Windows Analysis Report Yeni sipari#U015f _WJO-001, pdf.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: NanoCore |
---|
{"Version": "1.2.2.0", "Mutex": "c44e3244-c9be-4fcb-8e75-051ae087", "Group": "MAX LOGS", "Domain1": "cashlink.ddns.net", "Domain2": "", "Port": 4774, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Disable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Disable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 18 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
Click to see the 33 entries |
Sigma Overview |
---|
AV Detection: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
E-Banking Fraud: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Stealing of Sensitive Information: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Remote Access Functionality: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_067C8E18 |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Uses dynamic DNS services | Show sources |
Source: | DNS query: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | TCP traffic: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Binary or memory string: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_02C7CA80 | |
Source: | Code function: | 0_2_02C7EB48 | |
Source: | Code function: | 0_2_02C72F60 | |
Source: | Code function: | 0_2_02C71F18 | |
Source: | Code function: | 0_2_02C710C8 | |
Source: | Code function: | 0_2_02C72970 | |
Source: | Code function: | 0_2_02C74270 | |
Source: | Code function: | 0_2_02C7F7E8 | |
Source: | Code function: | 0_2_02C72CA8 | |
Source: | Code function: | 0_2_02C710B8 | |
Source: | Code function: | 0_2_02C72CB8 | |
Source: | Code function: | 0_2_02C72962 | |
Source: | Code function: | 0_2_067C6F98 | |
Source: | Code function: | 0_2_067C4060 | |
Source: | Code function: | 0_2_067C69CB | |
Source: | Code function: | 0_2_067C0673 | |
Source: | Code function: | 0_2_067C1A18 | |
Source: | Code function: | 0_2_067C0E00 | |
Source: | Code function: | 0_2_067C03C8 | |
Source: | Code function: | 0_2_067C03B8 | |
Source: | Code function: | 0_2_067C0BB8 | |
Source: | Code function: | 0_2_067C0BA9 | |
Source: | Code function: | 0_2_067C0FA0 | |
Source: | Code function: | 0_2_067C0F91 | |
Source: | Code function: | 0_2_067C6F88 | |
Source: | Code function: | 0_2_067C5460 | |
Source: | Code function: | 0_2_067C4053 | |
Source: | Code function: | 0_2_067C4558 | |
Source: | Code function: | 0_2_067C0DF0 | |
Source: | Code function: | 0_2_067C59E8 | |
Source: | Code function: | 0_2_067C51E0 | |
Source: | Code function: | 0_2_067C19E1 | |
Source: | Code function: | 0_2_067C51D1 | |
Source: | Code function: | 0_2_067C09A8 | |
Source: | Code function: | 0_2_067C4D98 | |
Source: | Code function: | 0_2_067C0999 | |
Source: | Code function: | 0_2_067C4197 | |
Source: | Code function: | 0_2_067C4D88 | |
Source: | Code function: | 0_2_067C5188 | |
Source: | Code function: | 0_2_067C1980 | |
Source: | Code function: | 5_2_05053850 | |
Source: | Code function: | 5_2_0505AF18 | |
Source: | Code function: | 5_2_050523A0 | |
Source: | Code function: | 5_2_05052FA8 | |
Source: | Code function: | 5_2_05058648 | |
Source: | Code function: | 5_2_05059248 | |
Source: | Code function: | 5_2_0505306F | |
Source: | Code function: | 5_2_0505930F | |
Source: | Code function: | 5_2_05059AF0 | |
Source: | Code function: | 7_2_00016D08 | |
Source: | Code function: | 7_2_00016950 | |
Source: | Code function: | 7_2_0001692F | |
Source: | Code function: | 7_2_02380708 |
Source: | Code function: | 5_2_0519119A | |
Source: | Code function: | 5_2_0519115F |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_029ABD02 | |
Source: | Code function: | 0_2_029ABCCB | |
Source: | Code function: | 5_2_05190F5A | |
Source: | Code function: | 5_2_05190F23 |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Joe Sandbox Cloud Basic: | Perma Link |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_02C77889 | |
Source: | Code function: | 0_2_02C78054 | |
Source: | Code function: | 0_2_02C7780B | |
Source: | Code function: | 0_2_02C7842F | |
Source: | Code function: | 0_2_067C3E7C | |
Source: | Code function: | 0_2_067C2380 | |
Source: | Code function: | 5_2_00F674B9 | |
Source: | Code function: | 5_2_00F674AD | |
Source: | Code function: | 5_2_00F69D81 |
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 5_2_051923EE |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 5_2_0519254A | |
Source: | Code function: | 5_2_051924F8 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Access Token Manipulation1 | Masquerading2 | Input Capture21 | Security Software Discovery11 | Remote Services | Input Capture21 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Process Injection312 | Disable or Modify Tools1 | LSASS Memory | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data11 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion21 | Security Account Manager | Virtualization/Sandbox Evasion21 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Remote Access Software1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Access Token Manipulation1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Process Injection312 | LSA Secrets | System Information Discovery13 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol21 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Deobfuscate/Decode Files or Information1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Obfuscated Files or Information3 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Software Packing13 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/NanoCore.fadte | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cashlink.ddns.net | 194.5.97.16 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| low | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
194.5.97.16 | cashlink.ddns.net | Netherlands | 208476 | DANILENKODE | true |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 508404 |
Start date: | 25.10.2021 |
Start time: | 08:21:59 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Yeni sipari#U015f _WJO-001, pdf.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@7/5@19/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
08:23:00 | API Interceptor | |
08:23:06 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
194.5.97.16 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DANILENKODE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69632 |
Entropy (8bit): | 5.20894581699571 |
Encrypted: | false |
SSDEEP: | 768:NElGiBcBuiyFjUwF0wdP9/rJMDnRFRJfStGpwV3e3qtAcy:ilGBu7jjP9/tMDn9Jt+VO3GO |
MD5: | 88BBB7610152B48C2B3879473B17857E |
SHA1: | 0F6CF8DD66AA58CE31DA4E8AC0631600EF055636 |
SHA-256: | 2C7ACC16D19D076D67E9F1F37984935899B79536C9AC6EEC8850C44D20F87616 |
SHA-512: | 5BACDF6C190A76C2C6A9A3519936E08E898AC8A2B1384D60429DF850BE778860435BF9E5EB316517D2345A5AAE201F369863F7A242134253978BCB5B2179CA58 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 664 |
Entropy (8bit): | 5.288448637977022 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9 |
MD5: | B1DB55991C3DA14E35249AEA1BC357CA |
SHA1: | 0DD2D91198FDEF296441B12F1A906669B279700C |
SHA-256: | 34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC |
SHA-512: | BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801 |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | modified |
Size (bytes): | 441 |
Entropy (8bit): | 5.388715099859351 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10U2+gYhD5itZbgbe4MqJsGMe4M6:MLF20NaL32+g2OH4xvn4j |
MD5: | 88F0104DB9A3F9BC4F0FC3805F571B0D |
SHA1: | CDD4F34385792F0CCE0A844F4ABB447C25AB4E73 |
SHA-256: | F6C11D3D078ED73F2640DA510E68DEEAA5F14F79CAE2E23A254B4E37C7D0230F |
SHA-512: | 04B977F63CAB8DE20EA7EFA9D4299C2E625D92FA6D54CA03EECD9F322E978326B353824F23BEC0E712083BDE0DBC5CC4EE90922137106B096050CA46A166DF0E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:Z8:Z8 |
MD5: | 43EDE2DCA45F13D48C642FFE1081E662 |
SHA1: | E60E211D5742F3AC1C891A586CAB2138B23CEEFF |
SHA-256: | B247C2053D99F6AB51812F74E0859DA326EE30524D14CC37A6FD34A7DDEA12BE |
SHA-512: | 56E66BFD8589C030E2777306C917728706E27415BF2B17FF12FFC6011786668BE2ECA1F2CD328D594A5516BFD917AD5650CAD86FDFA044582C5993BEB80EF871 |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 306 |
Entropy (8bit): | 4.969261552825097 |
Encrypted: | false |
SSDEEP: | 6:zx3M1tlAX8bSWR30qysGMQbSVRRZBXVRbJ0fFdCsq2UTiMdH8stCal+n:zK1XnV30ZsGMIG9BFRbQdCT2UftCM+ |
MD5: | F227448515085A647910907084E6728E |
SHA1: | 5FA1A8E28B084DA25A1BBC51A2D75810CEF57E2C |
SHA-256: | 662BA47D628FE8EBE95DD47B4482110A10B49AED09387BC0E028BB66E68E20BD |
SHA-512: | 6F6E5DFFF7B17C304FB19B0BA5466AF84EF98A5C2EFA573AF72CFD3ED6964E9FD7F8E4B79FCFFBEF87CE545418C69D4984F4DD60BBF457D0A3640950F8FC5AF0 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.26643085265657 |
TrID: |
|
File name: | Yeni sipari#U015f _WJO-001, pdf.exe |
File size: | 884224 |
MD5: | 7e0600a5300a5cd87fce0cf4398b578f |
SHA1: | c52fb2df7f32b3bfadaa923a67e59204bb306429 |
SHA256: | 5f86426410b741a6c2c5c3693069520197f2789e490a36c75ace1a4b2792cab6 |
SHA512: | d339f29c09bf5d79b597af2299123c70b3a1be02a325d7254413ce23c4230065d95fa68b21138730d6c0d4ae94717ea7ac9664f58c2bfc8bd7605bb3b43f916a |
SSDEEP: | 24576:Fba+q9hGIdbYGMszLPgVmIsAleFHH+HHHHHWHVHCUXGHnHHhHraHoeXO:FbNSV/HOmIpeFHH+HHHHHWHVHCUXGHnt |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....sa..............P..h..........n.... ........@.. ....................................@................................ |
File Icon |
---|
Icon Hash: | 00d0524c687048a0 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4a876e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x6173E0F7 [Sat Oct 23 10:16:23 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v2.0.50727 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa871c | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xaa000 | 0x31040 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xdc000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xa6774 | 0xa6800 | False | 0.71680274024 | data | 7.48504821183 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xaa000 | 0x31040 | 0x31200 | False | 0.423564726463 | data | 5.88116448591 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xdc000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xaa2b0 | 0x9001 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0xb32b4 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xc3adc | 0x94a8 | data | ||
RT_ICON | 0xccf84 | 0x5488 | data | ||
RT_ICON | 0xd240c | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294967295 | ||
RT_ICON | 0xd6634 | 0x25a8 | data | ||
RT_ICON | 0xd8bdc | 0x10a8 | data | ||
RT_ICON | 0xd9c84 | 0x988 | data | ||
RT_ICON | 0xda60c | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0xdaa74 | 0x84 | data | ||
RT_VERSION | 0xdaaf8 | 0x35c | data | ||
RT_MANIFEST | 0xdae54 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2012 |
Assembly Version | 1.0.0.0 |
InternalName | im3XXq5.exe |
FileVersion | 1.0.0.0 |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | Sistem Informasi Penginapan |
ProductVersion | 1.0.0.0 |
FileDescription | Sistem Informasi Penginapan |
OriginalFilename | im3XXq5.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
10/25/21-08:23:06.720778 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
10/25/21-08:23:13.047508 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
10/25/21-08:23:19.338896 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
10/25/21-08:23:31.723363 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
10/25/21-08:23:38.861357 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
10/25/21-08:24:22.408140 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
10/25/21-08:24:37.557508 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
10/25/21-08:24:43.309583 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
10/25/21-08:24:54.742082 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
10/25/21-08:25:06.910564 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 25, 2021 08:23:06.731641054 CEST | 49772 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:07.557070017 CEST | 4774 | 49772 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:08.098453045 CEST | 49772 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:08.287816048 CEST | 4774 | 49772 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:08.801680088 CEST | 49772 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:08.996725082 CEST | 4774 | 49772 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:13.049412966 CEST | 49773 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:13.415987968 CEST | 4774 | 49773 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:13.927197933 CEST | 49773 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:14.101680994 CEST | 4774 | 49773 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:14.614669085 CEST | 49773 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:14.798801899 CEST | 4774 | 49773 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:19.387490034 CEST | 49775 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:19.566262960 CEST | 4774 | 49775 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:20.118135929 CEST | 49775 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:20.305656910 CEST | 4774 | 49775 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:20.912035942 CEST | 49775 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:21.091766119 CEST | 4774 | 49775 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:25.147382021 CEST | 49781 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:25.330944061 CEST | 4774 | 49781 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:25.834309101 CEST | 49781 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:26.834553957 CEST | 4774 | 49781 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:27.334477901 CEST | 49781 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:27.523027897 CEST | 4774 | 49781 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:31.726943016 CEST | 49784 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:32.045989037 CEST | 4774 | 49784 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:32.553559065 CEST | 49784 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:33.823034048 CEST | 4774 | 49784 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:34.335231066 CEST | 49784 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:34.821727991 CEST | 4774 | 49784 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:38.864166021 CEST | 49785 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:41.867567062 CEST | 49785 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:42.421914101 CEST | 4774 | 49785 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:42.929528952 CEST | 49785 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:43.140013933 CEST | 4774 | 49785 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:47.223056078 CEST | 49787 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:48.248806953 CEST | 4774 | 49787 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:48.758069038 CEST | 49787 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:49.041254044 CEST | 4774 | 49787 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:49.555145979 CEST | 49787 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:49.751879930 CEST | 4774 | 49787 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:53.783086061 CEST | 49788 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:56.791364908 CEST | 49788 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:58.633023977 CEST | 4774 | 49788 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:23:59.133991003 CEST | 49788 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:23:59.327039957 CEST | 4774 | 49788 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:03.386073112 CEST | 49791 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:04.051368952 CEST | 4774 | 49791 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:04.554755926 CEST | 49791 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:04.801326990 CEST | 4774 | 49791 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:05.306370020 CEST | 49791 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:05.486150026 CEST | 4774 | 49791 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:10.187477112 CEST | 49794 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:10.365905046 CEST | 4774 | 49794 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:11.009902954 CEST | 49794 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:11.242218018 CEST | 4774 | 49794 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:11.916450977 CEST | 49794 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:12.107764959 CEST | 4774 | 49794 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:16.144431114 CEST | 49799 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:16.520164967 CEST | 4774 | 49799 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:17.026246071 CEST | 49799 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:17.205069065 CEST | 4774 | 49799 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:17.713825941 CEST | 49799 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:18.297115088 CEST | 4774 | 49799 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:22.450315952 CEST | 49801 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:25.464417934 CEST | 49801 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:25.649441957 CEST | 4774 | 49801 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:26.167530060 CEST | 49801 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:26.380956888 CEST | 4774 | 49801 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:30.417890072 CEST | 49802 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:31.991596937 CEST | 4774 | 49802 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:32.496155024 CEST | 49802 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:32.802727938 CEST | 4774 | 49802 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:33.308670998 CEST | 49802 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:33.492352962 CEST | 4774 | 49802 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:37.559695005 CEST | 49820 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:37.770746946 CEST | 4774 | 49820 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:38.277856112 CEST | 49820 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:38.511590958 CEST | 4774 | 49820 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:39.012273073 CEST | 49820 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:39.189702034 CEST | 4774 | 49820 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:43.410763025 CEST | 49840 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:43.616600990 CEST | 4774 | 49840 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:44.122107983 CEST | 49840 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:44.308103085 CEST | 4774 | 49840 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:44.809648037 CEST | 49840 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:44.999694109 CEST | 4774 | 49840 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:49.038379908 CEST | 49842 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:49.216681957 CEST | 4774 | 49842 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:49.731971979 CEST | 49842 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:49.911642075 CEST | 4774 | 49842 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:50.419555902 CEST | 49842 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:50.607680082 CEST | 4774 | 49842 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:54.743608952 CEST | 49843 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:55.175014973 CEST | 4774 | 49843 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:55.685590982 CEST | 49843 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:55.875725031 CEST | 4774 | 49843 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:24:56.388844967 CEST | 49843 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:24:56.579386950 CEST | 4774 | 49843 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:25:00.617253065 CEST | 49861 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:25:00.790790081 CEST | 4774 | 49861 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:25:01.311032057 CEST | 49861 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:25:01.485646009 CEST | 4774 | 49861 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:25:01.986650944 CEST | 49861 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:25:02.175770044 CEST | 4774 | 49861 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:25:06.911127090 CEST | 49869 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:25:07.103612900 CEST | 4774 | 49869 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:25:07.608504057 CEST | 49869 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:25:07.788110018 CEST | 4774 | 49869 | 194.5.97.16 | 192.168.2.4 |
Oct 25, 2021 08:25:08.296426058 CEST | 49869 | 4774 | 192.168.2.4 | 194.5.97.16 |
Oct 25, 2021 08:25:08.484711885 CEST | 4774 | 49869 | 194.5.97.16 | 192.168.2.4 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 25, 2021 08:23:06.696093082 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:23:06.720777988 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:23:13.027206898 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:23:13.047508001 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:23:19.315490961 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:23:19.338896036 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:23:25.126760006 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:23:25.145519018 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:23:31.702912092 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:23:31.723362923 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:23:38.841285944 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:23:38.861356974 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:23:47.204689980 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:23:47.221677065 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:23:53.762490034 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:23:53.781286001 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:24:03.365789890 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:24:03.384665966 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:24:10.144007921 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:24:10.160450935 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:24:16.123938084 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:24:16.142330885 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:24:22.384063959 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:24:22.408139944 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:24:30.390775919 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:24:30.410547972 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:24:37.539165974 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:24:37.557507992 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:24:43.288317919 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:24:43.309582949 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:24:49.017062902 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:24:49.035656929 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:24:54.721607924 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:24:54.742082119 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:25:00.597276926 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:25:00.615669012 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Oct 25, 2021 08:25:06.890649080 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 25, 2021 08:25:06.910563946 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 25, 2021 08:23:06.696093082 CEST | 192.168.2.4 | 8.8.8.8 | 0x4a0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:23:13.027206898 CEST | 192.168.2.4 | 8.8.8.8 | 0x5f07 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:23:19.315490961 CEST | 192.168.2.4 | 8.8.8.8 | 0x174c | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:23:25.126760006 CEST | 192.168.2.4 | 8.8.8.8 | 0x9075 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:23:31.702912092 CEST | 192.168.2.4 | 8.8.8.8 | 0xe166 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:23:38.841285944 CEST | 192.168.2.4 | 8.8.8.8 | 0xe8b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:23:47.204689980 CEST | 192.168.2.4 | 8.8.8.8 | 0x1fc2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:23:53.762490034 CEST | 192.168.2.4 | 8.8.8.8 | 0xfec7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:24:03.365789890 CEST | 192.168.2.4 | 8.8.8.8 | 0x9a74 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:24:10.144007921 CEST | 192.168.2.4 | 8.8.8.8 | 0x6ef3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:24:16.123938084 CEST | 192.168.2.4 | 8.8.8.8 | 0x5010 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:24:22.384063959 CEST | 192.168.2.4 | 8.8.8.8 | 0x9341 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:24:30.390775919 CEST | 192.168.2.4 | 8.8.8.8 | 0x23aa | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:24:37.539165974 CEST | 192.168.2.4 | 8.8.8.8 | 0x1de | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:24:43.288317919 CEST | 192.168.2.4 | 8.8.8.8 | 0xa70b | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:24:49.017062902 CEST | 192.168.2.4 | 8.8.8.8 | 0xeb8c | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:24:54.721607924 CEST | 192.168.2.4 | 8.8.8.8 | 0xcf0c | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:25:00.597276926 CEST | 192.168.2.4 | 8.8.8.8 | 0xbcd5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 25, 2021 08:25:06.890649080 CEST | 192.168.2.4 | 8.8.8.8 | 0xc4fb | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 25, 2021 08:23:06.720777988 CEST | 8.8.8.8 | 192.168.2.4 | 0x4a0 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:23:13.047508001 CEST | 8.8.8.8 | 192.168.2.4 | 0x5f07 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:23:19.338896036 CEST | 8.8.8.8 | 192.168.2.4 | 0x174c | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:23:25.145519018 CEST | 8.8.8.8 | 192.168.2.4 | 0x9075 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:23:31.723362923 CEST | 8.8.8.8 | 192.168.2.4 | 0xe166 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:23:38.861356974 CEST | 8.8.8.8 | 192.168.2.4 | 0xe8b6 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:23:47.221677065 CEST | 8.8.8.8 | 192.168.2.4 | 0x1fc2 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:23:53.781286001 CEST | 8.8.8.8 | 192.168.2.4 | 0xfec7 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:24:03.384665966 CEST | 8.8.8.8 | 192.168.2.4 | 0x9a74 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:24:10.160450935 CEST | 8.8.8.8 | 192.168.2.4 | 0x6ef3 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:24:16.142330885 CEST | 8.8.8.8 | 192.168.2.4 | 0x5010 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:24:22.408139944 CEST | 8.8.8.8 | 192.168.2.4 | 0x9341 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:24:30.410547972 CEST | 8.8.8.8 | 192.168.2.4 | 0x23aa | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:24:37.557507992 CEST | 8.8.8.8 | 192.168.2.4 | 0x1de | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:24:43.309582949 CEST | 8.8.8.8 | 192.168.2.4 | 0xa70b | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:24:49.035656929 CEST | 8.8.8.8 | 192.168.2.4 | 0xeb8c | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:24:54.742082119 CEST | 8.8.8.8 | 192.168.2.4 | 0xcf0c | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:25:00.615669012 CEST | 8.8.8.8 | 192.168.2.4 | 0xbcd5 | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) | ||
Oct 25, 2021 08:25:06.910563946 CEST | 8.8.8.8 | 192.168.2.4 | 0xc4fb | No error (0) | 194.5.97.16 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 08:22:59 |
Start date: | 25/10/2021 |
Path: | C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x830000 |
File size: | 884224 bytes |
MD5 hash: | 7E0600A5300A5CD87FCE0CF4398B578F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 08:23:02 |
Start date: | 25/10/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x420000 |
File size: | 69632 bytes |
MD5 hash: | 88BBB7610152B48C2B3879473B17857E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 08:23:02 |
Start date: | 25/10/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x870000 |
File size: | 69632 bytes |
MD5 hash: | 88BBB7610152B48C2B3879473B17857E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 08:23:15 |
Start date: | 25/10/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10000 |
File size: | 69632 bytes |
MD5 hash: | 88BBB7610152B48C2B3879473B17857E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Antivirus matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 08:23:17 |
Start date: | 25/10/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 02C71F18, Relevance: 5.6, Strings: 4, Instructions: 559COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029ABCCB, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029ABD02, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C69CB, Relevance: 1.4, Strings: 1, Instructions: 159COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C72F60, Relevance: 1.0, Instructions: 984COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C710C8, Relevance: .4, Instructions: 439COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C710B8, Relevance: .3, Instructions: 293COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7EB48, Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C4197, Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C4060, Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C4053, Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C72962, Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C72970, Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7CA80, Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C6F98, Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C6F88, Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AB89D, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AB8D6, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AB074, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BC00EC, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029ABB48, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029ABD98, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029ABE4D, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BC032D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AA5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BC012A, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AA65A, Relevance: 1.6, APIs: 1, Instructions: 60threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029ABAA7, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029ABB82, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AADF4, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029ABE7E, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AA9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AA5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AB0BE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029ABDD2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029ABACE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AAE16, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BC0366, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AAA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029AA69A, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C705A8, Relevance: 1.5, Strings: 1, Instructions: 201COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70599, Relevance: 1.4, Strings: 1, Instructions: 177COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C71D80, Relevance: 1.4, Strings: 1, Instructions: 109COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C71DD0, Relevance: 1.3, Strings: 1, Instructions: 85COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C71DE0, Relevance: 1.3, Strings: 1, Instructions: 85COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C3566, Relevance: 1.3, Strings: 1, Instructions: 21COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C2588, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70A5F, Relevance: .3, Instructions: 252COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70A70, Relevance: .3, Instructions: 252COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70270, Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70280, Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C4AC5, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C4A6B, Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C740D8, Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7B728, Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C715D, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C713D, Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7A93B, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C7287, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7001D, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7D498, Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C4B10, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C73FA8, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB0724, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB075C, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C700F8, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C728B2, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70108, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C728C0, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70F07, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB05CF, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C709D8, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C703E8, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C709E8, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70070, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7F190, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70450, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70220, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C703F8, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70531, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C6978, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB0818, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70F98, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C7649, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C72DB, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02AB05F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C7A11, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70FA8, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7A8B1, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70460, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C74060, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C43C4, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7BC88, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C71D90, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C3F78, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C4343, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C79BD, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C6988, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7A8C0, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7B2C0, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C74231, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C70230, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7B1C0, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C10DC, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C2D5D, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C2CE3, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C7DA7, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C72C70, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C700ED, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C73FB8, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C1CBD, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C3F88, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C30CC, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C8D00, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7BEE0, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029A23F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C7C4F, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C74D8, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C73A3, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C700CD, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029A23BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C6C78, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C729DD, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C7543, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C72C80, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7B108, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7AF30, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C1CCC, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C2919, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C6DFC, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C36D2, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C2FEC, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C61EE, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02C72CA8, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C72CB8, Relevance: 3.9, Strings: 3, Instructions: 156COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C7F7E8, Relevance: 1.4, Strings: 1, Instructions: 158COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C03C8, Relevance: 1.4, Strings: 1, Instructions: 143COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C03B8, Relevance: 1.4, Strings: 1, Instructions: 142COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C0FA0, Relevance: 1.3, Strings: 1, Instructions: 70COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C0F91, Relevance: 1.3, Strings: 1, Instructions: 67COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C4D98, Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C4D88, Relevance: .2, Instructions: 214COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C1980, Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C5188, Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C0BB8, Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C0BA9, Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C51D1, Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C51E0, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C0673, Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C19E1, Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C1A18, Relevance: .1, Instructions: 122COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C0999, Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C74270, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C09A8, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C0DF0, Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C0E00, Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C8E18, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C59E8, Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C4558, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 067C5460, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 0505AF18, Relevance: 2.1, Strings: 1, Instructions: 897COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05053850, Relevance: 2.0, Strings: 1, Instructions: 744COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05190F23, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0519115F, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05190F5A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051923EE, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0519119A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050523A0, Relevance: .5, Instructions: 505COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05058648, Relevance: .5, Instructions: 505COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05052FA8, Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05059248, Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051901F4, Relevance: 3.1, APIs: 2, Instructions: 100synchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05052D58, Relevance: 2.6, Strings: 2, Instructions: 135COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051907F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05192A9F, Relevance: 1.6, APIs: 1, Instructions: 90windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051921E0, Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5AF50, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05191D74, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05191C92, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051908F0, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0519081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051909C0, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05190723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05190A9B, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05191CB2, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05190FF0, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05191DB2, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051910A5, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05190D1C, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0519221E, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051923BB, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051909F2, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5BEB4, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05190D3E, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05190AD6, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05190932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0519075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 051910D6, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5BED2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05192B0A, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05190232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0519102A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F5BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050502E8, Relevance: 1.4, Strings: 1, Instructions: 178COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05050682, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050521F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050584A0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050550E0, Relevance: 1.3, Strings: 1, Instructions: 92COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505699E, Relevance: 1.3, Strings: 1, Instructions: 82COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050550D0, Relevance: 1.3, Strings: 1, Instructions: 69COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505C678, Relevance: 1.3, Strings: 1, Instructions: 59COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050512A0, Relevance: .5, Instructions: 460COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505E708, Relevance: .4, Instructions: 372COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F52477, Relevance: .3, Instructions: 284COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05055F30, Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A96F, Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505DFA0, Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05057398, Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05056FE8, Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050509A0, Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05057F40, Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05057970, Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505CA68, Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05050BC0, Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05051458, Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05058178, Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05056B6A, Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05052BF8, Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505ED88, Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05056B78, Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505AD10, Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505DF90, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050509A9, Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050502DA, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505DE79, Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505CE40, Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05051290, Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050520D0, Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050543C0, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050545C8, Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505EC60, Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505CAD0, Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05050006, Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05056FD8, Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505E3E9, Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505DC91, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050543D0, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05058470, Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050555E8, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050582E0, Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A5F8, Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05055831, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05058EF8, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505DB27, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050525DE, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050521E8, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05058886, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05054F10, Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050548B9, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05055840, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505AD00, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A5E8, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505E290, Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05055000, Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05054511, Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505E280, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505C548, Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505C8C8, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05055730, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029E087C, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05057F30, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A061, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050511DF, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505C260, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05054FF0, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505D999, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050554F8, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05054789, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F6AC7C, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505238F, Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505D9A8, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050505B9, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A098, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05055740, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050577E8, Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050577D9, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A720, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050505C8, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050568A8, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505C251, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05059ED0, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A890, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A710, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05057220, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05054710, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05051218, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029E05CF, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05058168, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05056897, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05057230, Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A689, Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A8A0, Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505E697, Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050562D8, Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050562E8, Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05055F21, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05059E61, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050545B9, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050555D9, Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505C53A, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05050918, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505E619, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505DDE7, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050546A9, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05050908, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029E0938, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05054700, Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05059E78, Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050571BF, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050557A2, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05058408, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505F178, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505C86E, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505A7D0, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505AE50, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029E05F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F6ACCB, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505DDF8, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05058418, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505E628, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505BAB8, Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505C880, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505DE39, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505C8B9, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505E668, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05052D20, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05050170, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505F188, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05057358, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050557F6, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505DE48, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050502A0, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505064F, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505CFC0, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05058FC2, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05056E08, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505E678, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F523F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05059FC0, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F523BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505F1C1, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505D010, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05055478, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 050578E6, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05050180, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05059FD0, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505EF13, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05050660, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505F1D0, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505D020, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05056E2C, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05052EC0, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0505C649, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 0091A2C1, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A2F2, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091AE40, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A483, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A816, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A3C8, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091AA16, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A836, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091AAD8, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A8DF, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A4B6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A23C, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091AAFA, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091AA4A, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091AE86, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A40A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A25E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091A91A, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02381B03, Relevance: 1.5, Strings: 1, Instructions: 216COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02380150, Relevance: 1.3, Strings: 1, Instructions: 78COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02381540, Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023806C8, Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02380007, Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02381453, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02380521, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02381530, Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02380530, Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023805FB, Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02381570, Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02381D7B, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02381D88, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02381770, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022905CF, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023817F3, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02380630, Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02380697, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023818E8, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02380640, Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02381990, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022905F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023818F8, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023819A0, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02380251, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009123F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023818BB, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009123BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02380130, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023818C8, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|