a905dc4fbae7a8b42c
Instruction ID: e56c1fd0f14318e9fa9d642f98a6930b8b2a4a0bd0068d64fcde8ffe4270d522
Opcode Fuzzy Hash: d6fdab5164cccfa2e6eddff2be38634ff96178e765bfa9a905dc4fbae7a8b42c
Instruction Fuzzy Hash: C79260323186C090EA62EB26E4517EE6351EBD97D4F814032BB4D479FBDE39C949CB05

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400172A8, Relevance: .9, Instructions: 857COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 805dde5864dff6413552964ac848d9f50dd75d5315d6ff1b517babda40d6092e
Instruction ID: 68790f09a0475486cdfdf58af8bd30fe52a72b8413839995fe3c25945e3d6be5
Opcode Fuzzy Hash: 805dde5864dff6413552964ac848d9f50dd75d5315d6ff1b517babda40d6092e
Instruction Fuzzy Hash: E3920B722189C091EA66FB26D4913DE6361EBD9780FC14032B74E475FBEE39C64ACB44

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140057FA8, Relevance: .8, Instructions: 799COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 5389d79643b0ac4fbb88a5a09dd604c50ebc70d633331d63b25c72ff1349835d
Instruction ID: 24c6a08f2f2c81e9f8711b68f3527e98b95ae7a1862210f8b74a74c52caec6bc
Opcode Fuzzy Hash: 5389d79643b0ac4fbb88a5a09dd604c50ebc70d633331d63b25c72ff1349835d
Instruction Fuzzy Hash: BD821E722189C091EA72EB26E8513EE6361E7D97C0F854432BB4D47AFBDE39C549CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001EE68, Relevance: .8, Instructions: 788COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42f9aae4204a20c1ad7a458ee7c4cea6dac6ddcbf2b55fb7165925845b4c38a8
Instruction ID: 1bfaf5ab698a0d9ae5613303a26d9f110d3c3ff749fbc98f4a633123d37236ee
Opcode Fuzzy Hash: 42f9aae4204a20c1ad7a458ee7c4cea6dac6ddcbf2b55fb7165925845b4c38a8
Instruction Fuzzy Hash: 6B8210722185C091EB62EB22E4913EE6361E7D97C0F814422BB5E476FBDF38C549CB44

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140015D04, Relevance: .7, Instructions: 749COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 95e24e1162e7e2bc30efe972119da858425f69c39fa05ba851409c555b647628
Instruction ID: 920128f573a6df5efe4236e20648e1136e231cff84c02c978e49d836db60b591
Opcode Fuzzy Hash: 95e24e1162e7e2bc30efe972119da858425f69c39fa05ba851409c555b647628
Instruction Fuzzy Hash: 827271722046C091EB62EB26E8957EE6351E7D97C0F854032BB4D4B6F7EE39C949CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005AB8, Relevance: .7, Instructions: 734COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83b1d3fd0e59873b1a62db2ebb8bb6e573066433167ecde7839bb4ee1f7043c9
Instruction ID: 131e5f10334d59222fdbfa38ba52a0dfac0fa8d935ea9efde1567ab7b92ce015
Opcode Fuzzy Hash: 83b1d3fd0e59873b1a62db2ebb8bb6e573066433167ecde7839bb4ee1f7043c9
Instruction Fuzzy Hash: E8625072314A8095EA62EB63E8517EE6361EB887C4F854032BB4D4B6F7EF78C549C704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001311C, Relevance: .7, Instructions: 732COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: eb4794b98368f21a08acd6ba6819aa42d0020d61e5edd0424fe7ec2d8b11da71
Instruction ID: 7d3e00ef7f8b77d6f2d9db96002fb8b33bfd6274bdc73e9e7b379e1fc3f11e30
Opcode Fuzzy Hash: eb4794b98368f21a08acd6ba6819aa42d0020d61e5edd0424fe7ec2d8b11da71
Instruction Fuzzy Hash: 417272722186C090EA62EB26E4513EE6350EBD97D0F814132BB9E475F7EF79C54ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140020924, Relevance: .7, Instructions: 722COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: f73690db9b5a8587183ab4c51df3bee25884e92254cb03b188f7bf8eadabecdc
Instruction ID: 2ca85a1ce51d590c58c2f5f5a17bfdc6d1d56331f214241f4508751ea1811159
Opcode Fuzzy Hash: f73690db9b5a8587183ab4c51df3bee25884e92254cb03b188f7bf8eadabecdc
Instruction Fuzzy Hash: 62628732315AC095EA72EB56E4517DE6361E7C8BC0F854022BB8D47ABADF79C949CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140069278, Relevance: .7, Instructions: 683COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1a0b37c037957e5444907fdc230ed2f36dd6b16ab0bee81a4722d15eb4b0668
Instruction ID: 310acda9c1b13f6d042efa74e474366859b2544dd42da5b95d137f1896dce303
Opcode Fuzzy Hash: d1a0b37c037957e5444907fdc230ed2f36dd6b16ab0bee81a4722d15eb4b0668
Instruction Fuzzy Hash: 4062B2322146949BE766CF27CA48B9D3BAAF3197D4F214915EB1D47FA1CB35D8A0CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140003BE0, Relevance: .6, Instructions: 643COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb8042f2b855eccc923c94faf3821d5aff293531844bf818eab061a8db06f88e
Instruction ID: 32f56c3839220215f5f16005f722bddf7b1593d80fe8cb1fb4b4f222351141c8
Opcode Fuzzy Hash: bb8042f2b855eccc923c94faf3821d5aff293531844bf818eab061a8db06f88e
Instruction Fuzzy Hash: 695240B2214A8091EB62EB27E4517EE6360F7C9BC4F854022BF4D4B6B7DE78C949C704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140024AEC, Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 970c5c154e9a9e182c810c69a38f2a3cae1ffc54342486489693101d17487aed
Instruction ID: 4bf821dcf52957490122e6fc1cafd953d9dc1017d867385c966437f434676d3e
Opcode Fuzzy Hash: 970c5c154e9a9e182c810c69a38f2a3cae1ffc54342486489693101d17487aed
Instruction Fuzzy Hash: 8852DF322146C095EB72EB27E8513EE63A0E7897C4F514126F74A4BAFADF78C945CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001B52C, Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b31b28e2edf86c38d3596c6d1d2bf992c3eb360852811ed1c885584141abd5cb
Instruction ID: a4d01e0a7800e832750c45308c571a2334ec4913359ceb715e845cd4d758c668
Opcode Fuzzy Hash: b31b28e2edf86c38d3596c6d1d2bf992c3eb360852811ed1c885584141abd5cb
Instruction Fuzzy Hash: 78424E322186C051EA77EB26D4513EE6355EBD97C0F854022BB4947AFBEF39CA46CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140014EBC, Relevance: .6, Instructions: 588COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c1ef34f86bfdea16c097ada4b734fbeabd557a7b6669e16aa0c8665ad98ee39
Instruction ID: 05968e4ff75533b60fcd67358809277c4dff7cd4020b9ad920af6d05df52b482
Opcode Fuzzy Hash: 1c1ef34f86bfdea16c097ada4b734fbeabd557a7b6669e16aa0c8665ad98ee39
Instruction Fuzzy Hash: 84424C722149C0A5EB72EB22D8513EE6321F799784F854132B78D4B5FBEE78C649CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001154, Relevance: .6, Instructions: 560COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 483838f892f3aac61d19d469ddf40d60e3dcd39bb932287023f7eea49e0f0e7d
Instruction ID: 164d544455cd13f6bec4013cfa0e65fd33a4d2072e82fcc68715056af9019a6e
Opcode Fuzzy Hash: 483838f892f3aac61d19d469ddf40d60e3dcd39bb932287023f7eea49e0f0e7d
Instruction Fuzzy Hash: 85423172214AC091EA62EB66E8517EE6361FBD97C0F854032BB4E476F6EF38C945C704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140013ED4, Relevance: .5, Instructions: 547COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11c2f21c47de4881f26679aefa27b6d6da2db7e8ca3851425d563bfcb0c1d1ec
Instruction ID: 39de981f516b0ad63a261260aa2dcde86496324121fc4c281a1fb5fdd380637f
Opcode Fuzzy Hash: 11c2f21c47de4881f26679aefa27b6d6da2db7e8ca3851425d563bfcb0c1d1ec
Instruction Fuzzy Hash: 46429E72310AC095EB62EF26D8517ED3361EB99784F854032BB4E4B9FADE75CA49C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000AD5C, Relevance: .5, Instructions: 546COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63c82b56dec0c49ade6eaef3eb8440d1f6df54e373198c8b0ed3406f1a9ad9c8
Instruction ID: 60a99d4ef0b1c7e973bb1251653f3025e474467e9f048fe2253034fdf06d99e9
Opcode Fuzzy Hash: 63c82b56dec0c49ade6eaef3eb8440d1f6df54e373198c8b0ed3406f1a9ad9c8
Instruction Fuzzy Hash: E8427D72214AC0A1EAA2EB26E4957EE6360F7D87C4F814022BB4D476F7DF74C589CB05

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140026FF0, Relevance: .5, Instructions: 532COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3816591c7fd1922de8992c47d1936abf363261962e9f0aad0dcbefed70c4d94e
Instruction ID: abfb22bb805949d23a00da26f38a40a8ffa8cc214a749033549688c3725feee1
Opcode Fuzzy Hash: 3816591c7fd1922de8992c47d1936abf363261962e9f0aad0dcbefed70c4d94e
Instruction Fuzzy Hash: 1822CD7231429085EB26FB3798157DE2650BB8DBC8F815025BF0A4BBE7DE38C64AC745

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140011EB4, Relevance: .5, Instructions: 529COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7141ceef4b4dedd609da5343e96cb97d69dcfd29c31bcf9fa5d22da07ff9d68f
Instruction ID: f06b7288c4d4bd07871204d2e710e9ac68a575d934354d7115c346abea651bd3
Opcode Fuzzy Hash: 7141ceef4b4dedd609da5343e96cb97d69dcfd29c31bcf9fa5d22da07ff9d68f
Instruction Fuzzy Hash: 2D329173205684A5EB22EF26E0517DE7320F78DB84F854122FB9D4B6A7DE39D24AC704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003B0C8, Relevance: .5, Instructions: 521COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: d4d1f975f0ac666b2d1849b86ab49f4ff44e3f69e429099da7ddee6efa1c4a5c
Instruction ID: f497070eeeda37cd2b5f4f6a3c36aa9937b2f946b8b60c6fd4ac4d4bf16a8fdc
Opcode Fuzzy Hash: d4d1f975f0ac666b2d1849b86ab49f4ff44e3f69e429099da7ddee6efa1c4a5c
Instruction Fuzzy Hash: 9022AE7231468081EA62EB27E8513EF6351E7D9BD4F814222BB5E477E7EE38C54AC704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001276C, Relevance: .5, Instructions: 519COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32c0b6eb9d287fd225e101a9ab55b1045c95ac9d8cb73a298379f17ec721e247
Instruction ID: c7bcd2560e524489b38f98a7857ba95ec447b58129b26e9f461bf27d36094543
Opcode Fuzzy Hash: 32c0b6eb9d287fd225e101a9ab55b1045c95ac9d8cb73a298379f17ec721e247
Instruction Fuzzy Hash: 56325E7231468091EB22EB22D4513DE6361F799BD5F854132BB4D4B6FBEE38C64ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005ABFC, Relevance: .5, Instructions: 494COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ea0d5a02904cb102063d9faf4d1d1e59cd88dd22a4e58979e891eb56d83b4dd
Instruction ID: b749066ee65fe362809574ebb57d7e1f52cca85a5b6bb8f9c54bceb2c82de3be
Opcode Fuzzy Hash: 9ea0d5a02904cb102063d9faf4d1d1e59cd88dd22a4e58979e891eb56d83b4dd
Instruction Fuzzy Hash: 7A0211762296A48AF777CE1A8418BBF3E96E30E3C0F089121EF57176E1C23AD950D715

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400330C4, Relevance: .5, Instructions: 482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ef24ee24b33de140654d2067a40e8c24d23815499dafe4bd9e4d0db3fa137bb
Instruction ID: 60d4d4323987869f84665cb6ae0716d715488eecb9f561927da2240e35d110df
Opcode Fuzzy Hash: 9ef24ee24b33de140654d2067a40e8c24d23815499dafe4bd9e4d0db3fa137bb
Instruction Fuzzy Hash: 10225372214A84A1EB62EB26D4953DE6361F7D8784F814432B74D476BBEF38C64ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140051620, Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f7fe04f3b7e221b75e8cd446882e90cc173d363caf7ff55cd5f135cf7b3f2b1
Instruction ID: ed2b767acc8c18619810d12ac44cf125cd66551bf44ec9db52a5166d2764bde4
Opcode Fuzzy Hash: 8f7fe04f3b7e221b75e8cd446882e90cc173d363caf7ff55cd5f135cf7b3f2b1
Instruction Fuzzy Hash: 7B02E13231865141FA63EB67A4117EE1791ABCDBC8F410221BF4A8B7F6EE32C846C705

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400362A0, Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 9a8a2112de9708bd6abb3788bbe892dd0b862d962a478255e0d63779c506b7fb
Instruction ID: 436fa2e480cc294b92e4ee261bdc4eac362c4f034c2f68f82cd627fe5c143e0b
Opcode Fuzzy Hash: 9a8a2112de9708bd6abb3788bbe892dd0b862d962a478255e0d63779c506b7fb
Instruction Fuzzy Hash: 81226D322146C091EA73EB26D4553EE6350EBD97C4F858132BB4E475FADE38C94ACB05

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003E8E0, Relevance: .5, Instructions: 457COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff86cb3d3f1e714803c2d7b8856f9fe03df86f32e34b7b2864d6977734e63c0
Instruction ID: c2d3e0c23f61db920edfd1556318e7c30ecea7d1c74c27024d3b8d5a76ca7338
Opcode Fuzzy Hash: dff86cb3d3f1e714803c2d7b8856f9fe03df86f32e34b7b2864d6977734e63c0
Instruction Fuzzy Hash: 7612617221468090EA63E727E4517EFA351EB98BC0F854532BB4D47AF7EE38C54ACB05

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000CEAC, Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9905dc91d12488aa97d7957f265349b3740cfa809ed393c8667b9d5f222eab8
Instruction ID: 5414fda6f51c9c511d83c9211c3f10b3feabaf364110faf69a24053b98e4c13e
Opcode Fuzzy Hash: d9905dc91d12488aa97d7957f265349b3740cfa809ed393c8667b9d5f222eab8
Instruction Fuzzy Hash: 9112B1B231458091EAA2EB26E451BEE6360F7D97C4F815032BB4E479F7DE78C54ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001AD0C, Relevance: .4, Instructions: 449COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b806eb746821e9f35ebf107fa96a61ce50afde6842d3df577d84126047d130a0
Instruction ID: fda6be3ec237923fe9f5f0dc213fc9e4c4912560e6773db89d11bc4dbc5ccab1
Opcode Fuzzy Hash: b806eb746821e9f35ebf107fa96a61ce50afde6842d3df577d84126047d130a0
Instruction Fuzzy Hash: 62127C7220468091EA77EB26E4513EE6354EBC97C0F854032BB4A475F7EF79CA4ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400021C8, Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 595204a9b9463a4788fd995764ed1dcbfa657e0188e98a19218fc12b14178766
Instruction ID: 0c8889d60dca162dd1cd30145a8fb7b7e6fd6cca0af41a049159531b8d7e94ff
Opcode Fuzzy Hash: 595204a9b9463a4788fd995764ed1dcbfa657e0188e98a19218fc12b14178766
Instruction Fuzzy Hash: 991298B2205B8191EA62EB12E548BDE63A5F78CBC0F815022EF4D1B7B5DF78D586C304

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140067663, Relevance: .4, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec9f129dca0404cd4eb89d9feac4bc83178c6938a0250f1c550dbd2474f92119
Instruction ID: f84857d65023bb0b9959cfe63f1243dc611ab175f2cf301fd6e417ff86ed69ff
Opcode Fuzzy Hash: ec9f129dca0404cd4eb89d9feac4bc83178c6938a0250f1c550dbd2474f92119
Instruction Fuzzy Hash: 7A02D1739182948BE326CF16E848FAD7BA6F388395F624615FF8993794D738D840DB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400311B0, Relevance: .4, Instructions: 419COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ecb94485e4021d99172116a1984e693dd3566017fe73d43a1b5a71793864e8e
Instruction ID: 8b507d96c1cbe0c2ecbcab510dfe04252df980b1f1c1554bd079a4c74e77c534
Opcode Fuzzy Hash: 0ecb94485e4021d99172116a1984e693dd3566017fe73d43a1b5a71793864e8e
Instruction Fuzzy Hash: 1A127D7221468091EA63EB26E4953EE6360EBDD7C0F854032BB4E476F7DE39CA45CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AE48, Relevance: .4, Instructions: 414COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57d50e4493d649ec6f08b0ab755ebf80ca4c5f1b1142f1549757ac5b778d8377
Instruction ID: 31afb4075b914bed2b7695b49e41a33128bad52d460a062de6e4064ab516db2a
Opcode Fuzzy Hash: 57d50e4493d649ec6f08b0ab755ebf80ca4c5f1b1142f1549757ac5b778d8377
Instruction Fuzzy Hash: 7B125F72215AC490EB62EB26E4553DE7360E7D8B80F854032B74D476F7EE78C68ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002A20, Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67ab7dca34a33333cb0273754a4356394f94e30c0d26d2f9f77907177381c949
Instruction ID: 9e84e2e5dc75087e1564b8ebe951cdc9a9bb166e846e2a009843290cb6ecd376
Opcode Fuzzy Hash: 67ab7dca34a33333cb0273754a4356394f94e30c0d26d2f9f77907177381c949
Instruction Fuzzy Hash: 73122F722249C091EA62FB26E8957EE6361FBD8784F814032B74D475FBDE78C949CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002C348, Relevance: .4, Instructions: 400COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b75eaf13bd8ab63a2a0946afc728efcf72b91baabeea1edef971cc55ac7bbbbc
Instruction ID: 85f24d3bb5a0f791ff67dff1e7302054a76fe63dcaebd5fed4744a6f54a78ce6
Opcode Fuzzy Hash: b75eaf13bd8ab63a2a0946afc728efcf72b91baabeea1edef971cc55ac7bbbbc
Instruction Fuzzy Hash: D6029236214A9091EA62EB26E454BEF73A0FB88BC4F514126FB8D476F6DF38C945C704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006BE28, Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d612b07937cfa1e5694db9485771d000a9ca6b1c5ec33947b844a1af6287e0a
Instruction ID: 5d755b72472fe60230bb3285c73b61b88c9c6b0aedda874616b054f18f2f5cab
Opcode Fuzzy Hash: 8d612b07937cfa1e5694db9485771d000a9ca6b1c5ec33947b844a1af6287e0a
Instruction Fuzzy Hash: 18E1CE772286E08BD7218F26A801BAEBFA1F389388F509515FB8A43B55C739D954CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036C08, Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aa36090d73968787814dfa041a41a125010eade120fb4e45eccfb4174a6916c
Instruction ID: 7a70bfda75841080f65ae555b7e505d22f6544ee0499e2394e1e549d5b5c8b8a
Opcode Fuzzy Hash: 3aa36090d73968787814dfa041a41a125010eade120fb4e45eccfb4174a6916c
Instruction Fuzzy Hash: 9C025F322149C091EA73EB26E4557DE6361E7D8784F858032B78E479F6EF78C54ACB01

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006D1F0, Relevance: .4, Instructions: 364COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67dcefd65efa97fdf6e6426d41f4cbb4db376ecbab85ba68c67edb907fb79f4c
Instruction ID: 6a02120812094a0ed137d131d253ff0f4048b9e63ce9bd6e874256b598714934
Opcode Fuzzy Hash: 67dcefd65efa97fdf6e6426d41f4cbb4db376ecbab85ba68c67edb907fb79f4c
Instruction Fuzzy Hash: A6E179B2318290A7D31E8F29C6513EDB3A2F759791F509A05EB6B87790E734E970C321

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001E2E4, Relevance: .4, Instructions: 364COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af408ee3ab2999dc2ddd07d61ef8bc19d00c4e817911e2523ea14ddf627f5e80
Instruction ID: 9565bdbfea31f15a641769849ab9d305a38391c77ab3944f6c098f7d26c97f52
Opcode Fuzzy Hash: af408ee3ab2999dc2ddd07d61ef8bc19d00c4e817911e2523ea14ddf627f5e80
Instruction Fuzzy Hash: ADF1CE722189C090EA62F726E8517EE6761E7D97C0F854032BB4D47AF7DE39C549CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140063102, Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62e1e4bf5cc55a3eaca6b7b7cd98166de1f40f909c8ded27d2d86e9ec0acaea5
Instruction ID: 82e08d680a6390378da86792b6607ca9e940cd3545550ab1a3b4b079cae623f1
Opcode Fuzzy Hash: 62e1e4bf5cc55a3eaca6b7b7cd98166de1f40f909c8ded27d2d86e9ec0acaea5
Instruction Fuzzy Hash: 27E136735182E18BE7738F26D8507EE7BA1F3497C4F640912EB8A87AA5CB38C445DB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005C8FC, Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e82729c48a8bb0e60dcbe5acffc1ae3892e87042a428716ee9b0a14022611ed7
Instruction ID: 45cb368d52bea33d50019873d4550a810173569b84cf03d143e4903fc7952072
Opcode Fuzzy Hash: e82729c48a8bb0e60dcbe5acffc1ae3892e87042a428716ee9b0a14022611ed7
Instruction Fuzzy Hash: 0CF16172258BC489E7B6CF16E4417EAB7A0F389BD4F540116EF8917BA9CB39C580CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140068292, Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0373dd68f4967f5e88725c214717e7e9053186580ca92eaa6ee36fb39a378c71
Instruction ID: ad4c30511573bf3415e8390caf8d5b0b4627b5d85cb452bf1f47e15a9a61a444
Opcode Fuzzy Hash: 0373dd68f4967f5e88725c214717e7e9053186580ca92eaa6ee36fb39a378c71
Instruction Fuzzy Hash: F4E1A0726143A08BE772CF1AE448B9D7BA5F359B80F164654FF8A57BA5C734D880CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140029C1C, Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: c06524e4d4ff731c85f68d5639100fb7d7904f645d7f4f1b130c931ec4a9798a
Instruction ID: cda5e18fc3a2f60903d9baf9f887e9a1b44717e2bb2bf840619311c2f194ddd1
Opcode Fuzzy Hash: c06524e4d4ff731c85f68d5639100fb7d7904f645d7f4f1b130c931ec4a9798a
Instruction Fuzzy Hash: FCF1B172205BC081EBA6DB26E4517DE73A0F789BD4F44803AAB8D477A6DF78C895C704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002F278, Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 0b5c78471fe01e7580f6acd7fb241efec1c36093b6b68d7c2dbf4ee5b1eae634
Instruction ID: 69179cdea89a738f355240d139f0edf7c2e4f8b489b3507e122ce3176674e354
Opcode Fuzzy Hash: 0b5c78471fe01e7580f6acd7fb241efec1c36093b6b68d7c2dbf4ee5b1eae634
Instruction Fuzzy Hash: 5BE172322146C091EA62EB26E4553EE6364EBD97C4F824132BB8D475F7DF78CA46CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140026540, Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfb9baac004120fe860310ef707bb782be19fbc09433bbe523dac032a5a12a00
Instruction ID: 45e6ca7a6e7bdab6746189a5672824e734e28c0da8c3ed667a3d887727cabeae
Opcode Fuzzy Hash: bfb9baac004120fe860310ef707bb782be19fbc09433bbe523dac032a5a12a00
Instruction Fuzzy Hash: A7D1657232458092EA67EB56E8517EE6361F789BC0F419032BF5D0B6E7DE78C944CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140047FCC, Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14088c7a5ed04b9db3cca0527b7401b21cf9725a0d8b8a2277737983a1e64f6e
Instruction ID: a923770c6f301ec2082aa607b531da59edb32b68c7c2684cecd6b55d82c4cec2
Opcode Fuzzy Hash: 14088c7a5ed04b9db3cca0527b7401b21cf9725a0d8b8a2277737983a1e64f6e
Instruction Fuzzy Hash: BFD15E7221468591EA62EB23E4517EE6351FB88BD0F424532BF4E476FBDE38C509C748

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003C6B0, Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f26fd36c603f777bfdd34a2badd9c4a467e5181a2e48297ed2f0b43ee2fb6a8
Instruction ID: 56847661ef8f97e2b6a9f4718d631dbda82c0d392b183813c8bb446912749f0f
Opcode Fuzzy Hash: 3f26fd36c603f777bfdd34a2badd9c4a467e5181a2e48297ed2f0b43ee2fb6a8
Instruction Fuzzy Hash: ADC1537231468051EA62EB23E4517EF6351ABC97C0F454431BB4E87AF6EF38C94ACB05

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006AAD8, Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e006301050d09af0594a914fb5112285e1279ce453ba0eede0c90aa28a2322
Instruction ID: a793eeb2d47bd972cd4739d72169585229f26ef3c73c1fe26c3f8e42f5869857
Opcode Fuzzy Hash: c1e006301050d09af0594a914fb5112285e1279ce453ba0eede0c90aa28a2322
Instruction Fuzzy Hash: EDE150766106948BE766DF3AE444BDEB7A1F349B84F208411EB9E83791DB3DE851CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140022C84, Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945add03336ac97403d7872e2a28844371404bf0fcd201e38f392d9974d9e1a1
Instruction ID: 093b09890293c3b9028163432023d48a8fd26ff60f69f152e65130d40716d581
Opcode Fuzzy Hash: 945add03336ac97403d7872e2a28844371404bf0fcd201e38f392d9974d9e1a1
Instruction Fuzzy Hash: 8AD1B27221468491EB62EB26D4517EE6361FBC9BC0F814432BB4D47AFBDE38C849CB05

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001D6C4, Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d38c1bfa92aa5033feeaf8e741f3bee1f6ace9872e99ccd05bd6f9d91849b0d
Instruction ID: b45a19ad935d2ae584adeeaafd9345d3aefae3b8c5eec25843ca36380f0e5bb3
Opcode Fuzzy Hash: 3d38c1bfa92aa5033feeaf8e741f3bee1f6ace9872e99ccd05bd6f9d91849b0d
Instruction Fuzzy Hash: D9C1447221468090FA66FA22E8517EE7351EBD97C0F858032BB4E4B5F7EE79C54AC704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000EB3C, Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53e97327a5fdb9a7f8d870c6f7596de288a99cd07b6cdeb09a736d34bbf74e4f
Instruction ID: 9a8bd49d56b1e208164abed3a2eaa3ff9acc54332056ee5ae6b2ef198d64a711
Opcode Fuzzy Hash: 53e97327a5fdb9a7f8d870c6f7596de288a99cd07b6cdeb09a736d34bbf74e4f
Instruction Fuzzy Hash: 89C180B321458095EB22EF26E4517ED6321F789BC4F854032BB495B6FBDE78C686CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006D904, Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f774ce4d8783887dafbf916ff989042a0e8ee389f27334fb0b914e100e6f2c7
Instruction ID: 742f63a618538df639f564180c81bfe715ce16f0fed6f21ada9b15c4265c68ca
Opcode Fuzzy Hash: 7f774ce4d8783887dafbf916ff989042a0e8ee389f27334fb0b914e100e6f2c7
Instruction Fuzzy Hash: 4AC1E4B76046A4D7D301CF19C884BED3BA9F388BC8FA59526DB6A43351E7B9C954C310

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400479E0, Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbf1044cbaa292fd61d7ac6e4930fc0aa2f0ef1c41f8100e7c61500ba2efb05a
Instruction ID: 9df5d06871ddbacd2daffc333f37d2eb8eb3481e6a6e08769e6c37e926f4298c
Opcode Fuzzy Hash: fbf1044cbaa292fd61d7ac6e4930fc0aa2f0ef1c41f8100e7c61500ba2efb05a
Instruction Fuzzy Hash: A6D1A53220468094FB62EB32E4507ED2790EB897E4F568232BB6D47AFADF74C945C744

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400231DC, Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 175e9a748e3ac7a7f53d37454a524cd1e934fe0216bf76ac95c3c4f9f110c22f
Instruction ID: 67313f059e9d7a2c41518caf16522e13c18e8195cb148257ac4c0ef82fbc2694
Opcode Fuzzy Hash: 175e9a748e3ac7a7f53d37454a524cd1e934fe0216bf76ac95c3c4f9f110c22f
Instruction Fuzzy Hash: A5B1BF7230568095EA66FB26D4517EE6351AB8CBC0F868035BF4E4B7E7EE38C949C704

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002E228, Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 213fe71f932e6b0b2a6a40971fd05a93b78620a4fd3011c3cc6c6aa17b287cf6
Instruction ID: 26d5067383d71e56ec64c44516f53ed37148344395b5bea6d500fdcc472e26b0
Opcode Fuzzy Hash: 213fe71f932e6b0b2a6a40971fd05a93b78620a4fd3011c3cc6c6aa17b287cf6
Instruction Fuzzy Hash: B9B1C273214590A2EB62FB26E4557DE6320F7997C4F814025BB8E4B9F7DE38C64ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035C80, Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68f66674ddde57e1190c8949e3c3727df4adec0edca2ca7875e0ddb092761732
Instruction ID: 11c24946b309041b428f58a6f591f3b0151a9c8f55ae466be750c1eb8b7dbf60
Opcode Fuzzy Hash: 68f66674ddde57e1190c8949e3c3727df4adec0edca2ca7875e0ddb092761732
Instruction Fuzzy Hash: ABB1B43222498051EA72FB22E8517DE7350F7C87E4F454232BB6E576EAEE38C549CB44

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032CC8, Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e7e574ef73f15cd5c0f4e48beb3ca61b9a6ad1c59312355b43c24aeb1df523a
Instruction ID: ec5f3de131154a7fad7775b7b6e04cf334aaa1d10931257122a0c57b036f21ee
Opcode Fuzzy Hash: 4e7e574ef73f15cd5c0f4e48beb3ca61b9a6ad1c59312355b43c24aeb1df523a
Instruction Fuzzy Hash: A8B1703261868081FAA7EA67D4513EF6391EBCC7C4F544036BB4A57AFADE38C546C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140034BF8, Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 330e6456400754802c216a7291a829c0cea5831ee05411500f0fd0e53dbbd9eb
Instruction ID: 043192ac4e57957f27a2040c43260d426793f4f5d38f04c46e21d605b8ad23d1
Opcode Fuzzy Hash: 330e6456400754802c216a7291a829c0cea5831ee05411500f0fd0e53dbbd9eb
Instruction Fuzzy Hash: 0EB17F3221858091FB62E766E4513EF6391F7C97C0F864022BB8D876FADE39C949CB44

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140052110, Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 160bceb4fc89f745f08d7b823cb25b8fffa364c32bad70a06045bef26be589b3
Instruction ID: ea9dc9199cca76e98c13cdffc4ae6b74f642c8d36fc0496a27e4b4c163dad8df
Opcode Fuzzy Hash: 160bceb4fc89f745f08d7b823cb25b8fffa364c32bad70a06045bef26be589b3
Instruction Fuzzy Hash: 35A1D232204A4085FA62EB27E4517EE2795AB8EBD0F460131BF49877F6EF35C846CB10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005497C, Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bd1cd7815a55ec6cfcc4dec7c146e5faf22b70897b76c87a17632d95ce4e695
Instruction ID: f74fe9de8ebbf7e3ba465b2e22e0b48a9f6b8f16c2839c5d36b9050ada8e3523
Opcode Fuzzy Hash: 6bd1cd7815a55ec6cfcc4dec7c146e5faf22b70897b76c87a17632d95ce4e695
Instruction Fuzzy Hash: 53911572305AA041EBF3EA27E4547EE2290EBC87C8F010121BF1987AF5EF36C9458704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140068E58, Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 084ed0ec5b923f6bc89c9be914fd79e54978a6f344408da28a8a2f95e026a4dd
Instruction ID: 4384f26b1d834212b8cda70983afe17c260f3aa7c98ba8c61fd0092cb4358f7c
Opcode Fuzzy Hash: 084ed0ec5b923f6bc89c9be914fd79e54978a6f344408da28a8a2f95e026a4dd
Instruction Fuzzy Hash: 6AA11233A146888BDB52DF3AC488BAD736AFB59784F518321EF09636A1E735D945C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140031928, Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 08d33782e701c723fd0a84b1da37df609725600eb04629a2e0cb800cbdaeaf98
Instruction ID: 7d9660fc1b8a2d1e5e7f5cad4b6e10fa8296a975f0b0489aff90fa135f630cf6
Opcode Fuzzy Hash: 08d33782e701c723fd0a84b1da37df609725600eb04629a2e0cb800cbdaeaf98
Instruction Fuzzy Hash: E7A11E722185C050EB62EB26E8517EE6351E7D97C0F865432BB4E479F6EE38C549CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000F76C, Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2718a3099c481f7672f3e49a1217d3a58518859f336756e63e237042680aded6
Instruction ID: e6519f55a7d2182c3a6645842573f2409047abe28c0139a18592fc590dae0476
Opcode Fuzzy Hash: 2718a3099c481f7672f3e49a1217d3a58518859f336756e63e237042680aded6
Instruction Fuzzy Hash: C3916272204A4491EA12E736E8517EE7361FBD97C0F828022BB4E475B7EE78C945C705

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005B470, Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 973dd57a9dc054770aa409359167b4519dc9372c6b7d6bfa41168b819a0f1849
Instruction ID: 1835e9ea57aa2cd784a8e3bb1e18e15354660f591a2f073ad0cb7535124317d7
Opcode Fuzzy Hash: 973dd57a9dc054770aa409359167b4519dc9372c6b7d6bfa41168b819a0f1849
Instruction Fuzzy Hash: 5981D373204B44C6EB26CF26E4547AEB3A1F788B98F141215EF4A437E0EB75D899C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032964, Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 043ea57eaa309d41ca4083235046fb15db8cce898952c631003648a9f4031b20
Instruction ID: ca5fc7efc7eb25e8290bedf773b7448f7d2c1a984f20dfb83223612a4b11670e
Opcode Fuzzy Hash: 043ea57eaa309d41ca4083235046fb15db8cce898952c631003648a9f4031b20
Instruction Fuzzy Hash: 0381887231568096FEA7AB63A9123EA5241BBCCBC4F495031BF4E0B7B3EE39C4058714

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AA90, Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04878340b934c0be5f456f1bfc2cc877414cf6cf5d8b33ff07ba7d0d6c48375d
Instruction ID: 464f888c2c58cd5c544f284fe6c7dccf4c3ec3dc42bb6d375607104e125b1bd8
Opcode Fuzzy Hash: 04878340b934c0be5f456f1bfc2cc877414cf6cf5d8b33ff07ba7d0d6c48375d
Instruction Fuzzy Hash: 7F91C63221458092FB63EB22D5517EE6352E79A7C0F554026FB4E476FAEE78CC45C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140041AF4, Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07d19fbeddc980f2ad91f4009a231f794db3eb1cab4d65118ab249d6976a3df0
Instruction ID: 5322fe7bad52e7cfdfe3e67a61b331afcd5e07fac9a711bb0cae0bc700a72cc7
Opcode Fuzzy Hash: 07d19fbeddc980f2ad91f4009a231f794db3eb1cab4d65118ab249d6976a3df0
Instruction Fuzzy Hash: AA8194B6704A949AEA1A9B27C9003EC6B61F389BE4F564726EB7A077E1CF34D4518304

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004B288, Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 512656a5e9eb9f9a4ef230b9c8fe6882ced24168cb2a01ebbcd6d67251667c13
Instruction ID: 3719507d48488bc16aa2aa168a2784d4254424dcfb7f1b5eb80ee1e00d89957a
Opcode Fuzzy Hash: 512656a5e9eb9f9a4ef230b9c8fe6882ced24168cb2a01ebbcd6d67251667c13
Instruction Fuzzy Hash: 69918F72204A9082E722DF16E95479EB761F788BD4F528121FB8D07BBADF78C585CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004CCD4, Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c136084e57519f5ba6051a9e5d5fe21de6e48bf843f55d750dc4fefea0b19f14
Instruction ID: 685c2e001e06491338c6389faf311f46e5b9eae3bd43b3dc093b42521d51c0f9
Opcode Fuzzy Hash: c136084e57519f5ba6051a9e5d5fe21de6e48bf843f55d750dc4fefea0b19f14
Instruction Fuzzy Hash: 8F91BF72214A9092E762DF17E444B9EB761F788BC4F129132FB8907BA9DF79C485CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016BFC, Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62d95ec61c58573027082d839b3f04bfb9a021f68868b7a1a9ec0272e42e3b70
Instruction ID: b13e1745205cdd666b056ab2711c81f6197c71d32dc096043af97acd8c512652
Opcode Fuzzy Hash: 62d95ec61c58573027082d839b3f04bfb9a021f68868b7a1a9ec0272e42e3b70
Instruction Fuzzy Hash: C0A19332218AC491EB62EB26E8513DE6321E7D9784F854032B78D475FBEF79C94AC704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140019054, Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fe83876faab28437c0f0944f3f6cd465245d78e6076da5379231bc399ed28fc
Instruction ID: 90130b8c0a8b3265959fcdbed33caf9a69e7398d3126d30cb65c95f0b58065db
Opcode Fuzzy Hash: 9fe83876faab28437c0f0944f3f6cd465245d78e6076da5379231bc399ed28fc
Instruction Fuzzy Hash: F491007221458060EA62F726E4513DE6351FBD97C4F814032BB8E475FBEE79C64ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140014B68, Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 8b23ff2ae7e4cf0f669e23dd3ba3794886c4ebac979e1c210ac52708e374cac5
Instruction ID: f75e8eaf09b9b5a14f5ecdd22e7fb1644c627db0a8208faa295536d16b5e792e
Opcode Fuzzy Hash: 8b23ff2ae7e4cf0f669e23dd3ba3794886c4ebac979e1c210ac52708e374cac5
Instruction Fuzzy Hash: A081E13220868451EFB2EE22E8953EE6350EBD97D0F414222BB4E4B6F7DE39C945C744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140030DC0, Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cabb966c03a2eeae9d8e16fc01ad07935bebb2f41c0ae869436ab30538da606
Instruction ID: a368fa9d8d4c82026e851e09c309caa3cca30390238fcfee25dc27d274b451cd
Opcode Fuzzy Hash: 1cabb966c03a2eeae9d8e16fc01ad07935bebb2f41c0ae869436ab30538da606
Instruction Fuzzy Hash: 44917D7231458490EAA2FB22D4A53EE6351EBD9780F854432BB4E436F7DF38C54ACB05

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001DBB8, Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21081371f53920f5ac979c46a63f25b6be2349b346ed878bb48c51641b11aed9
Instruction ID: 42a0163b4bb8d65bfd0557bea0a1aa1e1866fed524a677b7b3dc3e12b98c5b02
Opcode Fuzzy Hash: 21081371f53920f5ac979c46a63f25b6be2349b346ed878bb48c51641b11aed9
Instruction Fuzzy Hash: AB81727221498090EA63F626E8517EE7391FBD97C0F814432BB4D4B5FAEE79C54AC700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140025FD4, Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 947659c999d374cabc8239c361b209799128cfa13a541e36696f2c14f207d39b
Instruction ID: 7acf7ae80e7117a10c46fd51c4f5b4039ecae92691744995e148274b6ff42c55
Opcode Fuzzy Hash: 947659c999d374cabc8239c361b209799128cfa13a541e36696f2c14f207d39b
Instruction Fuzzy Hash: 8D81D43232498091EAA2EB62E8517EE6361F7C97C4F815132BB4D476F7DE78C949C704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140051DE4, Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba914bfb1722fe8461c8d828070be8c7914c2a0c01ca75f447a6e67495e1c373
Instruction ID: 26c4d40a118159b55fd50ce8481bbdadfdae974e4aa23c8df4225c8ad12fb802
Opcode Fuzzy Hash: ba914bfb1722fe8461c8d828070be8c7914c2a0c01ca75f447a6e67495e1c373
Instruction Fuzzy Hash: 2771B232205A5051FA62EB23E8507EE6695AB8DBD0F454131BF49877F7EF36C84ACB01

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004759C, Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80d2e3e327d5a7fe7dad212aad76cfbd16156e2a1fc745d0a864923a916d63b1
Instruction ID: a8e7c2163ff7f89035dd19893dadf242702611a7cc072c5100bec8aa4adf0413
Opcode Fuzzy Hash: 80d2e3e327d5a7fe7dad212aad76cfbd16156e2a1fc745d0a864923a916d63b1
Instruction Fuzzy Hash: 1D81F4722047808DFB629F36A454FE92B91A7497E8F464724FB6D0BAE5CB76C4488348

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140053094, Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a61ff70b1735897a6e65cad553fa3946b8d5f12fa7b887850c1292a82f5269a
Instruction ID: 949d991729a3740058087c8285a0a3fafd8ee858ccedd776573aeaaa21726734
Opcode Fuzzy Hash: 2a61ff70b1735897a6e65cad553fa3946b8d5f12fa7b887850c1292a82f5269a
Instruction Fuzzy Hash: 4871F33231464041FB66FA3398517EE2281BB9DBD4F844631BF5A4B6F7EE36C60A8704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032648, Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: 8a6dd6ef785f13e8ee87384d98968ba6b09f9f026446b2c891d9a58f51d1d4b1
Instruction ID: 7a6f5970798cd0a6199914ad11449669907be93ed244566221034dc2aed4c959
Opcode Fuzzy Hash: 8a6dd6ef785f13e8ee87384d98968ba6b09f9f026446b2c891d9a58f51d1d4b1
Instruction Fuzzy Hash: 3F819D7221864092EB63FB26E4527EE6351EB887D0F854132BB4E476F7EE78C54AC704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006E34, Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34e1924efc29ea4908f7605881d2dbb6d7480d5efb944a4baa1b5d71ca5d0104
Instruction ID: 0e1d548a6fdd886ac907b9be1ddd075fe8d20a4164d9a87482d9848ddaf2a928
Opcode Fuzzy Hash: 34e1924efc29ea4908f7605881d2dbb6d7480d5efb944a4baa1b5d71ca5d0104
Instruction Fuzzy Hash: 7671A1B270468191FB22EF27F6507EE6A92B789BD4F515131FF4A276F2DA38C8458700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006B428, Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153537a5343418c18e6a8dd97a8f01c241509d2c9d34234fefe811c8f3d7c81c
Instruction ID: d1dc5265b1a6542e57f52560333962e3aa7dbb9f05792d5c9a4d49b9bd892aa8
Opcode Fuzzy Hash: 153537a5343418c18e6a8dd97a8f01c241509d2c9d34234fefe811c8f3d7c81c
Instruction Fuzzy Hash: B171B1B65681204BE31F8E75991976E33A1F319B8FB91A510FE4BC7294C638DE60D720

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140006B88, Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da8a86df3cf83cb4e8da1c5eb141f6abe95f000076dcaba9b3f8801fea3fc22c
Instruction ID: 9303d44b0f888b55fd914570b1496e4313da22429fde8887523cf7199abe0bce
Opcode Fuzzy Hash: da8a86df3cf83cb4e8da1c5eb141f6abe95f000076dcaba9b3f8801fea3fc22c
Instruction Fuzzy Hash: DE618FB270428455FB66EE27B6547FE2692B389BD4F145022FF8A2B6F1DE38C4428704

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400380D0, Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baf03829571a5bd6d958ee7655f571b415b86a91a37bf5666ce9d8e725323376
Instruction ID: 7d32502cbe720c9530575118cdd111e6cd88d533b31e8540eabc0099ba41f30e
Opcode Fuzzy Hash: baf03829571a5bd6d958ee7655f571b415b86a91a37bf5666ce9d8e725323376
Instruction Fuzzy Hash: E4717D7220478491FAA3E726E8917EF6391FBC9780F854022BF4E476E6DE78C549C704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140052D60, Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec691f123b7542507130d76308b1cd466871ad67ca86c5feab269c0745fded00
Instruction ID: 450d9658e18c72a24320ef39066f28bd54ccd01b7f40a6cc1dbddf0ed531c53a
Opcode Fuzzy Hash: ec691f123b7542507130d76308b1cd466871ad67ca86c5feab269c0745fded00
Instruction Fuzzy Hash: CE51A23232424040FA56F633A4517EE5262AFDEBE4F4942317F5A47AFBEE36C5068704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001B74, Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 463aeaad61699cd5be01587d5a2496ec243ad9e719360f80b9b7edd9465feb73
Instruction ID: d50d502c5b6950ae0461b6150da2bcf565a72d99d6952b51ab4612b2f255be3d
Opcode Fuzzy Hash: 463aeaad61699cd5be01587d5a2496ec243ad9e719360f80b9b7edd9465feb73
Instruction Fuzzy Hash: 5561CD763146C095FA62EE2AE4507EE2351EB8ABD4F454222BF4D4B9F7EE38C545CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001FD44, Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 46287f226687e43468413f3ca23f9177d3a3b5df5da645db35826d1c96484477
Instruction ID: 75acd8829386b8b0ac0503c424414e50cb0ba8c5c90cb3cbb265ebcaafce4b08
Opcode Fuzzy Hash: 46287f226687e43468413f3ca23f9177d3a3b5df5da645db35826d1c96484477
Instruction Fuzzy Hash: 10610F3230468091EA72EA22E4993FE6351FB8A7D4F454235BB5D0B6F7DE79C84AC700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004F4C8, Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdf000f3f7188701bd175c1ab86143cdc6e62cf757c15683e73a3b05c78a9dbc
Instruction ID: 4c445678070d573d3ffe1f8fd41cdd125d044eec911f27e9c9b2ec0ee2ab1b10
Opcode Fuzzy Hash: bdf000f3f7188701bd175c1ab86143cdc6e62cf757c15683e73a3b05c78a9dbc
Instruction Fuzzy Hash: 93519C3231864091FA62EA26E8917FA5351EBDDBC4F464031BB4E4B5F7EE38C945C708

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140024718, Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 688c7f89327c9c691013af710b6af6f2dc0e60627eb5af531dd4333ff77a0454
Instruction ID: 08b028d38f2970c18d3941a06827fd8d902d0db97e7e9764b0950f2e26ae78e0
Opcode Fuzzy Hash: 688c7f89327c9c691013af710b6af6f2dc0e60627eb5af531dd4333ff77a0454
Instruction Fuzzy Hash: FA51B373700780A6F75BDB3A99553ED7791F3C9B80F09803AAB0A036A2DF349565C344

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400356F4, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f660083105691a24a2eba1d96fc9466d9c709d4afaea87c2ec71672e9e71eb2
Instruction ID: 3e6008192b08b4dc09db711a0915997e581a547a489de3b56ce43fc4cd696c11
Opcode Fuzzy Hash: 6f660083105691a24a2eba1d96fc9466d9c709d4afaea87c2ec71672e9e71eb2
Instruction Fuzzy Hash: 13511F722246C091EA62F726E8517EE6351EBD97C0F859032BB4D47AF7EE38C549CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140018DE8, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d84c55e5145004b7beb3c5b68b425cf42ccfd0524be11d64061ebe68b0c2eda2
Instruction ID: af14db1f92581e26ac38af4f5c9fbbc26fdd1c4040d517091160ba046d99126a
Opcode Fuzzy Hash: d84c55e5145004b7beb3c5b68b425cf42ccfd0524be11d64061ebe68b0c2eda2
Instruction Fuzzy Hash: 0751FC7232858051EA66F632D4513EEA751EBD97C1F814432BB4E476FBEE38C64ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004F708, Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: eabab95ca488f1205fed220a1f2511db3b9657e8eab3f0f3ef8a4cee80011f85
Instruction ID: 198caa2341a95bea27265698d566bcab50ef7c1f64eca98a30c9385584aa5f13
Opcode Fuzzy Hash: eabab95ca488f1205fed220a1f2511db3b9657e8eab3f0f3ef8a4cee80011f85
Instruction Fuzzy Hash: E951D33220458051FAB2EA22E4553FA2351EBDA3C8F464235BF8E4B5F7DE39C946D704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035268, Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: ea47462e671e5be7fe71eea89116b64ae72beb432e6604e4bfbab429c59d0f22
Instruction ID: 3eb52e73a32a3855d1951ff3b450e29d53ef01050f9ca171b19d4841cb5f2f7a
Opcode Fuzzy Hash: ea47462e671e5be7fe71eea89116b64ae72beb432e6604e4bfbab429c59d0f22
Instruction Fuzzy Hash: 1861E2722086C091F7A2EB26E4917DE7791F7C9784F814026BB8D07AE6DF79C549CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400215FC, Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 5cd5e49297754038ff689e128f699a63948eab88f8cceeb6288ffc9c4f040e2f
Instruction ID: f337c8dd6029e041a48329aefd06710d2d64e9ddbab3d94a7437e77041eafbf0
Opcode Fuzzy Hash: 5cd5e49297754038ff689e128f699a63948eab88f8cceeb6288ffc9c4f040e2f
Instruction Fuzzy Hash: 605183722245D091EA62EB26E4517EE6361FBD97C0F825022BB4E479E7DE38C949CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003F0FC, Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d024d83c187bbab00ed137c42155944f988efa24ca2fc813bd07a877cf64281
Instruction ID: 90f20d4007570bc01b8c07b977e1dcc6c37cf6ca34048912c138e8e6b9267239
Opcode Fuzzy Hash: 6d024d83c187bbab00ed137c42155944f988efa24ca2fc813bd07a877cf64281
Instruction Fuzzy Hash: 9651BCB220478086EB46EFA7A8457ABA791F78CBD4F05402ABF4D47BA6DF78C451C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140026A24, Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9ff6c94233a3290197520457a41f485d7b3ea2bcc658af81785093760b9d261
Instruction ID: a9c9ae6313f60de290384c2a0026f40a1e6e70301aec51650f1626b88888666d
Opcode Fuzzy Hash: b9ff6c94233a3290197520457a41f485d7b3ea2bcc658af81785093760b9d261
Instruction Fuzzy Hash: 4651443721929085EB27EF3AC0547DE2760E78E3C4F851025FB8A57BA3DA38C546CB05

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140068928, Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c177517244b934963845247481af7694056c56fe069a37809a97af90c50bac7
Instruction ID: f03825c870c7897c15dd0659bd33f2866f4c8df2145a493c11cc7e2212e8a87f
Opcode Fuzzy Hash: 3c177517244b934963845247481af7694056c56fe069a37809a97af90c50bac7
Instruction Fuzzy Hash: F351B2735242548BF73ACF16D848BAD3AA6E308791F265B25FF5A476E1D734C880CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032214, Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc7720e5aa7ae08a88ebdf659d5e35100d059536340daadff2200fcf4b25bff
Instruction ID: 97dcdf415850c04c601ef4d8881f7bd9504b67c2dc37d1aa1e8fa488e6a96362
Opcode Fuzzy Hash: 1dc7720e5aa7ae08a88ebdf659d5e35100d059536340daadff2200fcf4b25bff
Instruction Fuzzy Hash: 4641EE3331024066EB13EB27991ABEF6351BB99BC4F954421BF0A5B6B2EE38C542C704

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140046264, Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d168cf2973793bcb110853d077d7ae3e60aaa90b8eae0d5f2a53e04c6bbb512b
Instruction ID: a1f04e5562d603e187753cea740b756eab9e3e8f033bece5f16d7fa62bbf4908
Opcode Fuzzy Hash: d168cf2973793bcb110853d077d7ae3e60aaa90b8eae0d5f2a53e04c6bbb512b
Instruction Fuzzy Hash: E9413673A141E446F67B8D3799003ED5241934D7D6E8B4230FF27076E2EA74DE818A0B

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140044584, Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: FileFindInformationNextToken
String ID:
API String ID: 176754387-0
Opcode ID: cf80360cfbd6326cb3ad165955db3191b845f040089cc22907cf4a9a67f71642
Instruction ID: 9f07d43f2bd18b8c0010053b0f47ab6d30f8f422700b47ca7dffd7d84ffb5a49
Opcode Fuzzy Hash: cf80360cfbd6326cb3ad165955db3191b845f040089cc22907cf4a9a67f71642
Instruction Fuzzy Hash: 5451833220858051EB62EA26E4553EE6361EB9A7C4F964232BB4D079FADF3CC54AC744

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AB7A, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e6ac659c35900d0f535728fc485e7903ef7d2aff14035ff360d089b83ec790e
Instruction ID: 143a0a160b94ef87670d09ddd976b80085c7f4634abf2ccc5a4579e5d4583ff0
Opcode Fuzzy Hash: 4e6ac659c35900d0f535728fc485e7903ef7d2aff14035ff360d089b83ec790e
Instruction Fuzzy Hash: 6951D77231458482EB62EB26D5517EE6352FBDA3C0F515032BB4E47AFADE38C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AB7F, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e97d0dbce4894821a03c89f1eb66c937ad2870ae0d26b1739d34f8790cd097f
Instruction ID: 8a081f3fbd87f0e93475713d3af930fef2e280dcc2147cd541aaab14f4a83651
Opcode Fuzzy Hash: 9e97d0dbce4894821a03c89f1eb66c937ad2870ae0d26b1739d34f8790cd097f
Instruction Fuzzy Hash: 7351D97231458482E762EB26D5517EE5352FBDA3C0F515031BB4E47AFADE38C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AB84, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 604d4665dc2c69dd3f6f25cfd86c88c2dab676154981d3104d1eb1ef9dd7231e
Instruction ID: e970ee9b9311b66497e28943d4ac05bbd75f9dfab10fae3abb4a733bd6dacf89
Opcode Fuzzy Hash: 604d4665dc2c69dd3f6f25cfd86c88c2dab676154981d3104d1eb1ef9dd7231e
Instruction Fuzzy Hash: B151D77231458482EB62EB26D5517EE6352FBDA3C0F515032BB4E47AFADE38C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AB89, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59cdf25f44102b9ac5f6275a33add8df0b7402fb5cf732135b59e0a27e5ee781
Instruction ID: 425f8b827db5a98ca1d212d2169699493a823b0fff3d9b1172a4de758f02bfbd
Opcode Fuzzy Hash: 59cdf25f44102b9ac5f6275a33add8df0b7402fb5cf732135b59e0a27e5ee781
Instruction Fuzzy Hash: A751D77231458482EB62EB26D5517EE6352FBDA3C0F515032BB4E47AFADE38C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AB8E, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95538e9a8a41a51c16fcf38a154459da308676d6155d74623d2b6a3d5271f22d
Instruction ID: 29032a6bc9e14c885bb641d1670f685e298fa1e735bb3a79d3164f234e4fe301
Opcode Fuzzy Hash: 95538e9a8a41a51c16fcf38a154459da308676d6155d74623d2b6a3d5271f22d
Instruction Fuzzy Hash: FF51D77231458482EB62EB26D5517EE6352FBDA3C0F515032BB4E47AFADE38C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AB93, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 036239ed83a3a3fbdfed76389cbd163b3d54d9d819646384fb5d75ff7f9c6d8f
Instruction ID: bd56e2702dfe8df73c092647a9b599ac84cdbed630297b30843a147f9c36b8ce
Opcode Fuzzy Hash: 036239ed83a3a3fbdfed76389cbd163b3d54d9d819646384fb5d75ff7f9c6d8f
Instruction Fuzzy Hash: 9551D77231458482EB62EB26D5517EE6352FBDA3C0F515032BB4E47AFADE38C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AB98, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9824617f6538e23f2efb2ee2563c086b4edffb0fcdce4b1d77014d0b8a626a91
Instruction ID: dc67bd505ec4cffd83a7e6f580c77948f19b4fa0b0d15da92b556df9b9615608
Opcode Fuzzy Hash: 9824617f6538e23f2efb2ee2563c086b4edffb0fcdce4b1d77014d0b8a626a91
Instruction Fuzzy Hash: 3851D77231458482EB62EB26D5517EE6352FBDA3C0F515032BB4E47AFADE38C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002AB9D, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4fea45eacb6b25e037501d30eb9cceaba139555d1cabbf1be797399fc93f639
Instruction ID: 4a259fd6c7d332a945260aa488340a7c6b73232464ec90235efb4461374f366a
Opcode Fuzzy Hash: c4fea45eacb6b25e037501d30eb9cceaba139555d1cabbf1be797399fc93f639
Instruction Fuzzy Hash: 1451D77231458482EB62EB26D5517EE6352FBDA3C0F519032BB4E47AFADE38C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002ABA2, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83c239fb484fcea2a3a78659bdcd1788d043a9759bafd958e3546bb6c3c60512
Instruction ID: ebf1c4f49a204f1cbeb98ae3c8a93ece1bb0fafb9feb69452c2789754ae34731
Opcode Fuzzy Hash: 83c239fb484fcea2a3a78659bdcd1788d043a9759bafd958e3546bb6c3c60512
Instruction Fuzzy Hash: 0751D77231458482EB62EB26D5517EE6352FBDA3C0F515032BB4E47AFADE38C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002ABA7, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b92f0a4dbafe468703e3168dd83c3483fb3ef64ca697333e460d93db5ba40aa1
Instruction ID: 03f15185f23b23a734dbaafc8cfb2b1697e6598f703da8bc8b5b34a77580e0f8
Opcode Fuzzy Hash: b92f0a4dbafe468703e3168dd83c3483fb3ef64ca697333e460d93db5ba40aa1
Instruction Fuzzy Hash: AE51D77231458482EB62EB26D5517EE6352FBDA3C0F515032BB4E47AFADE38C949C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005343C, Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2ea3436d03751496e77ce9bd5117939811b28904932c1fccd0b617f358895e8
Instruction ID: 7e347492f39847182a2b500db4f79634476029136cca2c3785cbc21c18c38b40
Opcode Fuzzy Hash: a2ea3436d03751496e77ce9bd5117939811b28904932c1fccd0b617f358895e8
Instruction Fuzzy Hash: 9441DF32214A4491FBABDA2799117EA2A91F7C97D4F859121FB4B073F2EB32C861C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140026C30, Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28d64d73645ea6a03bce64af8220a40d6d724a1954fd1769bbf00cb0463ed6e7
Instruction ID: 2af6f1c9e92d73fd308a379bef39af4e96c6a9023f3a98445739356550a7e9c7
Opcode Fuzzy Hash: 28d64d73645ea6a03bce64af8220a40d6d724a1954fd1769bbf00cb0463ed6e7
Instruction Fuzzy Hash: 875149766017D085E742EF2AD859BDD3BA6F79D748F9A802AAB0E43262DF31C549C304

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140053644, Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2ea06220dc76028948e9f6e0ae162ff853a9e89af2c3e8ab71d00c7f94d605
Instruction ID: 3ba0b29ec795d38afbb48cfb99f4fb2344dff9fe09c7df4aec90b71c361543a5
Opcode Fuzzy Hash: cb2ea06220dc76028948e9f6e0ae162ff853a9e89af2c3e8ab71d00c7f94d605
Instruction Fuzzy Hash: 17416D7231864051E616FA33E8527DEA351BBD9BD0F824032BF4A47AB7EE39C546CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140050DA8, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bd4a4ae4039013f202ade2474416138ef04a818b16ced90649bf8042ebd644f
Instruction ID: cb64edaac42ec8557eb0a3d6d85671ae8d5bcff6e28e0bdacdf9be62f7ee0853
Opcode Fuzzy Hash: 2bd4a4ae4039013f202ade2474416138ef04a818b16ced90649bf8042ebd644f
Instruction Fuzzy Hash: A241C27231454040FA66FA2BE8523EE5262EBD97D0F918431BB4F4BAFAED39C506C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140050BF4, Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ecc088b509f11d5ae4bfc7dff9585ad196cfc5ab59e79b9aaf3cc86e5b175bcb
Instruction ID: 941524e861ce51f6328a9b2c59bb9bdcf64462bf13cb282e872174707d41dfb1
Opcode Fuzzy Hash: ecc088b509f11d5ae4bfc7dff9585ad196cfc5ab59e79b9aaf3cc86e5b175bcb
Instruction Fuzzy Hash: DA418E7232448051EAA2FB2BD4617EE5662FBCA7C0F854122BB4F476FADD39C545CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001CAC8, Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3df8d26002c446663eff42be16dbdffc3a98f82015dcb5e610e740cfa650d62
Instruction ID: 0a014d50f813c8ea1b85f766fe6b2b30482370fe1ba7d80fb1cbcbe2f5a52d6b
Opcode Fuzzy Hash: f3df8d26002c446663eff42be16dbdffc3a98f82015dcb5e610e740cfa650d62
Instruction Fuzzy Hash: 6631AE3632065051FA53EB27A81ABDF2255BBCABC8F455421BF0E4B2B3EE36C546C304

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140024940, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76ac7770237754c879823d738c5c7df96058171ce9c6fe1874b4a266795b4d94
Instruction ID: 560b60485f3885514a8b944888e17dcf678349c50ba9748416b9f5e684109964
Opcode Fuzzy Hash: 76ac7770237754c879823d738c5c7df96058171ce9c6fe1874b4a266795b4d94
Instruction Fuzzy Hash: 3B5167736027C089E762DF3AC8943DD3BA2F399748F99802AA74D4766ADF31C259C744

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001CD24, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86909508e0f15979cc572a096e662d88746b4ea3823a3a7dd9e120ae772e3bc6
Instruction ID: 2227912e94398942fc4ec4e906928f8a2e101598a5de672bd5b0a8326d344fcc
Opcode Fuzzy Hash: 86909508e0f15979cc572a096e662d88746b4ea3823a3a7dd9e120ae772e3bc6
Instruction Fuzzy Hash: 0E31833232069050F657EB27A925BEF2752BBC97C8F555021BF0A176B7EE36C146C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005918, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2058832922cf76d17ec304d2a11e9d83bf698163b794ed7b98266a9db9f2da5f
Instruction ID: 7ad2512ab1d92147d7b1f5df1382b4771a69ff2b0e55fa04a2fd80408f6768bf
Opcode Fuzzy Hash: 2058832922cf76d17ec304d2a11e9d83bf698163b794ed7b98266a9db9f2da5f
Instruction Fuzzy Hash: 68310836710680A6E79AEB3ADA513DD73A2F7D9340F498032A31E435A6DF31E57AC304

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140004E68, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.749028541.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.748524984.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.752369201.000000014006E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.753816795.000000014007D000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.755536417.000000014007E000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.756275898.0000000140083000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d051917b15e5768cf15bdf79bda9ec86629f8c9852e1d184f2c27e00891fe61f
Instruction ID: ae94ff5fe79290a2be1c67a1a164642d05d9ed7b0d764c683e01a8c5fcd7cc45
Opcode Fuzzy Hash: d051917b15e5768cf15bdf79bda9ec86629f8c9852e1d184f2c27e00891fe61f
Instruction Fuzzy Hash: 4231B636711680A2F79EE73ACA553DD7252F7D9380F49C132A31A431A7DF31A5798304

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 5612 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 00000258F3E12251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00000258F3E123A9
VirtualProtect.KERNELBASE ref: 00000258F3E1246A
RtlAvlRemoveNode.NTDLL ref: 00000258F3E125AC
VirtualProtect.KERNELBASE ref: 00000258F3E12672

Memory Dump Source

Source File: 00000003.00000002.764019176.00000258F3E10000.00000040.00000001.sdmp, Offset: 00000258F3E10000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: 8329e25df113cbcd586ebb9e934c3cab465e2d038b12bf99a6ac1cd6915b7fe0
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: 0BB13476618BC586DB70CB1AE84079AB7A1F789B80F508026EEC953F59DF7DC8418F44

Uniqueness

Uniqueness Score: -1.00%

Function 00000258F3E12057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,00000258F3E1298F), ref: 00000258F3E120A4

Memory Dump Source

Source File: 00000003.00000002.764019176.00000258F3E10000.00000040.00000001.sdmp, Offset: 00000258F3E10000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: 390664c6f65d50e9ed5f804f11f4fe253a231dfae25c1cff93101b0c4a78a290
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: BE3156B2624B8486D790DF1AE45575A7BA1F789BC4F204026EF8D97B28DF3AC442CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 4716 Parent PID: 5468 rundll32.exeCOMMON

Executed Functions

Function 000002D98CFC2251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 000002D98CFC23A9
VirtualProtect.KERNELBASE ref: 000002D98CFC246A
RtlAvlRemoveNode.NTDLL ref: 000002D98CFC25AC
VirtualProtect.KERNELBASE ref: 000002D98CFC2672

Memory Dump Source

Source File: 00000004.00000002.763109597.000002D98CFC0000.00000040.00000001.sdmp, Offset: 000002D98CFC0000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: e93fc0660f5dcee17a01a07b5427d36c2d8019651865c8e6c739293dbcae8bd4
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: 87B13576719BD486E770CB1AE44079EB7A1F7C9B80F108026EE8993B58DB79C891DF40

Uniqueness

Uniqueness Score: -1.00%

Function 000002D98CFC2057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,000002D98CFC298F), ref: 000002D98CFC20A4

Memory Dump Source

Source File: 00000004.00000002.763109597.000002D98CFC0000.00000040.00000001.sdmp, Offset: 000002D98CFC0000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: a8f08349d7e467d7bc5bf74544f06f5342e646b62cf67c7bd39ce4d88ded7d10
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: 413147B2715A9486D790DF1AE05475A7BA1F389BC4F208026FF8D87B18DB3AC842CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 7056 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 0000027E1B942251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 0000027E1B9423A9
VirtualProtect.KERNELBASE ref: 0000027E1B94246A
RtlAvlRemoveNode.NTDLL ref: 0000027E1B9425AC
VirtualProtect.KERNELBASE ref: 0000027E1B942672

Memory Dump Source

Source File: 00000007.00000002.764221416.0000027E1B940000.00000040.00000001.sdmp, Offset: 0000027E1B940000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: 8e12e6be124d6bec96843cbc7c5ee7e52e38be772427740691a318361b20db39
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: BEB152B6618BC486DB70CB1AF44179EB7A1F7C9B80F518026EE8D57B58DB79C8428F40

Uniqueness

Uniqueness Score: -1.00%

Function 0000027E1B942057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,0000027E1B94298F), ref: 0000027E1B9420A4

Memory Dump Source

Source File: 00000007.00000002.764221416.0000027E1B940000.00000040.00000001.sdmp, Offset: 0000027E1B940000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: 4ed113cf13951c2ed15198d830ec971123eeaf1b8cf7a79705a10586df324417
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: 863158B2618B9086D790DF1AF45575A7BA1F389BC4F204026EF8D87B18DF3AC842CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 5184 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 00000227BE602251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00000227BE6023A9
VirtualProtect.KERNELBASE ref: 00000227BE60246A
RtlAvlRemoveNode.NTDLL ref: 00000227BE6025AC
VirtualProtect.KERNELBASE ref: 00000227BE602672

Memory Dump Source

Source File: 00000008.00000002.764313108.00000227BE600000.00000040.00000001.sdmp, Offset: 00000227BE600000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: 787fa8082b52b7d507805a7961b0a010e04cff217d6acb45f7ee5b7e06f7f3d8
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: CFB15476618BD486D770CB5AF48079EB7A0F7C9B84F508026EE8953B5ADB7DC8418F40

Uniqueness

Uniqueness Score: -1.00%

Function 00000227BE602057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,00000227BE60298F), ref: 00000227BE6020A4

Memory Dump Source

Source File: 00000008.00000002.764313108.00000227BE600000.00000040.00000001.sdmp, Offset: 00000227BE600000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: f7e8929bfb55ab1c1f4d3deff846eb500886b1146d65495979516b32ebe85e16
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: 98316D72618B9086D790DF5AE49475A7BB1F789BC8F604026EF8D87B19DF3AC442CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 1360 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 0000021A99AB2251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 0000021A99AB23A9
VirtualProtect.KERNELBASE ref: 0000021A99AB246A
RtlAvlRemoveNode.NTDLL ref: 0000021A99AB25AC
VirtualProtect.KERNELBASE ref: 0000021A99AB2672

Memory Dump Source

Source File: 00000009.00000002.763720780.0000021A99AB0000.00000040.00000001.sdmp, Offset: 0000021A99AB0000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: 0b9b0941d473d814bc9a6043a8eaae77ce5e40339d637b6c6a917a19c73742c3
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: 78B14276619BC486DB70CF1AF4407DAB7A0F799B80F508026EE8953B59DB7DC8828F40

Uniqueness

Uniqueness Score: -1.00%

Function 0000021A99AB2057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,0000021A99AB298F), ref: 0000021A99AB20A4

Memory Dump Source

Source File: 00000009.00000002.763720780.0000021A99AB0000.00000040.00000001.sdmp, Offset: 0000021A99AB0000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: bea7069ce2504d67c3083688daa96efbe1bbe1739e4666b8a6123fab6fb9f4d7
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: 8B316B72615B8486D790DF1AE09479A7BB1F389BC4F204026EF8D87B18DF3AC482CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 1520 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 00000223E31C2251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00000223E31C23A9
VirtualProtect.KERNELBASE ref: 00000223E31C246A
RtlAvlRemoveNode.NTDLL ref: 00000223E31C25AC
VirtualProtect.KERNELBASE ref: 00000223E31C2672

Memory Dump Source

Source File: 0000000B.00000002.765832725.00000223E31C0000.00000040.00000001.sdmp, Offset: 00000223E31C0000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: 3970ab02e2aa9520897bb0a02e32f67a4ac9b68c45e847c2638bb9dad19c6778
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: FCB15776618BC486DB70CB5AE4407AEB7A0F7C9B80F10802ADE8857B59DB7DC946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00000223E31C2057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,00000223E31C298F), ref: 00000223E31C20A4

Memory Dump Source

Source File: 0000000B.00000002.765832725.00000223E31C0000.00000040.00000001.sdmp, Offset: 00000223E31C0000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: 6d1d2865f2f58033ed7e7187f12a19706e8cf00022b8bdc120a0527e83a42e0b
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: C63169B2614B8086D790DF5AE05576A7BB1F789BC4F204026EF8D87B18DF3AC446CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 3912 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 0000029AB0A32251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 0000029AB0A323A9
VirtualProtect.KERNELBASE ref: 0000029AB0A3246A
RtlAvlRemoveNode.NTDLL ref: 0000029AB0A325AC
VirtualProtect.KERNELBASE ref: 0000029AB0A32672

Memory Dump Source

Source File: 0000000C.00000002.765290753.0000029AB0A30000.00000040.00000001.sdmp, Offset: 0000029AB0A30000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: 6acde107e1e481f167ceb268c3080b8c5ad29a53ba1bca1f89afcf900c1903eb
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: 3BB153B6618BD486D770CB1AF45079EB7A0F7D9B84F10802AEE8957B58DB7DC8418F80

Uniqueness

Uniqueness Score: -1.00%

Function 0000029AB0A32057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,0000029AB0A3298F), ref: 0000029AB0A320A4

Memory Dump Source

Source File: 0000000C.00000002.765290753.0000029AB0A30000.00000040.00000001.sdmp, Offset: 0000029AB0A30000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: 5bb4ab23047769ae884f44cfe0a79e4833f5606066c8564c67390b8436922600
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: CF3169B2614B9086D790DF1AE45575A7BB1F389BC8F205026EF8D87B28DF3AC442CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 5624 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 000001A4157B2251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 000001A4157B23A9
VirtualProtect.KERNELBASE ref: 000001A4157B246A
RtlAvlRemoveNode.NTDLL ref: 000001A4157B25AC
VirtualProtect.KERNELBASE ref: 000001A4157B2672

Memory Dump Source

Source File: 0000000E.00000002.769825199.000001A4157B0000.00000040.00000001.sdmp, Offset: 000001A4157B0000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: 1949b7757f41c2bba216371a7a5deab844d087169ec10c99dbebf0af6d405dfc
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: E3B153B6619BC486D770CB1AF4417DEB7A1F7C9B80F148026EE8953B58DB79C8818F84

Uniqueness

Uniqueness Score: -1.00%

Function 000001A4157B2057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,000001A4157B298F), ref: 000001A4157B20A4

Memory Dump Source

Source File: 0000000E.00000002.769825199.000001A4157B0000.00000040.00000001.sdmp, Offset: 000001A4157B0000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: 7135f69264bbc2a766c76fff28266b99f2342ecd79e95fb070c2e0b6e16897fe
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: CD3158B2615B8486D790DF1AF05579A7BA1F389BC4F204026EF8D87B18DF3AC442CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 6764 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 000001EE25892251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 000001EE258923A9
VirtualProtect.KERNELBASE ref: 000001EE2589246A
RtlAvlRemoveNode.NTDLL ref: 000001EE258925AC
VirtualProtect.KERNELBASE ref: 000001EE25892672

Memory Dump Source

Source File: 00000012.00000002.769874591.000001EE25890000.00000040.00000001.sdmp, Offset: 000001EE25890000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: 4838ab6806410edf79407f3faa03d16611b0182d27c1ed62bb0e54a82c6c5a41
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: 19B132B6618BC586D7708F1AF4407DEB7A5F789B80F108026EF8A53B58DB79C8558F40

Uniqueness

Uniqueness Score: -1.00%

Function 000001EE25892057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,000001EE2589298F), ref: 000001EE258920A4

Memory Dump Source

Source File: 00000012.00000002.769874591.000001EE25890000.00000040.00000001.sdmp, Offset: 000001EE25890000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: 040313d80392070508c7068ac1fe241b35f6eb827d883a55b77b2cb978189d6f
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: E7314972618A8086D790DF1AF45479A7BA1F389BC4F204026EF8E87B18DB3AC446CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 2892 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 000001DEC46C2251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 000001DEC46C23A9
VirtualProtect.KERNELBASE ref: 000001DEC46C246A
RtlAvlRemoveNode.NTDLL ref: 000001DEC46C25AC
VirtualProtect.KERNELBASE ref: 000001DEC46C2672

Memory Dump Source

Source File: 00000013.00000002.765098794.000001DEC46C0000.00000040.00000001.sdmp, Offset: 000001DEC46C0000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: 6478cac3c017d09327e68c0e10d69a27ddba7933c174a5db8252f6b13238c2e4
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: A3B132B6618BC586D770CB1AE440BDEB7A1F7C9B80F508026EE8957B59DB7DC8418F40

Uniqueness

Uniqueness Score: -1.00%

Function 000001DEC46C2057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,000001DEC46C298F), ref: 000001DEC46C20A4

Memory Dump Source

Source File: 00000013.00000002.765098794.000001DEC46C0000.00000040.00000001.sdmp, Offset: 000001DEC46C0000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: 5fbf8766fabbd64fcfb4983b6b8b0020c75752c7e044793641c8846c40e1819d
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: E13158B2614B8086D790DF1AE05479A7BA1F389BC4F204026EF8D87B18DF3AC442CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 3444 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 0000020E68112251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 0000020E681123A9
VirtualProtect.KERNELBASE ref: 0000020E6811246A
RtlAvlRemoveNode.NTDLL ref: 0000020E681125AC
VirtualProtect.KERNELBASE ref: 0000020E68112672

Memory Dump Source

Source File: 00000017.00000002.766541787.0000020E68110000.00000040.00000001.sdmp, Offset: 0000020E68110000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: ea471018cd7ec23c205a703fc9c2a23ed8937a106f0d01c144edcfaba0c6ef64
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: 44B16676619BC486DB70CB1AF44079AB7A0F7DAB80F108126DEC953F59DB79C8828F40

Uniqueness

Uniqueness Score: -1.00%

Function 0000020E68112057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,0000020E6811298F), ref: 0000020E681120A4

Memory Dump Source

Source File: 00000017.00000002.766541787.0000020E68110000.00000040.00000001.sdmp, Offset: 0000020E68110000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: 04331fa8ace307f4c49e1f47724a9e461bce480506e595ce2793cbb3777e3e49
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: F5315C72615B8486D790DF1AF45475A7BA1F389BC4F205026EF8D87B18DF3AC442CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 784 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 000001B67D862251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 000001B67D8623A9
VirtualProtect.KERNELBASE ref: 000001B67D86246A
RtlAvlRemoveNode.NTDLL ref: 000001B67D8625AC
VirtualProtect.KERNELBASE ref: 000001B67D862672

Memory Dump Source

Source File: 0000001A.00000002.760732828.000001B67D860000.00000040.00000001.sdmp, Offset: 000001B67D860000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: 7e462348b1912b58832c78e268d14a68ab998a93ba6badefa3f6bcf8a76ecd02
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: 04B151B7618BC586DB70CB1AE4407DEB7A1F799B94F108026EE8853B59EB7DC8418F40

Uniqueness

Uniqueness Score: -1.00%

Function 000001B67D862057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,000001B67D86298F), ref: 000001B67D8620A4

Memory Dump Source

Source File: 0000001A.00000002.760732828.000001B67D860000.00000040.00000001.sdmp, Offset: 000001B67D860000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: 0c0cf73e3a195218009839f07aa4502fadc2fbaf08bf3a0e1f8637cad6e52adf
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: 7B3158B2614B8086D790DF1AE05479E7BA1F389BD8F204026EF8D87B19DF3AC442CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 3692 Parent PID: 396 rundll32.exeCOMMON

Executed Functions

Function 0000022C50FC2251, Relevance: 6.2, APIs: 4, Instructions: 230memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 0000022C50FC23A9
VirtualProtect.KERNELBASE ref: 0000022C50FC246A
RtlAvlRemoveNode.NTDLL ref: 0000022C50FC25AC
VirtualProtect.KERNELBASE ref: 0000022C50FC2672

Memory Dump Source

Source File: 0000001B.00000002.769972477.0000022C50FC0000.00000040.00000001.sdmp, Offset: 0000022C50FC0000, based on PE: true

Similarity

API ID: ProtectVirtual$NodeRemove
String ID:
API String ID: 3879549435-0
Opcode ID: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction ID: ec9e0c98e8563bf091330fcdab096b10f2560748e229c9d12ffe96785ca3baf4
Opcode Fuzzy Hash: 0acfb9d5d91a34fd4850f9c0972c2330b64bc38d9314faaca5f27afd7144933b
Instruction Fuzzy Hash: 64B154B6618BC486D770CB5AE44079EB7A0F7D9BD0F508126EE8893B58DB7EC8518F40

Uniqueness

Uniqueness Score: -1.00%

Function 0000022C50FC2057, Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,0000022C50FC298F), ref: 0000022C50FC20A4

Memory Dump Source

Source File: 0000001B.00000002.769972477.0000022C50FC0000.00000040.00000001.sdmp, Offset: 0000022C50FC0000, based on PE: true

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction ID: 561f8c2436e816c14b84c05c939ddbf97f53c83a7423b84d88532d73175db91c
Opcode Fuzzy Hash: ea04a22fb0b80051549ca917af940619b3718de0f0d551addbdd129c1eaed934
Instruction Fuzzy Hash: 513158B2618B8486D790DF5AE05575E7BA1F389BD4F204026EF8D97B18DF3AC452CB00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report 0G0AO3HYEI.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

UDP Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: loaddll64.exe PID: 396 Parent PID: 6692