Play interactive tour

Edit tour

Windows Analysis Report Yeni sipari#U015f _WJO-001, pdf.exe

Overview

General Information

Sample Name:	Yeni sipari#U015f _WJO-001, pdf.exe
Analysis ID:	508404
MD5:	7e0600a5300a5cd87fce0cf4398b578f
SHA1:	c52fb2df7f32b3bfadaa923a67e59204bb306429
SHA256:	5f86426410b741a6c2c5c3693069520197f2789e490a36c75ace1a4b2792cab6
Tags:	exegeoNanoCoreRATTUR
Infos:
Most interesting Screenshot:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

Yara detected AntiVM3

Detected Nanocore Rat

Yara detected Nanocore RAT

Writes to foreign memory regions

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

Allocates memory in foreign processes

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

C2 URLs / IPs found in malware configuration

Uses dynamic DNS services

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to call native functions

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Installs a raw input device (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Drops PE files

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

Yeni sipari#U015f _WJO-001, pdf.exe (PID: 1380 cmdline: 'C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe' MD5: 7E0600A5300A5CD87FCE0CF4398B578F)

MSBuild.exe (PID: 4540 cmdline: {path} MD5: 88BBB7610152B48C2B3879473B17857E)

MSBuild.exe (PID: 6692 cmdline: {path} MD5: 88BBB7610152B48C2B3879473B17857E)

dhcpmon.exe (PID: 6112 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: 88BBB7610152B48C2B3879473B17857E)

conhost.exe (PID: 2848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "c44e3244-c9be-4fcb-8e75-051ae087", "Group": "MAX LOGS", "Domain1": "cashlink.ddns.net", "Domain2": "", "Port": 4774, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Disable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Disable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x70535:$x1: NanoCore.ClientPluginHost 0x70572:$x2: IClientNetworkHost 0x740a5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x7029d:$a: NanoCore 0x702ad:$a: NanoCore 0x704e1:$a: NanoCore 0x704f5:$a: NanoCore 0x70535:$a: NanoCore 0x702fc:$b: ClientPlugin 0x704fe:$b: ClientPlugin 0x7053e:$b: ClientPlugin 0x70423:$c: ProjectData 0x70e2a:$d: DESCrypto 0x787f6:$e: KeepAlive 0x767e4:$g: LogClientMessage 0x729df:$i: get_Connected 0x71160:$j: #=q 0x71190:$j: #=q 0x711ac:$j: #=q 0x711dc:$j: #=q 0x711f8:$j: #=q 0x71214:$j: #=q 0x71244:$j: #=q 0x71260:$j: #=q
00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x33cd:$a: NanoCore 0x3426:$a: NanoCore 0x3463:$a: NanoCore 0x34dc:$a: NanoCore 0x16b87:$a: NanoCore 0x16b9c:$a: NanoCore 0x16bd1:$a: NanoCore 0x2f643:$a: NanoCore 0x2f658:$a: NanoCore 0x2f68d:$a: NanoCore 0x342f:$b: ClientPlugin 0x346c:$b: ClientPlugin 0x3d6a:$b: ClientPlugin 0x3d77:$b: ClientPlugin 0x16943:$b: ClientPlugin 0x1695e:$b: ClientPlugin 0x1698e:$b: ClientPlugin 0x16ba5:$b: ClientPlugin 0x16bda:$b: ClientPlugin 0x2f3ff:$b: ClientPlugin 0x2f41a:$b: ClientPlugin
00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd8e35:$x1: NanoCore.ClientPluginHost 0xd8e72:$x2: IClientNetworkHost 0xdc9a5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xd8b9d:$a: NanoCore 0xd8bad:$a: NanoCore 0xd8de1:$a: NanoCore 0xd8df5:$a: NanoCore 0xd8e35:$a: NanoCore 0xd8bfc:$b: ClientPlugin 0xd8dfe:$b: ClientPlugin 0xd8e3e:$b: ClientPlugin 0xd8d23:$c: ProjectData 0xd972a:$d: DESCrypto 0xe10f6:$e: KeepAlive 0xdf0e4:$g: LogClientMessage 0xdb2df:$i: get_Connected 0xd9a60:$j: #=q 0xd9a90:$j: #=q 0xd9aac:$j: #=q 0xd9adc:$j: #=q 0xd9af8:$j: #=q 0xd9b14:$j: #=q 0xd9b44:$j: #=q 0xd9b60:$j: #=q
00000005.00000002.943376551.00000000053A0000.00000004.00020000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
00000005.00000002.943376551.00000000053A0000.00000004.00020000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x26c46:$x1: NanoCore.ClientPluginHost 0x26c83:$x2: IClientNetworkHost 0x2a0ed:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x34e24:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x6fbf6:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x26a51:$a: NanoCore 0x26a61:$a: NanoCore 0x26ad6:$a: NanoCore 0x26ae5:$a: NanoCore 0x26bf2:$a: NanoCore 0x26c06:$a: NanoCore 0x26c46:$a: NanoCore 0x3148e:$a: NanoCore 0x314a0:$a: NanoCore 0x314dc:$a: NanoCore 0x6c260:$a: NanoCore 0x6c272:$a: NanoCore 0x6c2ae:$a: NanoCore 0x26a75:$b: ClientPlugin 0x26b2f:$b: ClientPlugin 0x26c0f:$b: ClientPlugin 0x26c4f:$b: ClientPlugin 0x314a9:$b: ClientPlugin 0x314e5:$b: ClientPlugin 0x6c27b:$b: ClientPlugin 0x6c2b7:$b: ClientPlugin
Process Memory Space: MSBuild.exe PID: 6692	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1a50c:$x1: NanoCore.ClientPluginHost 0x1a539:$x2: IClientNetworkHost 0x54826:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x5f343:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: MSBuild.exe PID: 6692	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: MSBuild.exe PID: 6692	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x15792:$a: NanoCore 0x1a4c2:$a: NanoCore 0x1a4d7:$a: NanoCore 0x1a50c:$a: NanoCore 0x1f659:$a: NanoCore 0x1f66c:$a: NanoCore 0x1f69e:$a: NanoCore 0x329be:$a: NanoCore 0x32d3d:$a: NanoCore 0x32d90:$a: NanoCore 0x32dc9:$a: NanoCore 0x32e3c:$a: NanoCore 0x33d0f:$a: NanoCore 0x33d22:$a: NanoCore 0x33d54:$a: NanoCore 0x392eb:$a: NanoCore 0x392fe:$a: NanoCore 0x39330:$a: NanoCore 0x5138b:$a: NanoCore 0x5139b:$a: NanoCore 0x513f0:$a: NanoCore
Click to see the 18 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
5.2.MSBuild.exe.3ece424.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0x28269:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost 0x28296:$x2: IClientNetworkHost
5.2.MSBuild.exe.3ece424.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x28269:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0x29344:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost 0x28283:$s5: IClientLoggingHost
5.2.MSBuild.exe.3ece424.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.MSBuild.exe.2e916e0.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
5.2.MSBuild.exe.2e916e0.1.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
5.2.MSBuild.exe.400000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
5.2.MSBuild.exe.400000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
5.2.MSBuild.exe.400000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.MSBuild.exe.400000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
5.2.MSBuild.exe.53a0000.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
5.2.MSBuild.exe.53a0000.5.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
5.2.MSBuild.exe.3ed2a4d.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0x23c40:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost 0x23c6d:$x2: IClientNetworkHost
5.2.MSBuild.exe.3ed2a4d.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0x23c40:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0x24d1b:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost 0x23c5a:$s5: IClientLoggingHost
5.2.MSBuild.exe.3ed2a4d.2.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.MSBuild.exe.5644629.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
5.2.MSBuild.exe.5644629.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
5.2.MSBuild.exe.5644629.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.MSBuild.exe.5640000.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
5.2.MSBuild.exe.5640000.6.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
5.2.MSBuild.exe.5640000.6.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
5.2.MSBuild.exe.3ec95ee.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0x145e3:$x1: NanoCore.ClientPluginHost 0x2d09f:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost 0x14610:$x2: IClientNetworkHost 0x2d0cc:$x2: IClientNetworkHost
5.2.MSBuild.exe.3ec95ee.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x145e3:$x2: NanoCore.ClientPluginHost 0x2d09f:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0x156be:$s4: PipeCreated 0x2e17a:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost 0x145fd:$s5: IClientLoggingHost 0x2d0b9:$s5: IClientLoggingHost
5.2.MSBuild.exe.3ec95ee.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.MSBuild.exe.3ec95ee.3.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xddf:$a: NanoCore 0xe38:$a: NanoCore 0xe75:$a: NanoCore 0xeee:$a: NanoCore 0x14599:$a: NanoCore 0x145ae:$a: NanoCore 0x145e3:$a: NanoCore 0x2d055:$a: NanoCore 0x2d06a:$a: NanoCore 0x2d09f:$a: NanoCore 0xe41:$b: ClientPlugin 0xe7e:$b: ClientPlugin 0x177c:$b: ClientPlugin 0x1789:$b: ClientPlugin 0x14355:$b: ClientPlugin 0x14370:$b: ClientPlugin 0x143a0:$b: ClientPlugin 0x145b7:$b: ClientPlugin 0x145ec:$b: ClientPlugin 0x2ce11:$b: ClientPlugin 0x2ce2c:$b: ClientPlugin
0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
5.2.MSBuild.exe.5640000.6.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
5.2.MSBuild.exe.5640000.6.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
5.2.MSBuild.exe.5640000.6.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
5.2.MSBuild.exe.3ece424.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
5.2.MSBuild.exe.3ece424.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
5.2.MSBuild.exe.3ece424.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Click to see the 33 entries

Sigma Overview

AV Detection:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, ProcessId: 6692, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud:

Sigma detected: NanoCore

Show sources

Source: File created

Stealing of Sensitive Information:

Sigma detected: NanoCore

Show sources

Source: File created

Remote Access Functionality:

Sigma detected: NanoCore

Show sources

Source: File created

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp

Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "c44e3244-c9be-4fcb-8e75-051ae087", "Group": "MAX LOGS", "Domain1": "cashlink.ddns.net", "Domain2": "", "Port": 4774, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Disable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Disable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 5.2.MSBuild.exe.3ece424.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ed2a4d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5644629.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5640000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ec95ee.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5640000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ece424.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 6692, type: MEMORYSTR

Machine Learning detection for sample

Show sources

Source: Yeni sipari#U015f _WJO-001, pdf.exe

Joe Sandbox ML: detected

Source: 5.2.MSBuild.exe.400000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 5.2.MSBuild.exe.5640000.6.unpack	Avira: Label: TR/NanoCore.fadte

Source: Yeni sipari#U015f _WJO-001, pdf.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: Yeni sipari#U015f _WJO-001, pdf.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: indows\mscorlib.pdbpdblib.pdb source: MSBuild.exe, 00000005.00000002.941974077.0000000002B35000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.pdb source: MSBuild.exe, 00000005.00000002.941974077.0000000002B35000.00000004.00000040.sdmp
Source:	Binary string: f:\dd\vsproject\xmake\XMakeCommandLine\objr\i386\MSBuild.pdb source: MSBuild.exe, 00000005.00000002.941974077.0000000002B35000.00000004.00000040.sdmp, dhcpmon.exe, dhcpmon.exe.5.dr
Source:	Binary string: indows\MSBuild.pdbpdbild.pdb source: MSBuild.exe, 00000005.00000002.941974077.0000000002B35000.00000004.00000040.sdmp

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe

Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h

0_2_067C8E18

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs:
Source: Malware configuration extractor	URLs: cashlink.ddns.net

Uses dynamic DNS services

Show sources

Source: unknown

DNS query: name: cashlink.ddns.net

Source: Joe Sandbox View

ASN Name: DANILENKODE DANILENKODE

Source: Joe Sandbox View

IP Address: 194.5.97.16 194.5.97.16

Source: global traffic

TCP traffic: 192.168.2.4:49772 -> 194.5.97.16:4774

Source: dhcpmon.exe, 00000007.00000002.715333963.000000000062C000.00000004.00000020.sdmp	String found in binary or memory: http://go.microsoft.
Source: dhcpmon.exe, 00000007.00000002.715333963.000000000062C000.00000004.00000020.sdmp	String found in binary or memory: http://go.microsoft.LinkId=42127
Source: Yeni sipari#U015f _WJO-001, pdf.exe	String found in binary or memory: http://tempuri.org/XXXXXXXXXXXXXXXXXXXXXXX.xsd
Source: Yeni sipari#U015f _WJO-001, pdf.exe	String found in binary or memory: http://tempuri.org/XXXXXXXXXXXXXXXXXXXXXXX.xsd9WinForms_RecursiveFormCreate5WinForms_SeeInnerExcepti
Source: Yeni sipari#U015f _WJO-001, pdf.exe	String found in binary or memory: http://tempuri.org/sipDataSet.xsd

Source: unknown

DNS traffic detected: queries for: cashlink.ddns.net

Source: dhcpmon.exe, 00000007.00000002.715298411.00000000005F8000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: MSBuild.exe, 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp

Binary or memory string: RegisterRawInputDevices

E-Banking Fraud:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 5.2.MSBuild.exe.3ece424.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ed2a4d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5644629.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5640000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ec95ee.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5640000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ece424.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 6692, type: MEMORYSTR

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 5.2.MSBuild.exe.3ece424.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.MSBuild.exe.2e916e0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.MSBuild.exe.53a0000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.MSBuild.exe.3ed2a4d.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.MSBuild.exe.5644629.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.MSBuild.exe.5640000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.MSBuild.exe.3ec95ee.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.MSBuild.exe.3ec95ee.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.MSBuild.exe.5640000.6.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 5.2.MSBuild.exe.3ece424.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000005.00000002.943376551.00000000053A0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: MSBuild.exe PID: 6692, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: MSBuild.exe PID: 6692, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Source: Yeni sipari#U015f _WJO-001, pdf.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 5.2.MSBuild.exe.3ece424.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.MSBuild.exe.3ece424.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.2.MSBuild.exe.2e916e0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.MSBuild.exe.2e916e0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.2.MSBuild.exe.53a0000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.MSBuild.exe.53a0000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.2.MSBuild.exe.3ed2a4d.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.MSBuild.exe.3ed2a4d.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.2.MSBuild.exe.5644629.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.MSBuild.exe.5644629.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.2.MSBuild.exe.5640000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.MSBuild.exe.5640000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.2.MSBuild.exe.3ec95ee.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.MSBuild.exe.3ec95ee.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.2.MSBuild.exe.3ec95ee.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 5.2.MSBuild.exe.5640000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.MSBuild.exe.5640000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 5.2.MSBuild.exe.3ece424.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 5.2.MSBuild.exe.3ece424.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000005.00000002.943376551.00000000053A0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000005.00000002.943376551.00000000053A0000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: MSBuild.exe PID: 6692, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: MSBuild.exe PID: 6692, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C7CA80	0_2_02C7CA80
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C7EB48	0_2_02C7EB48
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C72F60	0_2_02C72F60
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C71F18	0_2_02C71F18
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C710C8	0_2_02C710C8
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C72970	0_2_02C72970
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C74270	0_2_02C74270
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C7F7E8	0_2_02C7F7E8
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C72CA8	0_2_02C72CA8
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C710B8	0_2_02C710B8
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C72CB8	0_2_02C72CB8
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C72962	0_2_02C72962
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C6F98	0_2_067C6F98
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C4060	0_2_067C4060
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C69CB	0_2_067C69CB
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C0673	0_2_067C0673
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C1A18	0_2_067C1A18
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C0E00	0_2_067C0E00
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C03C8	0_2_067C03C8
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C03B8	0_2_067C03B8
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C0BB8	0_2_067C0BB8
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C0BA9	0_2_067C0BA9
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C0FA0	0_2_067C0FA0
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C0F91	0_2_067C0F91
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C6F88	0_2_067C6F88
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C5460	0_2_067C5460
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C4053	0_2_067C4053
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C4558	0_2_067C4558
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C0DF0	0_2_067C0DF0
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C59E8	0_2_067C59E8
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C51E0	0_2_067C51E0
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C19E1	0_2_067C19E1
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C51D1	0_2_067C51D1
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C09A8	0_2_067C09A8
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C4D98	0_2_067C4D98
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C0999	0_2_067C0999
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C4197	0_2_067C4197
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C4D88	0_2_067C4D88
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C5188	0_2_067C5188
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C1980	0_2_067C1980
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_05053850	5_2_05053850
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_0505AF18	5_2_0505AF18
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_050523A0	5_2_050523A0
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_05052FA8	5_2_05052FA8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_05058648	5_2_05058648
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_05059248	5_2_05059248
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_0505306F	5_2_0505306F
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_0505930F	5_2_0505930F
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_05059AF0	5_2_05059AF0
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 7_2_00016D08	7_2_00016D08
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 7_2_00016950	7_2_00016950
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 7_2_0001692F	7_2_0001692F
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Code function: 7_2_02380708	7_2_02380708

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_0519119A NtQuerySystemInformation,		5_2_0519119A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_0519115F NtQuerySystemInformation,		5_2_0519115F

Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682329515.0000000002FF1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameBunifu.UI.dll4 vs Yeni sipari#U015f _WJO-001, pdf.exe
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682398955.0000000003048000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs Yeni sipari#U015f _WJO-001, pdf.exe
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.681581391.00000000008FC000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameim3XXq5.exeX vs Yeni sipari#U015f _WJO-001, pdf.exe
Source: Yeni sipari#U015f _WJO-001, pdf.exe	Binary or memory string: OriginalFilenameim3XXq5.exeX vs Yeni sipari#U015f _WJO-001, pdf.exe

Source: Yeni sipari#U015f _WJO-001, pdf.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dhcpmon.exe.5.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dhcpmon.exe.5.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: dhcpmon.exe.5.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Yeni sipari#U015f _WJO-001, pdf.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: Yeni sipari#U015f _WJO-001, pdf.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe 'C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe'
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe {path}
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe {path}
Source: unknown	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe {path}	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_029ABD02 AdjustTokenPrivileges,	0_2_029ABD02
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_029ABCCB AdjustTokenPrivileges,	0_2_029ABCCB
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_05190F5A AdjustTokenPrivileges,	5_2_05190F5A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_05190F23 AdjustTokenPrivileges,	5_2_05190F23

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Yeni sipari#U015f _WJO-001, pdf.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@7/5@19/1

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: Yeni sipari#U015f _WJO-001, pdf.exe

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2848:120:WilError_01
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{c44e3244-c9be-4fcb-8e75-051ae0874277}

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

File created: C:\Program Files (x86)\DHCP Monitor

Jump to behavior

Source: dhcpmon.exe, 00000007.00000002.715008537.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.5.dr	Binary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release
Source: dhcpmon.exe, 00000007.00000002.715333963.000000000062C000.00000004.00000020.sdmp	Binary or memory string: \??\C:\Program Files (x86)\DHCP Monitor\<.slne
Source: dhcpmon.exe, 00000007.00000002.715008537.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.5.dr	Binary or memory string: MSBuild MyApp.csproj /t:Clean /p:Configuration=Debug
Source: dhcpmon.exe, 00000007.00000002.715008537.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.5.dr	Binary or memory string: *.sln+AmbiguousProjectError'MissingProjectError)ProjectNotFoundError)InvalidPropertyError
Source: dhcpmon.exe	Binary or memory string: *.sln
Source: dhcpmon.exe, 00000007.00000002.715598767.00000000027B1000.00000004.00000001.sdmp	Binary or memory string: q)C:\Program Files (x86)\DHCP Monitor\.sln

Source: 5.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 5.2.MSBuild.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 5.2.MSBuild.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: Yeni sipari#U015f _WJO-001, pdf.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Yeni sipari#U015f _WJO-001, pdf.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: indows\mscorlib.pdbpdblib.pdb source: MSBuild.exe, 00000005.00000002.941974077.0000000002B35000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.pdb source: MSBuild.exe, 00000005.00000002.941974077.0000000002B35000.00000004.00000040.sdmp
Source:	Binary string: f:\dd\vsproject\xmake\XMakeCommandLine\objr\i386\MSBuild.pdb source: MSBuild.exe, 00000005.00000002.941974077.0000000002B35000.00000004.00000040.sdmp, dhcpmon.exe, dhcpmon.exe.5.dr
Source:	Binary string: indows\MSBuild.pdbpdbild.pdb source: MSBuild.exe, 00000005.00000002.941974077.0000000002B35000.00000004.00000040.sdmp

Data Obfuscation:

.NET source code contains potential unpacker

Show sources

Source: Yeni sipari#U015f _WJO-001, pdf.exe, StartUp.cs	.Net Code: XXXXXXXXX123 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.Yeni sipari#U015f _WJO-001, pdf.exe.830000.0.unpack, StartUp.cs	.Net Code: XXXXXXXXX123 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.830000.0.unpack, StartUp.cs	.Net Code: XXXXXXXXX123 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 5.2.MSBuild.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C77882 push ds; retf	0_2_02C77889
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C7804D push ebx; ret	0_2_02C78054
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C7780A pushfd ; retf	0_2_02C7780B
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_02C7842E push edx; iretd	0_2_02C7842F
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C3E7B push es; ret	0_2_067C3E7C
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Code function: 0_2_067C237F push es; retf	0_2_067C2380
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_00F674B8 push ebp; ret	5_2_00F674B9
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_00F674AC push ecx; ret	5_2_00F674AD
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_00F69D7C push 7800F6CBh; retf	5_2_00F69D81

Source: initial sample

Static PE information: section name: .text entropy: 7.48504821183

Source: 5.2.MSBuild.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 5.2.MSBuild.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

File created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Yara detected AntiVM3

Show sources

Source: Yara match

File source: Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe TID: 6496	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 6748	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5252	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Window / User API: threadDelayed 1187	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Window / User API: threadDelayed 443	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Window / User API: foregroundWindowGot 736	Jump to behavior

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

Code function: 5_2_051923EE GetSystemInfo,

5_2_051923EE

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.682366311.0000000003027000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe base: 420000	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe base: 422000	Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe base: ABC008	Jump to behavior

Allocates memory in foreign processes

Show sources

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe {path}			Jump to behavior
Source: C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe {path}			Jump to behavior

Source: MSBuild.exe, 00000005.00000002.941668633.0000000001530000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: MSBuild.exe, 00000005.00000002.941668633.0000000001530000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: MSBuild.exe, 00000005.00000002.941668633.0000000001530000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: MSBuild.exe, 00000005.00000002.941668633.0000000001530000.00000002.00020000.sdmp	Binary or memory string: Progmanlock
Source: MSBuild.exe, 00000005.00000002.942052851.0000000002ED5000.00000004.00000001.sdmp	Binary or memory string: Program Manager
Source: MSBuild.exe, 00000005.00000002.942052851.0000000002ED5000.00000004.00000001.sdmp	Binary or memory string: Program Manager@~

Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 5.2.MSBuild.exe.3ece424.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ed2a4d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5644629.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5640000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ec95ee.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5640000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ece424.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 6692, type: MEMORYSTR

Remote Access Functionality:

Detected Nanocore Rat

Show sources

Source: Yeni sipari#U015f _WJO-001, pdf.exe, 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: MSBuild.exe, 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: MSBuild.exe, 00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 5.2.MSBuild.exe.3ece424.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ed2a4d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5644629.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5640000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ec95ee.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Yeni sipari#U015f _WJO-001, pdf.exe.40b9ca8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.5640000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.MSBuild.exe.3ece424.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 6692, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_0519254A bind,		5_2_0519254A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe	Code function: 5_2_051924F8 bind,		5_2_051924F8

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Access Token Manipulation1	Masquerading2	Input Capture21	Security Software Discovery11	Remote Services	Input Capture21	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection312	Disable or Modify Tools1	LSASS Memory	Process Discovery2	Remote Desktop Protocol	Archive Collected Data11	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion21	Security Account Manager	Virtualization/Sandbox Evasion21	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Remote Access Software1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Access Token Manipulation1	NTDS	Application Window Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Process Injection312	LSA Secrets	System Information Discovery13	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol21	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Deobfuscate/Decode Files or Information1	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Obfuscated Files or Information3	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Software Packing13	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Yeni sipari#U015f _WJO-001, pdf.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	0%	Metadefender		Browse
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
5.2.MSBuild.exe.400000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7		Download File
5.2.MSBuild.exe.5640000.6.unpack	100%	Avira	TR/NanoCore.fadte		Download File

Domains

Source	Detection	Scanner	Label	Link
cashlink.ddns.net	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
	0%	Avira URL Cloud	safe
http://go.microsoft.	0%	URL Reputation	safe
http://tempuri.org/sipDataSet.xsd	2%	Virustotal		Browse
http://tempuri.org/sipDataSet.xsd	0%	Avira URL Cloud	safe
http://tempuri.org/XXXXXXXXXXXXXXXXXXXXXXX.xsd	0%	Avira URL Cloud	safe
http://go.microsoft.LinkId=42127	0%	Avira URL Cloud	safe
cashlink.ddns.net	0%	Avira URL Cloud	safe
http://tempuri.org/XXXXXXXXXXXXXXXXXXXXXXX.xsd9WinForms_RecursiveFormCreate5WinForms_SeeInnerExcepti	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cashlink.ddns.net	194.5.97.16	true	true	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
	true	Avira URL Cloud: safe	low
cashlink.ddns.net	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://go.microsoft.	dhcpmon.exe, 00000007.00000002.715333963.000000000062C000.00000004.00000020.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/sipDataSet.xsd	Yeni sipari#U015f _WJO-001, pdf.exe	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/XXXXXXXXXXXXXXXXXXXXXXX.xsd	Yeni sipari#U015f _WJO-001, pdf.exe	false	Avira URL Cloud: safe	unknown
http://go.microsoft.LinkId=42127	dhcpmon.exe, 00000007.00000002.715333963.000000000062C000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	low
http://tempuri.org/XXXXXXXXXXXXXXXXXXXXXXX.xsd9WinForms_RecursiveFormCreate5WinForms_SeeInnerExcepti	Yeni sipari#U015f _WJO-001, pdf.exe	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
194.5.97.16	cashlink.ddns.net	Netherlands		208476	DANILENKODE	true

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	508404
Start date:	25.10.2021
Start time:	08:21:59
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Yeni sipari#U015f _WJO-001, pdf.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@7/5@19/1
EGA Information:	Failed
HDC Information:	Successful, ratio: 0.6% (good quality ratio 0%) Quality average: 0% Quality standard deviation: 0%
HCA Information:	Successful, ratio: 95% Number of executed functions: 431 Number of non-executed functions: 27
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 13.107.246.254, 13.107.3.254, 52.113.196.254, 20.82.209.183, 209.197.3.8, 20.82.210.154, 80.67.82.211, 80.67.82.235, 40.91.112.76, 20.54.110.249, 40.112.88.60 Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, s-ring.msedge.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, e12564.dspb.akamaiedge.net, teams-9999.teams-msedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, t-ring.msedge.net, s-ring.s-9999.s-msedge.net, ris.api.iris.microsoft.com, t-9999.t-msedge.net, store-images.s-microsoft.com, s-9999.s-msedge.net, teams-ring.teams-9999.teams-msedge.net, t-ring.t-9999.t-msedge.net, teams-ring.msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:23:00	API Interceptor	1x Sleep call for process: Yeni sipari#U015f _WJO-001, pdf.exe modified
08:23:06	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
194.5.97.16	DHL_1012617429350,pdf.exe	Get hash	malicious	Browse
	DHL_1012617429350,pdf.exe	Get hash	malicious	Browse
	1012617429350,pdf.exe	Get hash	malicious	Browse
	AWB# 2617429350,pdf.exe	Get hash	malicious	Browse
	Yeni Sipari#U015f # 765-3523663, pdf.exe	Get hash	malicious	Browse
	Nuevo pedido _WJO-001,pdf.exe	Get hash	malicious	Browse
	765-3523663 ,pdf.exe	Get hash	malicious	Browse
	New Order #86-55113,pdf.exe	Get hash	malicious	Browse
	Nuevo pedido # 765-3523663 ,pdf.exe	Get hash	malicious	Browse
	Nuevo pedido # 86-55113,pdf.exe	Get hash	malicious	Browse
	Nuevo pedido # 86-55113 .pdf.exe	Get hash	malicious	Browse
	Nuevo pedido # 86-55113,pdf.exe	Get hash	malicious	Browse
	Urgent RFQ_AP65425652_032421,pdf.exe	Get hash	malicious	Browse
	OC CVE6535 TVOP-MIO 16(C) 2021,pdf.exe	Get hash	malicious	Browse
	Pos withdrawal reduced to 0.5%.exe	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DANILENKODE	7STXNgZD3g.exe	Get hash	malicious	Browse	194.5.98.107
	ORIGINAL DOCUMENTS BL, C.I. & PACKING LIST.exe	Get hash	malicious	Browse	194.5.98.158
	Comprobante de pago.xls	Get hash	malicious	Browse	194.5.98.74
	Comprobante de pago.doc	Get hash	malicious	Browse	194.5.98.40
	AWB # 1012617429350,pdf.exe	Get hash	malicious	Browse	194.5.97.23
	SK202-8 #YN12-60387.exe	Get hash	malicious	Browse	194.5.97.207
	nIXnNtZvtI.exe	Get hash	malicious	Browse	194.5.98.205
	SecuriteInfo.com.VB.Trojan.Valyria.3530.8728.xls	Get hash	malicious	Browse	194.5.98.249
	DHL_1012617429350,pdf.exe	Get hash	malicious	Browse	194.5.97.23
	Pago_Monex_usd.xls	Get hash	malicious	Browse	194.5.98.46
	Niki-Gmbh Germany Inquiry.exe	Get hash	malicious	Browse	194.5.97.97
	new.exe	Get hash	malicious	Browse	194.5.98.212
	XdZ4ad8GpU.exe	Get hash	malicious	Browse	194.5.98.48
	we-ship-SNE-9874657.xlsx	Get hash	malicious	Browse	194.5.98.48
	Bankdetails86507.exe	Get hash	malicious	Browse	194.5.98.126
	Order Quotation Request_pdf.exe	Get hash	malicious	Browse	194.5.97.128
	IMG0000030_Pago_SWIFT.exe	Get hash	malicious	Browse	194.5.98.202
	2qDKwiGx46.exe	Get hash	malicious	Browse	194.5.98.134
	Specifications.docx.exe	Get hash	malicious	Browse	194.5.97.212
	Specifications.xls.exe	Get hash	malicious	Browse	194.5.97.212

JA3 Fingerprints

No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	FeDEx AWB TRACKING DETAILS.exe	Get hash	malicious	Browse
	09142021_PDF.vbs	Get hash	malicious	Browse
	P0 (2021)-2790 new order.exe	Get hash	malicious	Browse
	TNT AWB TRACKING DETAILS.exe	Get hash	malicious	Browse
	BankSlip.exe	Get hash	malicious	Browse
	PAYMENT ERROR.exe	Get hash	malicious	Browse
	DHL AWB TRACKING DETAILS.exe	Get hash	malicious	Browse
	DHL AWB TRACKING DETAILS.exe	Get hash	malicious	Browse
	PcgYFOwcNQ.exe	Get hash	malicious	Browse
	Invoice Fanpage Karma.bat.exe	Get hash	malicious	Browse
	zslaUKmBfr.exe	Get hash	malicious	Browse
	scanbankdoc210999796432225.bat.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Zusy.394472.4088.exe	Get hash	malicious	Browse
	SecuriteInfo.com.W32.AIDetect.malware1.17748.exe	Get hash	malicious	Browse
	fnnEkbo4cW.exe	Get hash	malicious	Browse
	kAGA3XtSEaOxfvA.exe	Get hash	malicious	Browse
	PO 18-3081.exe	Get hash	malicious	Browse
	Order417.exe	Get hash	malicious	Browse
	PCT0002982765627827BC.exe	Get hash	malicious	Browse
	NO19800800.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.20894581699571
Encrypted:	false
SSDEEP:	768:NElGiBcBuiyFjUwF0wdP9/rJMDnRFRJfStGpwV3e3qtAcy:ilGBu7jjP9/tMDn9Jt+VO3GO
MD5:	88BBB7610152B48C2B3879473B17857E
SHA1:	0F6CF8DD66AA58CE31DA4E8AC0631600EF055636
SHA-256:	2C7ACC16D19D076D67E9F1F37984935899B79536C9AC6EEC8850C44D20F87616
SHA-512:	5BACDF6C190A76C2C6A9A3519936E08E898AC8A2B1384D60429DF850BE778860435BF9E5EB316517D2345A5AAE201F369863F7A242134253978BCB5B2179CA58
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: FeDEx AWB TRACKING DETAILS.exe, Detection: malicious, Browse Filename: 09142021_PDF.vbs, Detection: malicious, Browse Filename: P0 (2021)-2790 new order.exe, Detection: malicious, Browse Filename: TNT AWB TRACKING DETAILS.exe, Detection: malicious, Browse Filename: BankSlip.exe, Detection: malicious, Browse Filename: PAYMENT ERROR.exe, Detection: malicious, Browse Filename: DHL AWB TRACKING DETAILS.exe, Detection: malicious, Browse Filename: DHL AWB TRACKING DETAILS.exe, Detection: malicious, Browse Filename: PcgYFOwcNQ.exe, Detection: malicious, Browse Filename: Invoice Fanpage Karma.bat.exe, Detection: malicious, Browse Filename: zslaUKmBfr.exe, Detection: malicious, Browse Filename: scanbankdoc210999796432225.bat.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Variant.Zusy.394472.4088.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.W32.AIDetect.malware1.17748.exe, Detection: malicious, Browse Filename: fnnEkbo4cW.exe, Detection: malicious, Browse Filename: kAGA3XtSEaOxfvA.exe, Detection: malicious, Browse Filename: PO 18-3081.exe, Detection: malicious, Browse Filename: Order417.exe, Detection: malicious, Browse Filename: PCT0002982765627827BC.exe, Detection: malicious, Browse Filename: NO19800800.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{Z.....................@........... ........@.. .......................@......99....@.....................................S.......`/................... ....................................................... ............... ..H............text....... ...................... ..`.rsrc...`/.......0..................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Yeni sipari#U015f _WJO-001, pdf.exe.log Download File
Process:	C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	664
Entropy (8bit):	5.288448637977022
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
MD5:	B1DB55991C3DA14E35249AEA1BC357CA
SHA1:	0DD2D91198FDEF296441B12F1A906669B279700C
SHA-256:	34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
SHA-512:	BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
Malicious:	true
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log Download File
Process:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	441
Entropy (8bit):	5.388715099859351
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10U2+gYhD5itZbgbe4MqJsGMe4M6:MLF20NaL32+g2OH4xvn4j
MD5:	88F0104DB9A3F9BC4F0FC3805F571B0D
SHA1:	CDD4F34385792F0CCE0A844F4ABB447C25AB4E73
SHA-256:	F6C11D3D078ED73F2640DA510E68DEEAA5F14F79CAE2E23A254B4E37C7D0230F
SHA-512:	04B977F63CAB8DE20EA7EFA9D4299C2E625D92FA6D54CA03EECD9F322E978326B353824F23BEC0E712083BDE0DBC5CC4EE90922137106B096050CA46A166DF0E
Malicious:	false
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\527c933194f3a99a816d83c619a3e1d3\System.Xml.ni.dll",0..2,"Microsoft.Build.Engine, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.Build.Framework, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
File Type:	International EBCDIC text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:Z8:Z8
MD5:	43EDE2DCA45F13D48C642FFE1081E662
SHA1:	E60E211D5742F3AC1C891A586CAB2138B23CEEFF
SHA-256:	B247C2053D99F6AB51812F74E0859DA326EE30524D14CC37A6FD34A7DDEA12BE
SHA-512:	56E66BFD8589C030E2777306C917728706E27415BF2B17FF12FFC6011786668BE2ECA1F2CD328D594A5516BFD917AD5650CAD86FDFA044582C5993BEB80EF871
Malicious:	true
Preview:	Vi.....H

\Device\ConDrv Download File
Process:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	306
Entropy (8bit):	4.969261552825097
Encrypted:	false
SSDEEP:	6:zx3M1tlAX8bSWR30qysGMQbSVRRZBXVRbJ0fFdCsq2UTiMdH8stCal+n:zK1XnV30ZsGMIG9BFRbQdCT2UftCM+
MD5:	F227448515085A647910907084E6728E
SHA1:	5FA1A8E28B084DA25A1BBC51A2D75810CEF57E2C
SHA-256:	662BA47D628FE8EBE95DD47B4482110A10B49AED09387BC0E028BB66E68E20BD
SHA-512:	6F6E5DFFF7B17C304FB19B0BA5466AF84EF98A5C2EFA573AF72CFD3ED6964E9FD7F8E4B79FCFFBEF87CE545418C69D4984F4DD60BBF457D0A3640950F8FC5AF0
Malicious:	false
Preview:	Microsoft (R) Build Engine Version 2.0.50727.8922..[Microsoft .NET Framework, Version 2.0.50727.8922]..Copyright (C) Microsoft Corporation 2005. All rights reserved.....MSBUILD : error MSB1003: Specify a project or solution file. The current working directory does not contain a project or solution file...

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.26643085265657
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Yeni sipari#U015f _WJO-001, pdf.exe
File size:	884224
MD5:	7e0600a5300a5cd87fce0cf4398b578f
SHA1:	c52fb2df7f32b3bfadaa923a67e59204bb306429
SHA256:	5f86426410b741a6c2c5c3693069520197f2789e490a36c75ace1a4b2792cab6
SHA512:	d339f29c09bf5d79b597af2299123c70b3a1be02a325d7254413ce23c4230065d95fa68b21138730d6c0d4ae94717ea7ac9664f58c2bfc8bd7605bb3b43f916a
SSDEEP:	24576:Fba+q9hGIdbYGMszLPgVmIsAleFHH+HHHHHWHVHCUXGHnHHhHraHoeXO:FbNSV/HOmIpeFHH+HHHHHWHVHCUXGHnt
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....sa..............P..h..........n.... ........@.. ....................................@................................

File Icon


Icon Hash:	00d0524c687048a0

Static PE Info

General
Entrypoint:	0x4a876e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x6173E0F7 [Sat Oct 23 10:16:23 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:	v2.0.50727
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa871c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xaa000	0x31040	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xdc000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xa6774	0xa6800	False	0.71680274024	data	7.48504821183	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0xaa000	0x31040	0x31200	False	0.423564726463	data	5.88116448591	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xdc000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0xaa2b0	0x9001	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0xb32b4	0x10828	dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
RT_ICON	0xc3adc	0x94a8	data
RT_ICON	0xccf84	0x5488	data
RT_ICON	0xd240c	0x4228	dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294967295
RT_ICON	0xd6634	0x25a8	data
RT_ICON	0xd8bdc	0x10a8	data
RT_ICON	0xd9c84	0x988	data
RT_ICON	0xda60c	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0xdaa74	0x84	data
RT_VERSION	0xdaaf8	0x35c	data
RT_MANIFEST	0xdae54	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2012
Assembly Version	1.0.0.0
InternalName	im3XXq5.exe
FileVersion	1.0.0.0
CompanyName
LegalTrademarks
Comments
ProductName	Sistem Informasi Penginapan
ProductVersion	1.0.0.0
FileDescription	Sistem Informasi Penginapan
OriginalFilename	im3XXq5.exe

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
10/25/21-08:23:06.720778	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	53097	8.8.8.8	192.168.2.4
10/25/21-08:23:13.047508	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	49257	8.8.8.8	192.168.2.4
10/25/21-08:23:19.338896	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	49910	8.8.8.8	192.168.2.4
10/25/21-08:23:31.723363	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	53700	8.8.8.8	192.168.2.4
10/25/21-08:23:38.861357	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	51726	8.8.8.8	192.168.2.4
10/25/21-08:24:22.408140	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	51255	8.8.8.8	192.168.2.4
10/25/21-08:24:37.557508	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60579	8.8.8.8	192.168.2.4
10/25/21-08:24:43.309583	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	49228	8.8.8.8	192.168.2.4
10/25/21-08:24:54.742082	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	55916	8.8.8.8	192.168.2.4
10/25/21-08:25:06.910564	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	60542	8.8.8.8	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2021 08:23:06.731641054 CEST	49772	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:07.557070017 CEST	4774	49772	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:08.098453045 CEST	49772	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:08.287816048 CEST	4774	49772	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:08.801680088 CEST	49772	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:08.996725082 CEST	4774	49772	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:13.049412966 CEST	49773	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:13.415987968 CEST	4774	49773	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:13.927197933 CEST	49773	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:14.101680994 CEST	4774	49773	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:14.614669085 CEST	49773	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:14.798801899 CEST	4774	49773	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:19.387490034 CEST	49775	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:19.566262960 CEST	4774	49775	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:20.118135929 CEST	49775	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:20.305656910 CEST	4774	49775	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:20.912035942 CEST	49775	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:21.091766119 CEST	4774	49775	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:25.147382021 CEST	49781	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:25.330944061 CEST	4774	49781	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:25.834309101 CEST	49781	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:26.834553957 CEST	4774	49781	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:27.334477901 CEST	49781	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:27.523027897 CEST	4774	49781	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:31.726943016 CEST	49784	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:32.045989037 CEST	4774	49784	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:32.553559065 CEST	49784	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:33.823034048 CEST	4774	49784	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:34.335231066 CEST	49784	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:34.821727991 CEST	4774	49784	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:38.864166021 CEST	49785	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:41.867567062 CEST	49785	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:42.421914101 CEST	4774	49785	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:42.929528952 CEST	49785	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:43.140013933 CEST	4774	49785	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:47.223056078 CEST	49787	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:48.248806953 CEST	4774	49787	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:48.758069038 CEST	49787	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:49.041254044 CEST	4774	49787	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:49.555145979 CEST	49787	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:49.751879930 CEST	4774	49787	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:53.783086061 CEST	49788	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:56.791364908 CEST	49788	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:58.633023977 CEST	4774	49788	194.5.97.16	192.168.2.4
Oct 25, 2021 08:23:59.133991003 CEST	49788	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:23:59.327039957 CEST	4774	49788	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:03.386073112 CEST	49791	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:04.051368952 CEST	4774	49791	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:04.554755926 CEST	49791	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:04.801326990 CEST	4774	49791	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:05.306370020 CEST	49791	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:05.486150026 CEST	4774	49791	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:10.187477112 CEST	49794	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:10.365905046 CEST	4774	49794	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:11.009902954 CEST	49794	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:11.242218018 CEST	4774	49794	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:11.916450977 CEST	49794	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:12.107764959 CEST	4774	49794	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:16.144431114 CEST	49799	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:16.520164967 CEST	4774	49799	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:17.026246071 CEST	49799	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:17.205069065 CEST	4774	49799	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:17.713825941 CEST	49799	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:18.297115088 CEST	4774	49799	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:22.450315952 CEST	49801	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:25.464417934 CEST	49801	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:25.649441957 CEST	4774	49801	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:26.167530060 CEST	49801	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:26.380956888 CEST	4774	49801	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:30.417890072 CEST	49802	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:31.991596937 CEST	4774	49802	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:32.496155024 CEST	49802	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:32.802727938 CEST	4774	49802	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:33.308670998 CEST	49802	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:33.492352962 CEST	4774	49802	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:37.559695005 CEST	49820	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:37.770746946 CEST	4774	49820	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:38.277856112 CEST	49820	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:38.511590958 CEST	4774	49820	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:39.012273073 CEST	49820	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:39.189702034 CEST	4774	49820	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:43.410763025 CEST	49840	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:43.616600990 CEST	4774	49840	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:44.122107983 CEST	49840	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:44.308103085 CEST	4774	49840	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:44.809648037 CEST	49840	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:44.999694109 CEST	4774	49840	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:49.038379908 CEST	49842	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:49.216681957 CEST	4774	49842	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:49.731971979 CEST	49842	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:49.911642075 CEST	4774	49842	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:50.419555902 CEST	49842	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:50.607680082 CEST	4774	49842	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:54.743608952 CEST	49843	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:55.175014973 CEST	4774	49843	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:55.685590982 CEST	49843	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:55.875725031 CEST	4774	49843	194.5.97.16	192.168.2.4
Oct 25, 2021 08:24:56.388844967 CEST	49843	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:24:56.579386950 CEST	4774	49843	194.5.97.16	192.168.2.4
Oct 25, 2021 08:25:00.617253065 CEST	49861	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:25:00.790790081 CEST	4774	49861	194.5.97.16	192.168.2.4
Oct 25, 2021 08:25:01.311032057 CEST	49861	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:25:01.485646009 CEST	4774	49861	194.5.97.16	192.168.2.4
Oct 25, 2021 08:25:01.986650944 CEST	49861	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:25:02.175770044 CEST	4774	49861	194.5.97.16	192.168.2.4
Oct 25, 2021 08:25:06.911127090 CEST	49869	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:25:07.103612900 CEST	4774	49869	194.5.97.16	192.168.2.4
Oct 25, 2021 08:25:07.608504057 CEST	49869	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:25:07.788110018 CEST	4774	49869	194.5.97.16	192.168.2.4
Oct 25, 2021 08:25:08.296426058 CEST	49869	4774	192.168.2.4	194.5.97.16
Oct 25, 2021 08:25:08.484711885 CEST	4774	49869	194.5.97.16	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2021 08:23:06.696093082 CEST	53097	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:23:06.720777988 CEST	53	53097	8.8.8.8	192.168.2.4
Oct 25, 2021 08:23:13.027206898 CEST	49257	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:23:13.047508001 CEST	53	49257	8.8.8.8	192.168.2.4
Oct 25, 2021 08:23:19.315490961 CEST	49910	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:23:19.338896036 CEST	53	49910	8.8.8.8	192.168.2.4
Oct 25, 2021 08:23:25.126760006 CEST	63153	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:23:25.145519018 CEST	53	63153	8.8.8.8	192.168.2.4
Oct 25, 2021 08:23:31.702912092 CEST	53700	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:23:31.723362923 CEST	53	53700	8.8.8.8	192.168.2.4
Oct 25, 2021 08:23:38.841285944 CEST	51726	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:23:38.861356974 CEST	53	51726	8.8.8.8	192.168.2.4
Oct 25, 2021 08:23:47.204689980 CEST	56534	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:23:47.221677065 CEST	53	56534	8.8.8.8	192.168.2.4
Oct 25, 2021 08:23:53.762490034 CEST	56627	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:23:53.781286001 CEST	53	56627	8.8.8.8	192.168.2.4
Oct 25, 2021 08:24:03.365789890 CEST	63116	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:24:03.384665966 CEST	53	63116	8.8.8.8	192.168.2.4
Oct 25, 2021 08:24:10.144007921 CEST	64801	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:24:10.160450935 CEST	53	64801	8.8.8.8	192.168.2.4
Oct 25, 2021 08:24:16.123938084 CEST	61721	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:24:16.142330885 CEST	53	61721	8.8.8.8	192.168.2.4
Oct 25, 2021 08:24:22.384063959 CEST	51255	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:24:22.408139944 CEST	53	51255	8.8.8.8	192.168.2.4
Oct 25, 2021 08:24:30.390775919 CEST	61522	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:24:30.410547972 CEST	53	61522	8.8.8.8	192.168.2.4
Oct 25, 2021 08:24:37.539165974 CEST	60579	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:24:37.557507992 CEST	53	60579	8.8.8.8	192.168.2.4
Oct 25, 2021 08:24:43.288317919 CEST	49228	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:24:43.309582949 CEST	53	49228	8.8.8.8	192.168.2.4
Oct 25, 2021 08:24:49.017062902 CEST	59794	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:24:49.035656929 CEST	53	59794	8.8.8.8	192.168.2.4
Oct 25, 2021 08:24:54.721607924 CEST	55916	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:24:54.742082119 CEST	53	55916	8.8.8.8	192.168.2.4
Oct 25, 2021 08:25:00.597276926 CEST	52752	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:25:00.615669012 CEST	53	52752	8.8.8.8	192.168.2.4
Oct 25, 2021 08:25:06.890649080 CEST	60542	53	192.168.2.4	8.8.8.8
Oct 25, 2021 08:25:06.910563946 CEST	53	60542	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Oct 25, 2021 08:23:06.696093082 CEST	192.168.2.4	8.8.8.8	0x4a0	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:13.027206898 CEST	192.168.2.4	8.8.8.8	0x5f07	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:19.315490961 CEST	192.168.2.4	8.8.8.8	0x174c	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:25.126760006 CEST	192.168.2.4	8.8.8.8	0x9075	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:31.702912092 CEST	192.168.2.4	8.8.8.8	0xe166	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:38.841285944 CEST	192.168.2.4	8.8.8.8	0xe8b6	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:47.204689980 CEST	192.168.2.4	8.8.8.8	0x1fc2	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:53.762490034 CEST	192.168.2.4	8.8.8.8	0xfec7	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:03.365789890 CEST	192.168.2.4	8.8.8.8	0x9a74	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:10.144007921 CEST	192.168.2.4	8.8.8.8	0x6ef3	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:16.123938084 CEST	192.168.2.4	8.8.8.8	0x5010	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:22.384063959 CEST	192.168.2.4	8.8.8.8	0x9341	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:30.390775919 CEST	192.168.2.4	8.8.8.8	0x23aa	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:37.539165974 CEST	192.168.2.4	8.8.8.8	0x1de	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:43.288317919 CEST	192.168.2.4	8.8.8.8	0xa70b	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:49.017062902 CEST	192.168.2.4	8.8.8.8	0xeb8c	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:54.721607924 CEST	192.168.2.4	8.8.8.8	0xcf0c	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:25:00.597276926 CEST	192.168.2.4	8.8.8.8	0xbcd5	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)
Oct 25, 2021 08:25:06.890649080 CEST	192.168.2.4	8.8.8.8	0xc4fb	Standard query (0)	cashlink.ddns.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Oct 25, 2021 08:23:06.720777988 CEST	8.8.8.8	192.168.2.4	0x4a0	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:13.047508001 CEST	8.8.8.8	192.168.2.4	0x5f07	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:19.338896036 CEST	8.8.8.8	192.168.2.4	0x174c	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:25.145519018 CEST	8.8.8.8	192.168.2.4	0x9075	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:31.723362923 CEST	8.8.8.8	192.168.2.4	0xe166	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:38.861356974 CEST	8.8.8.8	192.168.2.4	0xe8b6	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:47.221677065 CEST	8.8.8.8	192.168.2.4	0x1fc2	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:23:53.781286001 CEST	8.8.8.8	192.168.2.4	0xfec7	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:03.384665966 CEST	8.8.8.8	192.168.2.4	0x9a74	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:10.160450935 CEST	8.8.8.8	192.168.2.4	0x6ef3	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:16.142330885 CEST	8.8.8.8	192.168.2.4	0x5010	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:22.408139944 CEST	8.8.8.8	192.168.2.4	0x9341	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:30.410547972 CEST	8.8.8.8	192.168.2.4	0x23aa	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:37.557507992 CEST	8.8.8.8	192.168.2.4	0x1de	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:43.309582949 CEST	8.8.8.8	192.168.2.4	0xa70b	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:49.035656929 CEST	8.8.8.8	192.168.2.4	0xeb8c	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:24:54.742082119 CEST	8.8.8.8	192.168.2.4	0xcf0c	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:25:00.615669012 CEST	8.8.8.8	192.168.2.4	0xbcd5	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)
Oct 25, 2021 08:25:06.910563946 CEST	8.8.8.8	192.168.2.4	0xc4fb	No error (0)	cashlink.ddns.net	194.5.97.16	A (IP address)	IN (0x0001)

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380 Parent PID: 6020

General

Start time:	08:22:59
Start date:	25/10/2021
Path:	C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Yeni sipari#U015f _WJO-001, pdf.exe'
Imagebase:	0x830000
File size:	884224 bytes
MD5 hash:	7E0600A5300A5CD87FCE0CF4398B578F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.684104761.0000000004101000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.683440077.0000000003FF1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Chronological Activities

Analysis Process: MSBuild.exe PID: 4540 Parent PID: 1380

General

Start time:	08:23:02
Start date:	25/10/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	{path}
Imagebase:	0x420000
File size:	69632 bytes
MD5 hash:	88BBB7610152B48C2B3879473B17857E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: MSBuild.exe PID: 6692 Parent PID: 1380

General

Start time:	08:23:02
Start date:	25/10/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	{path}
Imagebase:	0x870000
File size:	69632 bytes
MD5 hash:	88BBB7610152B48C2B3879473B17857E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.943511160.0000000005640000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000005.00000002.942525404.0000000003EC7000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000005.00000002.940978754.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.943376551.00000000053A0000.00000004.00020000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000005.00000002.943376551.00000000053A0000.00000004.00020000.sdmp, Author: Florian Roth
Reputation:	moderate

Chronological Activities

Analysis Process: dhcpmon.exe PID: 6112 Parent PID: 3424

General

Start time:	08:23:15
Start date:	25/10/2021
Path:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
Imagebase:	0x10000
File size:	69632 bytes
MD5 hash:	88BBB7610152B48C2B3879473B17857E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 0%, Metadefender, Browse Detection: 0%, ReversingLabs
Reputation:	moderate

Chronological Activities

Analysis Process: conhost.exe PID: 2848 Parent PID: 6112

General

Start time:	08:23:17
Start date:	25/10/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Yeni sipari#U015f _WJO-001, pdf.exe PID: 1380 Parent PID: 6020 Yeni sipari#U015f _WJO-001, pdf.exeCOMMON

Executed Functions

Function 02C71F18, Relevance: 5.6, Strings: 4, Instructions: 559COMMON

Download Yara Rule

Strings

j, xrefs: 02C726D5
$, xrefs: 02C7228B
:, xrefs: 02C72671
p, xrefs: 02C7244C

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID: $$:$j$p
API String ID: 0-449823731
Opcode ID: 96f854ffe97a8de50b593bbc7f2a25510aa14c32b58949829dc1a4a0788435a8
Instruction ID: 43c9e31d40ef5c5c74c53f945a52607078ecc62d98c324e4ddde6c827a76e5c0
Opcode Fuzzy Hash: 96f854ffe97a8de50b593bbc7f2a25510aa14c32b58949829dc1a4a0788435a8
Instruction Fuzzy Hash: C43204B1C05268CEDF28CFA2C9587EDFAB9BB85349F1490A9C50977291C3784B89CF15

Uniqueness

Uniqueness Score: -1.00%

Function 029ABCCB, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 029ABD4B

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 42f4a64fd883a96584a74f183308c055d7e36c3b462630431527c21481bb6218
Instruction ID: 1ed59de3666ba8cdb7c9ab30e798a3d34bf61acc2c13173e7185080d53aa3181
Opcode Fuzzy Hash: 42f4a64fd883a96584a74f183308c055d7e36c3b462630431527c21481bb6218
Instruction Fuzzy Hash: EA21A3755097809FDB238F25DC50B52BFF8EF16214F0984DAE9858F163D3749918CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 029ABD02, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 029ABD4B

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: daacf418adc54321508a01f546248ec53242d273e7f573a3d71f7e9548f288ae
Instruction ID: 3a7206f0ed5643e65fd08bdf4447e2b7645b1a1cb59ece9a3aec3a1b417a9262
Opcode Fuzzy Hash: daacf418adc54321508a01f546248ec53242d273e7f573a3d71f7e9548f288ae
Instruction Fuzzy Hash: 16117C716003449FDB21CF55D894B66FBE8EF14224F08C8AAED4A8B656D335E418CFB2

Uniqueness

Uniqueness Score: -1.00%

Function 067C69CB, Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

6A}k, xrefs: 067C6B61

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID: 6A}k
API String ID: 0-3316457725
Opcode ID: f558cec5182f070ef0cd16330f9e1deb75a7dcc0b6fde2437eff7780e75eefd6
Instruction ID: e3aec353fe2cc9a409a086c2be49a8aa4b26487c15e18076486bb3ca43d4e0a2
Opcode Fuzzy Hash: f558cec5182f070ef0cd16330f9e1deb75a7dcc0b6fde2437eff7780e75eefd6
Instruction Fuzzy Hash: A961F1B4D1621ACFDB84DFE5D5855AEBBB2FF89320F20982ED416B7344DB305A018B91

Uniqueness

Uniqueness Score: -1.00%

Function 02C72F60, Relevance: 1.0, Instructions: 984COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08762c4ff27bad0311689bff92eb1c54aa9beabf5239327ae977ce92ba53b049
Instruction ID: 3530b2d677e4bbdab7350c95f1bf9e832d361cd85d58bf6b95d452c69f0e3d4e
Opcode Fuzzy Hash: 08762c4ff27bad0311689bff92eb1c54aa9beabf5239327ae977ce92ba53b049
Instruction Fuzzy Hash: 06B2CE75E00268CFDB65CF69C984BD9BBB2FF89304F1581E9D409AB225DB319A81DF40

Uniqueness

Uniqueness Score: -1.00%

Function 02C710C8, Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e62d34c6900c1d3efea95d4fc3bec008450c3b6b564a8204906cc80c87fc776
Instruction ID: 5bd40b6e1e6861d24d33ce9403e2ae9ea07df5af4c76de34964c7a38561d8482
Opcode Fuzzy Hash: 5e62d34c6900c1d3efea95d4fc3bec008450c3b6b564a8204906cc80c87fc776
Instruction Fuzzy Hash: 2512C1B0E01229CFDB64CF6AC950BADBBB2BF89304F14C1A9D408A7354DB759A81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02C710B8, Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: babafbe9c571b29d52f02b850ef23c35b01f228ddc95981a430b7cce8a2d4905
Instruction ID: b0e272e6dca2ee16f74c8d7f677633b4eb6be48cae85a5a40886bc98e5437527
Opcode Fuzzy Hash: babafbe9c571b29d52f02b850ef23c35b01f228ddc95981a430b7cce8a2d4905
Instruction Fuzzy Hash: 49D1A175E01229CFDB64CF6AC944B9DBBF2BF89304F1480EAD808A7250E7759A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02C7EB48, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b27721233c5054dfb852552fd90acae43b6eb7c4c96366295c02eecd67ef0b8
Instruction ID: f46102c69d8d59cde71e277a48ade52a4ac7543c2391c7c068f2c0f1782fb4af
Opcode Fuzzy Hash: 5b27721233c5054dfb852552fd90acae43b6eb7c4c96366295c02eecd67ef0b8
Instruction Fuzzy Hash: D7C1467591120ADFCB04CFA5D5848AEFFF2FF48350B24A599D402AB394C730AA81CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 067C4197, Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c890a0660c24905af8d9a3cc38a0ddfb2091518b3ae9bf30703c56a61caec30d
Instruction ID: 827630e79165e3c198705e1ce516be70caa7477d5403903c8b97b68a761bd5b2
Opcode Fuzzy Hash: c890a0660c24905af8d9a3cc38a0ddfb2091518b3ae9bf30703c56a61caec30d
Instruction Fuzzy Hash: 81A19A74922249DFCB50EFA8E19899CBFF2FF44355B10856DE4069B399CB709A84CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067C4060, Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42e006f4afdbf061623f29e76793399f8ecdac60bc4bd9703882045abcc75e25
Instruction ID: e9370956b43985d911dbcf645ddbf18b6f35e875b9940af715ab74f35ac7b7e0
Opcode Fuzzy Hash: 42e006f4afdbf061623f29e76793399f8ecdac60bc4bd9703882045abcc75e25
Instruction Fuzzy Hash: C8A18B74A22249DFCB54EFA8E1989ACBFF2FF44365B10816DE4059B399CB709984CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067C4053, Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 569ed5161acfc29cb8a7a5c09565b58c788c9c488f6657a7f4b69aab928dbff0
Instruction ID: 5e1acf1254f795879937c295834485528e6f99fd148e9b04c8e892cdc501ec2b
Opcode Fuzzy Hash: 569ed5161acfc29cb8a7a5c09565b58c788c9c488f6657a7f4b69aab928dbff0
Instruction Fuzzy Hash: 61A18A74922249DFCB54EFA8E1989ACBFF2FF44355B10816DE4059B399CB709A84CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02C72962, Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cefe79b467e6d01c0f6d7c4153eee4521bd8bec74d8dce358054f2967dec01eb
Instruction ID: ea9e62dfb581e421609485875191398400e6d5938c9e6c66e59341296b2ca68b
Opcode Fuzzy Hash: cefe79b467e6d01c0f6d7c4153eee4521bd8bec74d8dce358054f2967dec01eb
Instruction Fuzzy Hash: A191BDB4E042089FDB05DFA9D9946EDFBF2BF89300F24816AE809A7354DB345A85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02C72970, Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49ad4caa1c101af607e5cd7f03a5bb441c54164434ca32fac6d80cd2c8967fd3
Instruction ID: f4137b47b3127d3bd5a1d7af6ddab836f2ebb413606b0078287eb223690697ee
Opcode Fuzzy Hash: 49ad4caa1c101af607e5cd7f03a5bb441c54164434ca32fac6d80cd2c8967fd3
Instruction Fuzzy Hash: 9081AEB4E042189FDB05DFAAD9946ADFBF6FF88301F24852AE809A7344DB305985CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02C7CA80, Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b7336bc5af7cfbaff0edaf6d3b1be3afb821901fb94ca61c4e2192e4d36cd74
Instruction ID: 4faa825883dafad0e00ca41116aee024547ac9c440ad97ba4febc550dc94fdc8
Opcode Fuzzy Hash: 7b7336bc5af7cfbaff0edaf6d3b1be3afb821901fb94ca61c4e2192e4d36cd74
Instruction Fuzzy Hash: B681D2B4E01219DFDB04CFEAD5856AEBBB2FF89311F20856AD405BB254DB349A06CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067C6F98, Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 924ed38bf26feb138185e4ca85aef9227b27f2fdf6fbfb412a80da705d03ba7a
Instruction ID: 71682221bff2e4e75264205bf8a63a6b44842dff8639928205ed67154e576abe
Opcode Fuzzy Hash: 924ed38bf26feb138185e4ca85aef9227b27f2fdf6fbfb412a80da705d03ba7a
Instruction Fuzzy Hash: F2510774D1522ACFDB68CF69D9847A9FBB6FB88310F1084EAD50DA7650EB305A818F41

Uniqueness

Uniqueness Score: -1.00%

Function 067C6F88, Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37570fc274a7e29e3b85f228f8b84fe236a6d6cb806de9de809213e7a06348df
Instruction ID: 3fc01a71ba0147118b4bb249833c511c9f7a6aced5c25ffbdd4687c422b54293
Opcode Fuzzy Hash: 37570fc274a7e29e3b85f228f8b84fe236a6d6cb806de9de809213e7a06348df
Instruction Fuzzy Hash: 9E51EA74D1122A8FDB68CF65D9857A9BBF2BF88310F1084EA9519A7650EB305A81CF01

Uniqueness

Uniqueness Score: -1.00%

Function 029AB89D, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 029AB911

Strings

8< r, xrefs: 029AB929

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID: 8< r
API String ID: 544645111-304424724
Opcode ID: 8e3cf5f50d8e2a7b852b7502262fa6e0254b82d55cbb5c348c3f58b569dbf364
Instruction ID: 1b9bcd8056f5e0542fbf9a0e16b7476aeab105b44a6bc6386518dad2506b3eb6
Opcode Fuzzy Hash: 8e3cf5f50d8e2a7b852b7502262fa6e0254b82d55cbb5c348c3f58b569dbf364
Instruction Fuzzy Hash: 452193765093805FDB228F25DC54B62FFB4EF06224F0884DEEDC58F562D365A418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 029AB8D6, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 029AB911

Strings

8< r, xrefs: 029AB929

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID: 8< r
API String ID: 544645111-304424724
Opcode ID: 1ea98f0fbad5f0ffd2365227a14cf69b7a00069402a94a8ad13ac1cb6f44f7c7
Instruction ID: 29a359afd4acb8756320be165a29b807d3cf7795fc4216f51626f21f690dc53e
Opcode Fuzzy Hash: 1ea98f0fbad5f0ffd2365227a14cf69b7a00069402a94a8ad13ac1cb6f44f7c7
Instruction Fuzzy Hash: 9201BC326007008FDB208F1AD884B66FBA4FF54324F08C4AEDD8A4B655D375E418CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 029AAB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 029AABD5

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 4b32504956c802174cf5a84690ea686a183aecff64fc4f34b8b35d6ab211757f
Instruction ID: 835d830d238add13b03116525f688ebdd01c87598bae2ceabef90f9f8d757cfc
Opcode Fuzzy Hash: 4b32504956c802174cf5a84690ea686a183aecff64fc4f34b8b35d6ab211757f
Instruction Fuzzy Hash: 663193B25043846FE7228B25CC45F66BFBCEF06720F0884AAED819B152D264E549CB71

Uniqueness

Uniqueness Score: -1.00%

Function 029AAC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,22EE9D47,00000000,00000000,00000000,00000000), ref: 029AACD8

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 12d2064a70cb626c03f571c6681229789c454de89ee90aeaacea5278c56fea89
Instruction ID: 266886e96cfb0ba9945bb4410ed2307874a7832d5b95e1a7dfb891319db127d9
Opcode Fuzzy Hash: 12d2064a70cb626c03f571c6681229789c454de89ee90aeaacea5278c56fea89
Instruction Fuzzy Hash: EF317C711097846FE722CF25CC84FA2BFBCEF06224F08849AE9858B152D364E549CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 029AB074, Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 029AB10E

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 7e027b2440ab1fc7314edb35f893f1e77a91c817433b2a5144c57afe78adde07
Instruction ID: ac45ec4af962177f2e4a421f2c8b2ae661f3e20629af59c403a69b060aa9a28b
Opcode Fuzzy Hash: 7e027b2440ab1fc7314edb35f893f1e77a91c817433b2a5144c57afe78adde07
Instruction Fuzzy Hash: BB31857140D3C16FD3138B258C65B22BFB4EF47614F0A80DBD884CF5A3D228A919C762

Uniqueness

Uniqueness Score: -1.00%

Function 02BC00EC, Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(?,00000E2C,22EE9D47,00000000,00000000,00000000,00000000), ref: 02BC0180

Memory Dump Source

Source File: 00000000.00000002.682257720.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: da0972c425defc50409885ff93545f991cc3e818357fd031af4d123c7f7dd4ba
Instruction ID: 24df6d00e3f93c0b2a3c52992b362040de1aa01e69e6867a20e380bf160d8a5e
Opcode Fuzzy Hash: da0972c425defc50409885ff93545f991cc3e818357fd031af4d123c7f7dd4ba
Instruction Fuzzy Hash: EA21B5B25093806FE7128B25DC45BA6BFB8EF46320F1884EBE984DF193D264D945CB61

Uniqueness

Uniqueness Score: -1.00%

Function 029AAB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 029AABD5

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: e83e889a41d1457e55506adfb9e528f7a66efac773fe565a50659036b1545575
Instruction ID: a69b3f435aa022fb4bb54811088de99fc32e30cec555e61a50f0d55efa12c704
Opcode Fuzzy Hash: e83e889a41d1457e55506adfb9e528f7a66efac773fe565a50659036b1545575
Instruction Fuzzy Hash: 0A219FB2500704AFE731DF55CC84FAAFBECEF08720F04885AED459A241D624E548CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 029ABB48, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 029ABBCA

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 5edfe51c94ad4653d18b6e267b974a192cc831bd7681259c1ee8a23a9d858d46
Instruction ID: 49b843ac6dd115012df16b5a698a8c79ae2254e7048bf069de2f06b35af99975
Opcode Fuzzy Hash: 5edfe51c94ad4653d18b6e267b974a192cc831bd7681259c1ee8a23a9d858d46
Instruction Fuzzy Hash: E72160B65093805FE712CB25DC95B96BFF8EF16224F0984EFD885CF153D2649848C761

Uniqueness

Uniqueness Score: -1.00%

Function 029AAC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,22EE9D47,00000000,00000000,00000000,00000000), ref: 029AACD8

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0e8f996497070b95598f1d430a7d16cb3a16de38c85017c48dd475b52940439d
Instruction ID: e20fad5676766c7f7887f6054df8d034ae25ce89458d3803b8ed708b2aa163d9
Opcode Fuzzy Hash: 0e8f996497070b95598f1d430a7d16cb3a16de38c85017c48dd475b52940439d
Instruction Fuzzy Hash: E2216D75600704AFE721CF15DC84F66FBFCEF04720F08846AE9459B656D764E408CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 029ABD98, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 029ABE04

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 9f11d2b122afbb3f4fa0d48ce82810488e998db5154df5f20b3816e314c661ba
Instruction ID: e1995b74e17b067c35a21440a12a7701e635048a2d1d78646af2167c478db2c1
Opcode Fuzzy Hash: 9f11d2b122afbb3f4fa0d48ce82810488e998db5154df5f20b3816e314c661ba
Instruction Fuzzy Hash: DC2181725093C05FDB128B25DC94792BFA4AF17224F0984DAED858F663D265A908CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 029ABE4D, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,22EE9D47,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 029ABEBE

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: fbb6729dc4b735ee7b3166a5f9c81e5a306c7540e2eac72bd78cc0cd167a7b07
Instruction ID: 6cfa40d3764b8191ca5ee4508b154d30e290479e58de937c9d531ef3f1387647
Opcode Fuzzy Hash: fbb6729dc4b735ee7b3166a5f9c81e5a306c7540e2eac72bd78cc0cd167a7b07
Instruction Fuzzy Hash: 36215E715093849FD712CB65DC95B96BFE8EF16224F0984EBE985CF162D334A808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 029AB3B9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 029AB435

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 1cbe0deff452ca75a317c4c5c7da57c83ecaafdf64d958fc3d355a947aa32b76
Instruction ID: acfda418b77619f4f6a4fc6d1b6b546a66c0fe7b132fa86f90bf1f9341364d34
Opcode Fuzzy Hash: 1cbe0deff452ca75a317c4c5c7da57c83ecaafdf64d958fc3d355a947aa32b76
Instruction Fuzzy Hash: 8F2190715093805FD7228B15DC95B62BFE8EF16314F08809AED88CB253D365E809DB62

Uniqueness

Uniqueness Score: -1.00%

Function 02BC01D9, Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02BC024C

Memory Dump Source

Source File: 00000000.00000002.682257720.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 251cb7c52af9a022c8c26a3ed48cbae5a564f9c92a2052375034411d3afc08b5
Instruction ID: ddc9b2b62e9812e42b6247bacb7a036d350f9178efdb985e27ca572ac5da056d
Opcode Fuzzy Hash: 251cb7c52af9a022c8c26a3ed48cbae5a564f9c92a2052375034411d3afc08b5
Instruction Fuzzy Hash: B521A1755097809FDB228F15DC40A62FFB4EF06220F0884DEED858F662D375E458DB62

Uniqueness

Uniqueness Score: -1.00%

Function 02BC032D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 02BC03A1

Memory Dump Source

Source File: 00000000.00000002.682257720.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 85c847305785fa18f763e01b2ce2e2144cb15b937897739470870bbbf6b288f4
Instruction ID: 3254f1adc16e85c54c69931ee7c6b73ccf0e0651e913ccfd3ed83ff92b44d828
Opcode Fuzzy Hash: 85c847305785fa18f763e01b2ce2e2144cb15b937897739470870bbbf6b288f4
Instruction Fuzzy Hash: 0F21677240A3C09FDB238B25CC44A52BFB4EF17220F0985DAE9848F163D225A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 029AA5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 029AA61A

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5de831a028d6b4668a86aee83c195ea0cc28f154ec61e528db1386e7ecc1c8dd
Instruction ID: 70d91b03037d69c3705672b1d6c7d8762b50a9a62633fd67f215b09ee648a621
Opcode Fuzzy Hash: 5de831a028d6b4668a86aee83c195ea0cc28f154ec61e528db1386e7ecc1c8dd
Instruction Fuzzy Hash: 9B117271409380AFDB228F55DC44B62FFF8EF4A220F08849AED858B662C375A418DB61

Uniqueness

Uniqueness Score: -1.00%

Function 02BC012A, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(?,00000E2C,22EE9D47,00000000,00000000,00000000,00000000), ref: 02BC0180

Memory Dump Source

Source File: 00000000.00000002.682257720.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 9eaceb89f7c20de5bb7d3ced96d9c9cb8080fc16eb2615c87ebc69ebe0852f2d
Instruction ID: c1d6cf56c265936f7e9c1ae5a17afac68fe7a431a4ed2fd1450d60d6cf64021d
Opcode Fuzzy Hash: 9eaceb89f7c20de5bb7d3ced96d9c9cb8080fc16eb2615c87ebc69ebe0852f2d
Instruction Fuzzy Hash: 5B11A371604304AFEB21DF2ADC85B6AFB98EF44320F5488AAED45DB245D674E444CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 029AA65A, Relevance: 1.6, APIs: 1, Instructions: 60threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 029AA6CC

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 56a76763d57d213f838e07c5dc987c29b14b174c188d40e5d437e88a069c7fb8
Instruction ID: 9dd81948a6f6fda80fdc5fb3f69bbb3c224a2ee7ac094cd1bc80f12c808293b9
Opcode Fuzzy Hash: 56a76763d57d213f838e07c5dc987c29b14b174c188d40e5d437e88a069c7fb8
Instruction Fuzzy Hash: 2C1159714093C45FD7128B25DC94762BFB8DF07624F0980DAED848F263D2656908DB72

Uniqueness

Uniqueness Score: -1.00%

Function 029ABAA7, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 029ABB0C

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 91fa938df75e03af382434b08282694e15ce6bb0d981c1bf60e371663ee54dad
Instruction ID: 5a0356ae54c9e25f95b6390f887ce876ebd5797b072248737717866633f54e21
Opcode Fuzzy Hash: 91fa938df75e03af382434b08282694e15ce6bb0d981c1bf60e371663ee54dad
Instruction Fuzzy Hash: 8811E2764097809FDB228F21DC50A52FFB4EF16224F0880DEED858B563C375A458DB62

Uniqueness

Uniqueness Score: -1.00%

Function 029ABA00, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 029ABA5F

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: e5716281ac57df9c95726ffb0c7b8e74e4b22e5ae7a9550aeb1cc1c552e698e0
Instruction ID: b59f34ea28bd8aab10b6ce35b75ba84eb4af2b721c98a69ec09b341948c6b834
Opcode Fuzzy Hash: e5716281ac57df9c95726ffb0c7b8e74e4b22e5ae7a9550aeb1cc1c552e698e0
Instruction Fuzzy Hash: EB11BF725043809FD721CB15CC95B52FFE8EF06224F0880AAED468B262D335E808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 029ABB82, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 029ABBCA

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: fa8a043a1f9f98231a840a2cfbf41d91c15a7e52de20059bd3dce60051cf874e
Instruction ID: b8f430aaedbca09b72a11c297abab507b2e52151fa6036a6102d6f22973b3f6e
Opcode Fuzzy Hash: fa8a043a1f9f98231a840a2cfbf41d91c15a7e52de20059bd3dce60051cf874e
Instruction Fuzzy Hash: 85115E71A053008FEB60DF2AD895B56FBE8EF14224F0884AEDD49CB645D774E404CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 029AADF4, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 029AAE54

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3eaa3c1871a742f21a8b1a629c32920018bbcae3a3bdfcba1a9e6dd18fd8c730
Instruction ID: 6ef143c755c39993ea88253b490a5db6a4b43264ee23ba1fbe3700baa8687c5f
Opcode Fuzzy Hash: 3eaa3c1871a742f21a8b1a629c32920018bbcae3a3bdfcba1a9e6dd18fd8c730
Instruction Fuzzy Hash: B7119131405780AFD7228F55DC44B56FFF4EF05320F08849EED854B662C375A458CB62

Uniqueness

Uniqueness Score: -1.00%

Function 029ABE7E, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,22EE9D47,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 029ABEBE

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: fd58d1e0db04623cecb8ab6b63d6db8c7bc6a840d38b64ba50c2855886505e26
Instruction ID: b18c2831a73f2e2fd4b5363c3779e5bf3a8b07d111635169772cdf718cad55aa
Opcode Fuzzy Hash: fd58d1e0db04623cecb8ab6b63d6db8c7bc6a840d38b64ba50c2855886505e26
Instruction Fuzzy Hash: ED1161756003448FDB20CF6AD894B56FBE8EF14224F18C4AADE49CB655D374E414CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 029AA9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 029AAA4A

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 6d4c13977a8db80d05b46e398a645d9da1882f580ad3ae2206c2d37f7cb72c1b
Instruction ID: 70099376c665bfcde65b61a7ff53c4fed86af4ba70f87f9bf5d79a8daa3ad150
Opcode Fuzzy Hash: 6d4c13977a8db80d05b46e398a645d9da1882f580ad3ae2206c2d37f7cb72c1b
Instruction Fuzzy Hash: 0B117C314097849FD7228F15DD84B52FFF4EF06220F08C49AED898B262D375A818CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 02BC0206, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02BC024C

Memory Dump Source

Source File: 00000000.00000002.682257720.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 5be0e7e79096e4f436250de86bfdb598327d03a835633ac19a46ea874629f7bc
Instruction ID: d5ae9f3a46f2ae2e911aa22d3a922ca1cb94e5df689883e305a0f5b343054028
Opcode Fuzzy Hash: 5be0e7e79096e4f436250de86bfdb598327d03a835633ac19a46ea874629f7bc
Instruction Fuzzy Hash: 9E018E35600300CFDB208F55D884B66FBE4EF04320F1884AEDD898B655D375E418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 029AB3EA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 029AB435

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: a44447c3d29f0067d772df1d1167d2079c7c66b58c29a91eca21723466aa40e2
Instruction ID: 2a1c8e12408697c81a05fddca90fb9e519670059a8d1ec35c4ed075b76eadf3a
Opcode Fuzzy Hash: a44447c3d29f0067d772df1d1167d2079c7c66b58c29a91eca21723466aa40e2
Instruction Fuzzy Hash: 15019E71A003409FDB60CF1AD895B26FBE8EF24724F08C49ADD498B656D374E408DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 029AA5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 029AA61A

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: bcac211d43908a5a3f62fb2db921af9769f3d5bc53e362f388784c7da3eea2f0
Instruction ID: 11dc27b6a3de0fc5758048e313a6d294af26a54adee69dec1a335e724b382414
Opcode Fuzzy Hash: bcac211d43908a5a3f62fb2db921af9769f3d5bc53e362f388784c7da3eea2f0
Instruction Fuzzy Hash: F9015B715007009FDB218F59D944B56FFE4EF08720F08C8AADD894B615D375A414DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 029ABA22, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 029ABA5F

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: c9df70c7df23a4a98725ce50433579cda7bf17272fb0ce969900f3343e12ce29
Instruction ID: fedf917cab44e2422fee6bfd595f45bfaed46ccd17f80dd4e96288bfcc3703fb
Opcode Fuzzy Hash: c9df70c7df23a4a98725ce50433579cda7bf17272fb0ce969900f3343e12ce29
Instruction Fuzzy Hash: BE0184756003408FDB20CF16D895B65FBD8EF14224F48C4AADD4A8F655E375E544CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 029AB0BE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 029AB10E

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 05c916762b21c673519304eea38b8c237eacc6030cf51412022b5738abc45568
Instruction ID: 3c90ffac6822b2386165e801e3dddfa36f7caa6e2d7c274b4367b5db3a74d3d2
Opcode Fuzzy Hash: 05c916762b21c673519304eea38b8c237eacc6030cf51412022b5738abc45568
Instruction Fuzzy Hash: 6C01A271500600ABD224DF1ADC82B26FBE8FB89B20F14815AED084B741D231F516CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 029ABDD2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 029ABE04

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 9ac87eb0005ea49d62cd6670f7a41b0efb506c3081c4cbb05ad9c554c14d85f0
Instruction ID: 54859e3c34785fff7fe5ba6bbbbede9d3d268870d70613883160181ddf4e37c5
Opcode Fuzzy Hash: 9ac87eb0005ea49d62cd6670f7a41b0efb506c3081c4cbb05ad9c554c14d85f0
Instruction Fuzzy Hash: 0401DF716043008FDB60CF2AE894766FBA4EF10230F18C4AADD498F646D374E408CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 029ABACE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 029ABB0C

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 1baa7c394f5b7b2f113a09a45d6947756f279be07eb71d348efbee51507b4a6a
Instruction ID: 242c3f586ff0fc4782e206a253b397039c24c570c430a75dd27577983ec6b7e7
Opcode Fuzzy Hash: 1baa7c394f5b7b2f113a09a45d6947756f279be07eb71d348efbee51507b4a6a
Instruction Fuzzy Hash: 52019E316007009FDB218F56D894B66FBA4EF14324F08C4AEDD4A4AA65D375E418DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 029AAE16, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 029AAE54

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b9fc548b1264a3abb72b03650d9106bbaaa0f3b007770bd6b6b84f474b9b9a5f
Instruction ID: 1768466abbe484150662c8f9eeaa87380b13916bf17e2afde51d77d156d3b559
Opcode Fuzzy Hash: b9fc548b1264a3abb72b03650d9106bbaaa0f3b007770bd6b6b84f474b9b9a5f
Instruction Fuzzy Hash: 01017831500740DFDB218F56D884B66FBB4EF08320F18C89ADE890A626D376A458DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 02BC0366, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 02BC03A1

Memory Dump Source

Source File: 00000000.00000002.682257720.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 2fbb87e7596dcf7cf0251ad10c19d124772b12d6af7c80e7a5b1b03f25a6f014
Instruction ID: 969eb86005d92519704324202742d50019a174cfc22f011896dd1de5dd4f969e
Opcode Fuzzy Hash: 2fbb87e7596dcf7cf0251ad10c19d124772b12d6af7c80e7a5b1b03f25a6f014
Instruction Fuzzy Hash: 4A018B35904300DFDB219F56D884B2AFBA0EF48320F18C89EED894B616D375A418CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 029AAA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 029AAA4A

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 45716c7554e4d570d8c1e6d858e0d6baefadf595ceb636dcccce79f4bf7e7c06
Instruction ID: 4794923aec47a61998d7b8835f766449e3c6a0d21cb254837d0ca11a92b15fed
Opcode Fuzzy Hash: 45716c7554e4d570d8c1e6d858e0d6baefadf595ceb636dcccce79f4bf7e7c06
Instruction Fuzzy Hash: B001A9319003008FDB208F46D984B26FBE5EF04720F08C4AADD8A4B656D379A418CFB2

Uniqueness

Uniqueness Score: -1.00%

Function 029AA69A, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 029AA6CC

Memory Dump Source

Source File: 00000000.00000002.682103054.00000000029AA000.00000040.00000001.sdmp, Offset: 029AA000, based on PE: false

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 22db1b2220b66a95122d93b2600c64d644f4c17c554cc72a94446e7189a91532
Instruction ID: fc1a37ff41142b85a5618952d087e8ec70a338c629201701e1c2dfe054225407
Opcode Fuzzy Hash: 22db1b2220b66a95122d93b2600c64d644f4c17c554cc72a94446e7189a91532
Instruction Fuzzy Hash: 3DF0A9349007408FEB208F0AD884766FBA4EF04330F08C4AADD494F75AE379A448CEB2

Uniqueness

Uniqueness Score: -1.00%

Function 02C705A8, Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

:@fq, xrefs: 02C706D4

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: b4b7a9cf39954d50fd06f6940b5f13709cc851ee2a796ee2c815ff3e56091164
Instruction ID: 18c7738dadf185102158154a5cde98448ee87ce61d12ec7035fe977a50ad7686
Opcode Fuzzy Hash: b4b7a9cf39954d50fd06f6940b5f13709cc851ee2a796ee2c815ff3e56091164
Instruction Fuzzy Hash: 2691E374E01218CFDB14DFA9C894BADBBF2BF89314F109169D809AB394DB719985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02C70599, Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

:@fq, xrefs: 02C706D4

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: e466d316f78683bcbdb16181d9fba7e7b9d176b163597743d0ef944d5805858d
Instruction ID: 25fbe68f9b0b4f23aebddd543d12c318b9be245a6a91d701ae584a1b3a526639
Opcode Fuzzy Hash: e466d316f78683bcbdb16181d9fba7e7b9d176b163597743d0ef944d5805858d
Instruction Fuzzy Hash: 9D71D374D01218CFDB24CFA9C894BEDBBB2BF89314F2091A9D409AB394DB719985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02C71D80, Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

:@fq, xrefs: 02C71E2D

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: 057aad0b6ed1452617909d545b023b0caa683f380673a50cd8258a52a86d117d
Instruction ID: cd86f90c55dd30d8546e454fb187da41a5678bca5338b31dcb9e97bd828e810b
Opcode Fuzzy Hash: 057aad0b6ed1452617909d545b023b0caa683f380673a50cd8258a52a86d117d
Instruction Fuzzy Hash: FB411574E00248AFDB05DFA9C951AEEBBB6FF89300F248469D809773A4DB755A01CF64

Uniqueness

Uniqueness Score: -1.00%

Function 02C71DD0, Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

:@fq, xrefs: 02C71E2D

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: 574c1ecef642eead7b8dd25741cb4c2dfc0ed974391079933ad7d09177d3e143
Instruction ID: 503d80b404f3d0fa668afd396bf89a9999724c7ccefb2cfcbaa7109836257e75
Opcode Fuzzy Hash: 574c1ecef642eead7b8dd25741cb4c2dfc0ed974391079933ad7d09177d3e143
Instruction Fuzzy Hash: 1231F378E002489FDB05DFA9C955BEEBBB6EF89300F208069C805773A8DA755A41CF65

Uniqueness

Uniqueness Score: -1.00%

Function 02C71DE0, Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

:@fq, xrefs: 02C71E2D

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: ffd3e537b9125bc6b5a01dd8113c09cc1f789457a02021d93c0f6e3050ae7f3a
Instruction ID: 78e605c2f7edfc6032162db310e38ecd96b5de4b580205f2a973c8635e72949c
Opcode Fuzzy Hash: ffd3e537b9125bc6b5a01dd8113c09cc1f789457a02021d93c0f6e3050ae7f3a
Instruction Fuzzy Hash: EC31C374E002089FDB04DFA9C950BAEBBB6EF89304F208029D815773A4DA755941CF65

Uniqueness

Uniqueness Score: -1.00%

Function 067C3566, Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

ntin, xrefs: 067C3599

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID: ntin
API String ID: 0-3077571345
Opcode ID: f95edbcc1d312c5e840683a5fe20ddf7ca1e4763269af8a43b8753a085fa30b0
Instruction ID: d1eb1567543ea5989d013af96b8cab9cc2558bf582652d93125407c875df21c5
Opcode Fuzzy Hash: f95edbcc1d312c5e840683a5fe20ddf7ca1e4763269af8a43b8753a085fa30b0
Instruction Fuzzy Hash: ABF032B4D09229CFCB54CFA4C885A9EBFF5BF09704F15A0A9D05AAB352D730A944CF24

Uniqueness

Uniqueness Score: -1.00%

Function 067C2588, Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

<, xrefs: 067C25AE

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 3e56c45ff753f666aafb25070f6f859a4f44d89b15276dd64ac48742afab56e6
Instruction ID: 9f13e6e27105ea4afabb834ea8ed9d01fd694411bdaff8fdacbf89a3c0aaae36
Opcode Fuzzy Hash: 3e56c45ff753f666aafb25070f6f859a4f44d89b15276dd64ac48742afab56e6
Instruction Fuzzy Hash: 87F0B274D01268CFDBB4CFA5D9887A9BBB1BF48310F5081DAC10AB62A4DA340AC5CF60

Uniqueness

Uniqueness Score: -1.00%

Function 02C70A5F, Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 389439efb597315029231c1c8164f147c72d2132c493a3dfa7d431eb9c379f9a
Instruction ID: 3db6ca820e184dbb9b14dcb0edcd63a8522c58e142fae36ff29073e211ddad0f
Opcode Fuzzy Hash: 389439efb597315029231c1c8164f147c72d2132c493a3dfa7d431eb9c379f9a
Instruction Fuzzy Hash: 68A1E335E412089FDB18DBB4C994AEEBBB2FF89310F145469E406BB2A4CB346942CF10

Uniqueness

Uniqueness Score: -1.00%

Function 02C70A70, Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2c4f9f348f6789b6758bd0b914959e441824d744d99c2b9148c82e45a589aaa
Instruction ID: 4b85e14f2a7db0ee8f7f38d9eef35a64ea59161df6e4595514697cef8f726dbb
Opcode Fuzzy Hash: f2c4f9f348f6789b6758bd0b914959e441824d744d99c2b9148c82e45a589aaa
Instruction Fuzzy Hash: 0AA1B335E412089FDB18DBB4C994AEDBBB2FF89315F245528E406BB2A4DB346942CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02C70270, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f9ed01a96617d5f131d9d19b51b1acbd19013812fba51fd9abc3671575fe311
Instruction ID: fa85a910aca01ddb4d5cb3e49197a7cd39e9e468da621fc2d64be6f80d1cbe46
Opcode Fuzzy Hash: 0f9ed01a96617d5f131d9d19b51b1acbd19013812fba51fd9abc3671575fe311
Instruction Fuzzy Hash: 1C519BB8A04608DFDB11CFA8C585BADBBF1EF4D310F105499E906AB364D734AA91DF60

Uniqueness

Uniqueness Score: -1.00%

Function 02C70280, Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 346b05b5fa37739264318ce95f189dcfde84c980be4f74872dda39417b29d0d7
Instruction ID: 0d0794a75ea1b65837c3c716fc80391a063737c2f175242de34dd002a9a20cbc
Opcode Fuzzy Hash: 346b05b5fa37739264318ce95f189dcfde84c980be4f74872dda39417b29d0d7
Instruction Fuzzy Hash: 21419C78E04608DFDB10DFA8C985BADBBF1AF4D310F105499E506AB3A4D734AA90DF60

Uniqueness

Uniqueness Score: -1.00%

Function 067C4AC5, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 918c18bd5e30235d036433a402908158a287f960bf54b5ec458c0278c2f803cc
Instruction ID: 1addc0e08e4a14d14ad51f77a0998defa815d556517e70f3460c6b3de17b267c
Opcode Fuzzy Hash: 918c18bd5e30235d036433a402908158a287f960bf54b5ec458c0278c2f803cc
Instruction Fuzzy Hash: F641AB74D05249DFCB44CFA5D8682AEBBF2FB85310F2094AED611E7228D7309A01CF54

Uniqueness

Uniqueness Score: -1.00%

Function 067C4A6B, Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a170736a8e572299543c4bc1aa98a73922bbfda2a854d555b82867ea872d68
Instruction ID: 9c945f58a3b57e940ad891f25e5247b8984949705e988a9b5e58cc1a496e1725
Opcode Fuzzy Hash: a8a170736a8e572299543c4bc1aa98a73922bbfda2a854d555b82867ea872d68
Instruction Fuzzy Hash: 3A418BB4D05249DFCB44CFA5D8686AEBBF2FB89310F2095AED511E7258D7308A01CF54

Uniqueness

Uniqueness Score: -1.00%

Function 02C740D8, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7d57e931418e90304cad3aeb69ecaeea8e49fc74a27cdf29ed5d70f37b1a14e
Instruction ID: 557ad8e7209c62dcf07ffafc29453dabe94e17611bc389816e5bd525050c7e2d
Opcode Fuzzy Hash: b7d57e931418e90304cad3aeb69ecaeea8e49fc74a27cdf29ed5d70f37b1a14e
Instruction Fuzzy Hash: 60410574E05208DFCB19EFA9D9946EEBBB6FB8A301F108169E806B7350CB304942CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02C7B728, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90c5edb3cb60377530f5c5739cdff30a47f1ce2b5aea8bc21a5f06a2921a1222
Instruction ID: 4c5b89c18efbc174c637e6115ac1beec2430ef536d0aa7918cc921caec13c6a8
Opcode Fuzzy Hash: 90c5edb3cb60377530f5c5739cdff30a47f1ce2b5aea8bc21a5f06a2921a1222
Instruction Fuzzy Hash: F7310430F093598FCB05DBB988556AEBFB6BFC6714F2444AAD404DB285DE309D05CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 067C715D, Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed83e90b8273bbefd155abd17c9af99c7a2e3e1b99cd344aaec14cc0c1d1ce41
Instruction ID: b820b6bef48d12759e251e7d0c04a880dd1d36022f84122769945bc2c1eee8b7
Opcode Fuzzy Hash: ed83e90b8273bbefd155abd17c9af99c7a2e3e1b99cd344aaec14cc0c1d1ce41
Instruction Fuzzy Hash: 0E410474D1122ADFEBA8CF64CA857A9FBB1BB48310F0094EAD519A7650EB305E819F01

Uniqueness

Uniqueness Score: -1.00%

Function 067C713D, Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12e647eb9cb5b047b5806741c5245643ba97a590ad916eb853a53a66d9bd0145
Instruction ID: 892a89414b3ffbd346f1081c7882bd35164d5c5bf1986cf5950a489d633424ab
Opcode Fuzzy Hash: 12e647eb9cb5b047b5806741c5245643ba97a590ad916eb853a53a66d9bd0145
Instruction Fuzzy Hash: A6411774D1522ACFDBA8CF64DA847A9FBB1FF88310F1094EAD519A7650EB305A818F01

Uniqueness

Uniqueness Score: -1.00%

Function 02C7A93B, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f9d75444279f673e19190330c5ff5fd8bbde96be6059f29a9432861ecaa7519
Instruction ID: b00229f0760fc907a0da9897f1692088b5141ec90cd726b85e731b2902a489f7
Opcode Fuzzy Hash: 5f9d75444279f673e19190330c5ff5fd8bbde96be6059f29a9432861ecaa7519
Instruction Fuzzy Hash: 95312870E042189BDB18CF6AD9547AEFBB7EF89300F10C1A9D819A7350DB714A46CF91

Uniqueness

Uniqueness Score: -1.00%

Function 067C7287, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa371b15d967232b433ea4ee0083c03db6cb9a0a270143746e4bef93afec5e90
Instruction ID: 0a04be0acbdb18f4b4716b9e8a4b2939b6646d4ff12dc64abb75babcc3548fa6
Opcode Fuzzy Hash: aa371b15d967232b433ea4ee0083c03db6cb9a0a270143746e4bef93afec5e90
Instruction Fuzzy Hash: 4131F674D1122ACFDB68CF68DA847A9FBB2FF48310F1095EAD519A7650EB305E818F01

Uniqueness

Uniqueness Score: -1.00%

Function 02C7001D, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49dcff71e5470149357332d6f682ba3be5201dba43e52f10fb3be9bd7f549647
Instruction ID: 5e8d4b537de9155d40105d9daefd5fcddbf317508ec525a48bca0ee591ee1513
Opcode Fuzzy Hash: 49dcff71e5470149357332d6f682ba3be5201dba43e52f10fb3be9bd7f549647
Instruction Fuzzy Hash: 3011707180A3C58FD7534B7888657EABFF4AF57314F1908DBC481EB2A3D6680949CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02C7D498, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fa309def0b7363aac2ed5637acefdcdb96eafa18f8ec37970312986596ce0e7
Instruction ID: 49db1faf400589f243f5cb257abcdd138ab147e505ed7525f30342678afcd702
Opcode Fuzzy Hash: 0fa309def0b7363aac2ed5637acefdcdb96eafa18f8ec37970312986596ce0e7
Instruction Fuzzy Hash: B521E4B4D01209DFCB44CFAAD081AAEBBF1FF48300F10946AD816A7714D738AA41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067C4B10, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae4de5924183b7881b9c7e30da24ffbb45c390b8e5ed15f04f1730a380d0c6cb
Instruction ID: b3b25241647288f982af7e863845870dc7ccb46a7febee9255a378f6339b0289
Opcode Fuzzy Hash: ae4de5924183b7881b9c7e30da24ffbb45c390b8e5ed15f04f1730a380d0c6cb
Instruction Fuzzy Hash: 162125B4D15219DFCB44CFA5D5955AEBBF2FB88310F2095AAD805A7348DB309A018B90

Uniqueness

Uniqueness Score: -1.00%

Function 02C73FA8, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9ff4b2037706b06505c26951b087ce9261610fbd2d4fd8e819e4176ad6ad3be
Instruction ID: 26a302735e0049345f500f655026c5b5b39f54a07079b1092b00876f0f13ddf6
Opcode Fuzzy Hash: a9ff4b2037706b06505c26951b087ce9261610fbd2d4fd8e819e4176ad6ad3be
Instruction Fuzzy Hash: F6119070D09388AFCB12DBB4C5565ECBF71BF86744F1482DAC885A7252CB314A45DB51

Uniqueness

Uniqueness Score: -1.00%

Function 02AB0724, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682241546.0000000002AB0000.00000040.00000040.sdmp, Offset: 02AB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84928e9a8d415bde71dea86de368832884d343c7698d6b77a8a7c7d6d76f51b7
Instruction ID: dd139e4e83cd51d4930df5e133936c4c3bf99e4efc9fbbf120fc6df20151e969
Opcode Fuzzy Hash: 84928e9a8d415bde71dea86de368832884d343c7698d6b77a8a7c7d6d76f51b7
Instruction Fuzzy Hash: 1021493510D3C19FD707CB24C890B55BFB2AF47218F1986EED8858B6A3C73A8846CB52

Uniqueness

Uniqueness Score: -1.00%

Function 02AB075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682241546.0000000002AB0000.00000040.00000040.sdmp, Offset: 02AB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32cf863d6aa0af56e202c18ce365fd2bfb4012af8c2fe00ad1ffa5cbbccdf840
Instruction ID: d1f3605ab4dfe1dc607707946d0b6aff80bb53d94c3f31554a06e5e1da2ea4ae
Opcode Fuzzy Hash: 32cf863d6aa0af56e202c18ce365fd2bfb4012af8c2fe00ad1ffa5cbbccdf840
Instruction Fuzzy Hash: C311A234204644DFD716CB54C984B66FBA9AF48708F24C5ACE9490BA53CB7BD843CE91

Uniqueness

Uniqueness Score: -1.00%

Function 02C700F8, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1d175c61c2f9fce651d21318c181a724510eb7ffed4745f5e30c379b3bbfeaa
Instruction ID: 45981083241a7f5fdbfee6a3d567fdd870bee2d62bbf868d89bf3d1f455e5d25
Opcode Fuzzy Hash: d1d175c61c2f9fce651d21318c181a724510eb7ffed4745f5e30c379b3bbfeaa
Instruction Fuzzy Hash: E4214D30D0424ACFDB05EBA8D6A9AED7BB6FF81308F104569D80597258DF706E44CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02C728B2, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26e9543f5d2afd7d8d7f826061f699988e31323949c08792e65cc261861fb3be
Instruction ID: df1840febd995096f56fe512e1b686f9626e153852b64b7de6d9d495648036ae
Opcode Fuzzy Hash: 26e9543f5d2afd7d8d7f826061f699988e31323949c08792e65cc261861fb3be
Instruction Fuzzy Hash: A211E4B4D002099FCF04DFA9C955AAEBBB2FF89300F1080A9D805B7355D7359A45DB61

Uniqueness

Uniqueness Score: -1.00%

Function 02C70108, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a17b3288160f76cc07df773ad847e52ab8c82c8f65f89ccf7e3e1f7de0d17b19
Instruction ID: af5824af5572b984d51968b48f878588b85abfb32471b46d03277c11d989e2ec
Opcode Fuzzy Hash: a17b3288160f76cc07df773ad847e52ab8c82c8f65f89ccf7e3e1f7de0d17b19
Instruction Fuzzy Hash: A0111C30D0020ECFDB05EBA8D6599AD7BBAFF81308B104569D80597258DF707E54CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02C728C0, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f81ede3a9ad95342a4c46a88aa14d4294af0cb97dbf694ef1ebe26f42590120
Instruction ID: 99e15d8c1989a40033e8aa39d859f1e2ad141cf37ef2bc02f9d740720964f620
Opcode Fuzzy Hash: 8f81ede3a9ad95342a4c46a88aa14d4294af0cb97dbf694ef1ebe26f42590120
Instruction Fuzzy Hash: 1E11D6B4E002099FCF04DFA9D945AAEFBF2BF88304F208069D809B7354DB359A45DB65

Uniqueness

Uniqueness Score: -1.00%

Function 02C70F07, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b7d72c4e9d725bb9a52b7661c8e6fb112a67563d9d75706b0745c32b4cfcac3
Instruction ID: d9524b02d2cb59abc9e8c2abc5bf74f7b752e74368ecd284ad0f27077f8ce890
Opcode Fuzzy Hash: 9b7d72c4e9d725bb9a52b7661c8e6fb112a67563d9d75706b0745c32b4cfcac3
Instruction Fuzzy Hash: 6A11D0B4D092098FCB05CFAAD5556EEBFB1FF89301F10846AD815A3341DB345A52CF61

Uniqueness

Uniqueness Score: -1.00%

Function 02AB05CF, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682241546.0000000002AB0000.00000040.00000040.sdmp, Offset: 02AB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71c86a93d4804d543fb473700c300664409b9e6b86e2f868e98f51046b5efba1
Instruction ID: 25612f6b7b7cdf9c584c60b607d536aa35fa4998dced8b27794e465a6e7a7c49
Opcode Fuzzy Hash: 71c86a93d4804d543fb473700c300664409b9e6b86e2f868e98f51046b5efba1
Instruction Fuzzy Hash: 7E0186B65097806FD7128B16EC40862FFF8EF86630749C09FEC89CB612D225A904CB62

Uniqueness

Uniqueness Score: -1.00%

Function 02C709D8, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f73b47f7301d78eb74162fa0501ad5a26f990edf7b586743116e6b6d5d5efaf4
Instruction ID: 91a2fc06dad2308e1038bf2b90b3e6cb67ea196ae630bf4a7ff6935cd435ae6f
Opcode Fuzzy Hash: f73b47f7301d78eb74162fa0501ad5a26f990edf7b586743116e6b6d5d5efaf4
Instruction Fuzzy Hash: 05015A30D41148EFCB15DBA8D655AEDBBB1AF82304F6401E9D84477341CA316F05DB51

Uniqueness

Uniqueness Score: -1.00%

Function 02C703E8, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11e927db40c00302296aa124b60b1008b4035954c8ad498abd4a247dc984459c
Instruction ID: f5dd30b46bb4f879bd24fca197417e63c7fcc1fa956a05f815a5078151e20960
Opcode Fuzzy Hash: 11e927db40c00302296aa124b60b1008b4035954c8ad498abd4a247dc984459c
Instruction Fuzzy Hash: F9F0F0309422089FC704DBB08690BEF773ADF96308F509898C40133281CE348F02DA66

Uniqueness

Uniqueness Score: -1.00%

Function 02C709E8, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b9dd370f83fa4d188759fcb439046f8a917c7a420d88d5a49fb304bd02b338
Instruction ID: 662be2c42aee19bff71fc50e4b9bcd43e08bc527af281fd4cb3e4bca4e693e66
Opcode Fuzzy Hash: 34b9dd370f83fa4d188759fcb439046f8a917c7a420d88d5a49fb304bd02b338
Instruction Fuzzy Hash: 37016930E40148EFCB04EBA8C659AEDBBB1AF81304F6001E8D8046B340CB30AF00DB90

Uniqueness

Uniqueness Score: -1.00%

Function 02C70070, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fd17d0287502c7bfc628a922f8da24045b238ea80d63fb5e9255759064fd9f1
Instruction ID: ee465b90c07fb78d0283dee6837e7f8f32f4f7e3584ac0f7ae9ca358bebc4785
Opcode Fuzzy Hash: 7fd17d0287502c7bfc628a922f8da24045b238ea80d63fb5e9255759064fd9f1
Instruction Fuzzy Hash: 6DF08C70D512099FDB549FB9C9597FFBEF8EB49714F10182AC401B3280DA7459048BE5

Uniqueness

Uniqueness Score: -1.00%

Function 02C7F190, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 142b4697a228773ded9bfe3a0a80038046e32355cb546a5d630ca8a539a1564c
Instruction ID: 07719587e195e689e8e5c90a10aab80c7dbc8599f86964b095255f5cfa6f0501
Opcode Fuzzy Hash: 142b4697a228773ded9bfe3a0a80038046e32355cb546a5d630ca8a539a1564c
Instruction Fuzzy Hash: 92F07979A01208AFDB04DFA9D589A5DFFF6EF88710F15C098E90897361DB30E951CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02C70450, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92c083d328735c337d124e4ee9c542f229dbfdcc39f441a91eaeaa1d9fdd492c
Instruction ID: f61ebbe04512da2e6700adb18ef6cff06a78ba9b62d3f836623d6be6dfa4dfa1
Opcode Fuzzy Hash: 92c083d328735c337d124e4ee9c542f229dbfdcc39f441a91eaeaa1d9fdd492c
Instruction Fuzzy Hash: F3F06774C46249EFCB01DFB8C5895EEBF70EF06305F1049A9C840A7201C7308A52CF00

Uniqueness

Uniqueness Score: -1.00%

Function 02C70220, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34e6a08d83ba552b9d7d64b647d662bb12c9ec759051f1b5aff682007abd270d
Instruction ID: 4253a3904629892f2e28f52584aaef5b96e47a0a9943329f7ab027b7ce167b40
Opcode Fuzzy Hash: 34e6a08d83ba552b9d7d64b647d662bb12c9ec759051f1b5aff682007abd270d
Instruction Fuzzy Hash: 68F0ECB1C0A348CFCB12DBB89441AE87FB4EF82305F0082AAC885D3202C6320E42CB20

Uniqueness

Uniqueness Score: -1.00%

Function 02C703F8, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f50db8d35589ca12b36883e8cad9735b8ad50310e3af80abe2b1c1b3af12ecd3
Instruction ID: 7a889d28f6caed9cc9626220e5dd93ce359efacfdb424ff953494a91550df0ab
Opcode Fuzzy Hash: f50db8d35589ca12b36883e8cad9735b8ad50310e3af80abe2b1c1b3af12ecd3
Instruction Fuzzy Hash: C7F0AC34A421089FD708EBF5C654BAFB37ADB86704F6098A89405232948E759F019AA9

Uniqueness

Uniqueness Score: -1.00%

Function 02C70531, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aebc8b981817e4e719de85d81d42f98cfba51ae3dc3abb1f3aa110d188b80e04
Instruction ID: 674e03331a577df8d24b7f0d4370d9220b19a3758fabb332032ae81bdf37e327
Opcode Fuzzy Hash: aebc8b981817e4e719de85d81d42f98cfba51ae3dc3abb1f3aa110d188b80e04
Instruction Fuzzy Hash: 7E011478D09249DFCB05DFA8C6849ADBFB5FF49200F1549D9D800AB352E230AE40CB91

Uniqueness

Uniqueness Score: -1.00%

Function 067C6978, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45226c61b487da30d8b00f65df80a5f30eefa9ee6ea3271077fbb30c44a97a61
Instruction ID: 319c0dc37f704902c3d169a97302948a327bdffb22dd911d392a0217a70843e4
Opcode Fuzzy Hash: 45226c61b487da30d8b00f65df80a5f30eefa9ee6ea3271077fbb30c44a97a61
Instruction Fuzzy Hash: 3CF06271D262449FCB41EFB4E4496697FB1EF02701F1441DEA84493286EA305915CB45

Uniqueness

Uniqueness Score: -1.00%

Function 02AB0818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682241546.0000000002AB0000.00000040.00000040.sdmp, Offset: 02AB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
Instruction ID: 4bdd1977a9902ebcba9727254757c38e83d13e2b05b83ce761070730e8589584
Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
Instruction Fuzzy Hash: E7F01D35104644DFC706CF40D980B66FBA6EB89718F24C6ADE9490BB52C737D813DE81

Uniqueness

Uniqueness Score: -1.00%

Function 02C70F98, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55e6aa82da9e295439fa992aab8360feb2562fabf031ef84c95300dd0ed342a3
Instruction ID: 1686869e4891f660d8106ccb674235d526dfc8c644aa2c9f8438a21ccc1f5df1
Opcode Fuzzy Hash: 55e6aa82da9e295439fa992aab8360feb2562fabf031ef84c95300dd0ed342a3
Instruction Fuzzy Hash: FCF01778D0A208EFCB15DFA5D1959ADBFB4EF4A301B20859ADC0593361DA315A55CF01

Uniqueness

Uniqueness Score: -1.00%

Function 067C7649, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 159bce160454fe6b1d553a8641c2d2e5ff4c0b7c75e167fb1c61af74b561d90e
Instruction ID: d4e37523a1ebf7f15bd38f281ba6cf38b92866b714f5325ec77629085b3bc144
Opcode Fuzzy Hash: 159bce160454fe6b1d553a8641c2d2e5ff4c0b7c75e167fb1c61af74b561d90e
Instruction Fuzzy Hash: 1A01D270C056288FDBA8CF65CA54BEDBBB1AF45305F1044EDD209B7290DB305A92CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067C72DB, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bcc93c0f60d935a7f2041bdcf081c1baf4eb0d275c6971b7466672555879988
Instruction ID: 84df9c46e98abd133f5b4d6bb3dc7a77d09d63907121ced5c45969c9a7f3c37f
Opcode Fuzzy Hash: 0bcc93c0f60d935a7f2041bdcf081c1baf4eb0d275c6971b7466672555879988
Instruction Fuzzy Hash: D401C4B1C152698FDB69CF64CA84BDDBBF1BF09310F1081D99549A7284DB705A90CF44

Uniqueness

Uniqueness Score: -1.00%

Function 02AB05F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682241546.0000000002AB0000.00000040.00000040.sdmp, Offset: 02AB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 152cd1c4bb04733d62a71f3397bd642c6e7ad46ffbb5b6f1076097cd4d38496b
Instruction ID: df0a9107ec0d33525e5fed5611b6f11f280aa8892c7dcb26b03883c8b99ec4e0
Opcode Fuzzy Hash: 152cd1c4bb04733d62a71f3397bd642c6e7ad46ffbb5b6f1076097cd4d38496b
Instruction Fuzzy Hash: 18E09276A007005BD650CF0AEC81466FBD8EB84630B18C07FDC0D8B700E635F504CEA6

Uniqueness

Uniqueness Score: -1.00%

Function 067C7A11, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d35d8726f07f5a2bf389715f5cf69c8d3aad482f0cb767b3037ff285156f90a2
Instruction ID: 8f849f007833b3493e26a79bbd1bba82d1e8fc56f39740a1491c425b40fa1133
Opcode Fuzzy Hash: d35d8726f07f5a2bf389715f5cf69c8d3aad482f0cb767b3037ff285156f90a2
Instruction Fuzzy Hash: 87F0C4B1C01668DFDBA4DF64CD88BDEB7B5AB85312F2084D98118BB291D6745BC4CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02C70FA8, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f482d5f38a14ee6790c742800df7bede58e7a5964dcbe5d83d673ec0665fe086
Instruction ID: fd5d02f2585a659ae0e16372fc43e4f274cb9581294cd961891ea201b9748c35
Opcode Fuzzy Hash: f482d5f38a14ee6790c742800df7bede58e7a5964dcbe5d83d673ec0665fe086
Instruction Fuzzy Hash: A4F0A578D09208EFCB04EFA9D2949ADBBB9EB48301F1095AADC0593354D7316E54DF51

Uniqueness

Uniqueness Score: -1.00%

Function 02C7A8B1, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f00b1cf35c699f0cc1c9bbe3e52f10a11b775e178794bfef1a5a104f039cf172
Instruction ID: bc458b27d84e880d2102d69d8bef1749914d5cd94ab6250844d1cf13d2a638a1
Opcode Fuzzy Hash: f00b1cf35c699f0cc1c9bbe3e52f10a11b775e178794bfef1a5a104f039cf172
Instruction Fuzzy Hash: C3F01570905208EFCB00DFA8C186AECFFB1EF89314F2081A9D80867302D7325A27DB80

Uniqueness

Uniqueness Score: -1.00%

Function 02C70460, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 793208cc91c387ca9be22f5cb65eb219c98787ec83701f1da377ca06d16b68ec
Instruction ID: 890a74ebca7a620b24bc06fef64216b11ab6cdaf73ddc0ee162f298c79450972
Opcode Fuzzy Hash: 793208cc91c387ca9be22f5cb65eb219c98787ec83701f1da377ca06d16b68ec
Instruction Fuzzy Hash: 98F0C278D85208EFCB05EFB8D5485AEBBB4FB45305F5089A9C814A3340DB70AA60CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02C74060, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 053b3f49e64189edb77ec05dd16d001fba4e1f03fb61bb1805a589c3b12b674c
Instruction ID: ff39266f0a631657f8732a27d6453027a73f842942d35d8d98bdafa6f7795edc
Opcode Fuzzy Hash: 053b3f49e64189edb77ec05dd16d001fba4e1f03fb61bb1805a589c3b12b674c
Instruction Fuzzy Hash: C7E092345092409BC72ACAB4C5406A57B34EF9661CF1486CDC8985B293CB325907CB81

Uniqueness

Uniqueness Score: -1.00%

Function 067C43C4, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97db83c0c2b541be5ae6b8f0f91deb532448474371e0f5cb4eb13843b70a312c
Instruction ID: a3cb0e751062c394cfe1f934a8e8b2cdd74f161946fe64dbb55fd45bad9cb5fb
Opcode Fuzzy Hash: 97db83c0c2b541be5ae6b8f0f91deb532448474371e0f5cb4eb13843b70a312c
Instruction Fuzzy Hash: 8EF0A075C1620DDFCB40DFA0C49549CBFB2FF00340B14955EE412A7269CB309A82CB24

Uniqueness

Uniqueness Score: -1.00%

Function 02C7BC88, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1171ef7061cd0fee325ab6660f8113940dee5e8bfe09b41b8f9b1f97b0bf7c50
Instruction ID: 25a99c5cec37874578b7c782e18216c765db611705ba390040806b30f9b68613
Opcode Fuzzy Hash: 1171ef7061cd0fee325ab6660f8113940dee5e8bfe09b41b8f9b1f97b0bf7c50
Instruction Fuzzy Hash: 3EF0C935904208EFCB05DF99D9409ADBBB5FB88314F10C599EC1857351DB329A62DB40

Uniqueness

Uniqueness Score: -1.00%

Function 02C71D90, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ca96b2cf07505e28e589ec3f18ce5bcd79dff3aff98bb9bbbc305d334c1cedd
Instruction ID: b41572ed4758a5a8e576269cdaaa3566a9fefa1abfb1a07dc8a8d255a15531a9
Opcode Fuzzy Hash: 8ca96b2cf07505e28e589ec3f18ce5bcd79dff3aff98bb9bbbc305d334c1cedd
Instruction Fuzzy Hash: 30E01AB4D08209ABCB04DFAAD5005ADFBF4FB44300F0085A9C81863340D7701A10CF91

Uniqueness

Uniqueness Score: -1.00%

Function 067C3F78, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c78ecb04fbf6f433f2a26d21a349cd5e2cd1c954e0409a048817e5101968d830
Instruction ID: 8c7994e7a8f027524c89f0766d6c5ace27340e7f9391dc1ddb042ab838e9582b
Opcode Fuzzy Hash: c78ecb04fbf6f433f2a26d21a349cd5e2cd1c954e0409a048817e5101968d830
Instruction Fuzzy Hash: 6BE0E535E112089FCB40EFF8E149768BBF4EF05315F1481A9D84593250E7349944CB42

Uniqueness

Uniqueness Score: -1.00%

Function 067C4343, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1c527afb7ebab25d6f5f9b596116d046f9c8151158c9a3f78fd82b5059a72d4
Instruction ID: bcdb4eb47ae3e3644a0b5fd314173bf58122e3f6719ac7e9f0f3fd084c8f764a
Opcode Fuzzy Hash: e1c527afb7ebab25d6f5f9b596116d046f9c8151158c9a3f78fd82b5059a72d4
Instruction Fuzzy Hash: DFF0DA78921609CFCB44DFE5E5995ACBFF6FF48340B10551AE402A7398DB30A942CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067C79BD, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f99bb0947cc42877ef806afb5d3444879040f448d758e1e444721e46e254c98
Instruction ID: 84b8def1f8fdcbdb30619bd7fb102e3b5d6d2354dca2a70f036e0a50b8c9c062
Opcode Fuzzy Hash: 9f99bb0947cc42877ef806afb5d3444879040f448d758e1e444721e46e254c98
Instruction Fuzzy Hash: 09F0C971D452289FDB64CFA0CD41BDDB7B4AB44710F5041E9A209BA1C0D7746B85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 067C6988, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bbe97c6b5eb14942d045ebb7bdbc8bd8d174e1b83cb7204f5cf0bc8f07edd1d
Instruction ID: 4a98500fd0487d5816833d27c3ff5e2e6ffb8eb8d718bbc4c92592c8ca13d8ce
Opcode Fuzzy Hash: 8bbe97c6b5eb14942d045ebb7bdbc8bd8d174e1b83cb7204f5cf0bc8f07edd1d
Instruction Fuzzy Hash: FFE01A70D122089FC700EFB4E44A67DBBB5EF45701F1082ADA804A3284DB70A954CB45

Uniqueness

Uniqueness Score: -1.00%

Function 02C7A8C0, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c480f0cfe1047cc189c364c4aa571ef17b9e4cfa3828cceb10b8fa7f824db4b
Instruction ID: f40dc359cde6e8fdc6e33efa259d20e152da918aac930ad7608091ac2a692f3d
Opcode Fuzzy Hash: 7c480f0cfe1047cc189c364c4aa571ef17b9e4cfa3828cceb10b8fa7f824db4b
Instruction Fuzzy Hash: 51E07574D05208EBCB04DF98D541AADFBB5EB88314F20C5A9D80967341D731AA52DB95

Uniqueness

Uniqueness Score: -1.00%

Function 02C7B2C0, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c480f0cfe1047cc189c364c4aa571ef17b9e4cfa3828cceb10b8fa7f824db4b
Instruction ID: ea2dfef368f80a42f9e2718864dfda783a152c895e87c85df17856fd8275c7f9
Opcode Fuzzy Hash: 7c480f0cfe1047cc189c364c4aa571ef17b9e4cfa3828cceb10b8fa7f824db4b
Instruction Fuzzy Hash: 8CE0E574D05208EBCB04DF98D5419ACFBB4EB89304F20C1A9D80863341C731AA52DB80

Uniqueness

Uniqueness Score: -1.00%

Function 02C74231, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34085d4fcfe0160fca20fdeca30a94a0d66761f30ff774f96fd80583752aeac0
Instruction ID: 9262597762f0b2c6d7869c7b938a1730cbd3a5559f7eb00abb4851dc57a79ce5
Opcode Fuzzy Hash: 34085d4fcfe0160fca20fdeca30a94a0d66761f30ff774f96fd80583752aeac0
Instruction Fuzzy Hash: 8DE04F30949248EFCB55DBB8D5896ECFF74EB86205F1442DAD84593252CB300AB5CB05

Uniqueness

Uniqueness Score: -1.00%

Function 02C70230, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f4dacf6a1bd8d55c5639cfaafb1df84ec9ba375eb2d7046151491a0087b9af6
Instruction ID: 45ec1897846d7056ce21b306e5f8d432287609d8d22ad1430701fc3e19783f45
Opcode Fuzzy Hash: 2f4dacf6a1bd8d55c5639cfaafb1df84ec9ba375eb2d7046151491a0087b9af6
Instruction Fuzzy Hash: 5AE04678D09308DFCB08EFA9E6055ACBBB9FB85305F1080A9D80993340D7716E50CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02C7B1C0, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 905896c8a4875f02dc27f0c3c299a4d32163abf8f48eb44fd2de805a56467713
Instruction ID: 218af2f9def3d2ce420b317e417ea3b34a3d7e54c6f78e43aaaa5bd3f4e1f183
Opcode Fuzzy Hash: 905896c8a4875f02dc27f0c3c299a4d32163abf8f48eb44fd2de805a56467713
Instruction Fuzzy Hash: 7FE0BF35904108EBCB05DF94D9419ADFF75FB85314F10C599DC4427351C7329A56DB91

Uniqueness

Uniqueness Score: -1.00%

Function 067C10DC, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ad32f6aead89c5833f55a6fdedeea21a8a9a0d0722c23887ee5d3f2aef309bd
Instruction ID: 67516cb4f78bf41ba026ca942c3900ab9c892a066d25bc4fd95d9d43151f5af4
Opcode Fuzzy Hash: 2ad32f6aead89c5833f55a6fdedeea21a8a9a0d0722c23887ee5d3f2aef309bd
Instruction Fuzzy Hash: 85F06570E12119DFDB54DF68D890B9CB7B3FB44360F50866EE405A7214DB309981CF40

Uniqueness

Uniqueness Score: -1.00%

Function 067C2D5D, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc587fbeae66418e061afe1431e023a0ab23351ed6eee810bc9fa2be517dd85b
Instruction ID: 00ad29d9aa16497dbe8e7f95c490ca1d08271f4132145c61a151e7cdfead647e
Opcode Fuzzy Hash: dc587fbeae66418e061afe1431e023a0ab23351ed6eee810bc9fa2be517dd85b
Instruction Fuzzy Hash: A5E0E578D043088FDB54DF95C845B8EF7B6AF99310F00D1AA9958AB310D7305A49CF05

Uniqueness

Uniqueness Score: -1.00%

Function 067C2CE3, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0637c94bae8fc28f4e6d267bfb961cab81c66fb38ad9a5a81317a26af3fe1813
Instruction ID: ce5c8b4d7505924d6c35c2b9ca566cc6bc36847f9da4bd63b2216f0feb447898
Opcode Fuzzy Hash: 0637c94bae8fc28f4e6d267bfb961cab81c66fb38ad9a5a81317a26af3fe1813
Instruction Fuzzy Hash: 28E052B8E042188FDB50CF95C841A9DB7B6BF45300F04D0AA9959AB354D7345949CF05

Uniqueness

Uniqueness Score: -1.00%

Function 067C7DA7, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47e44bb612325b09b28ee7e111b51f30fd5727eedf58de29ae5d18cb83369dcb
Instruction ID: c6ef5e4420e1537378aaa44d100a003a20edc89f0c1e44788e2fc8dc8750e329
Opcode Fuzzy Hash: 47e44bb612325b09b28ee7e111b51f30fd5727eedf58de29ae5d18cb83369dcb
Instruction Fuzzy Hash: 55F0AE7580622ACFDF24DF60CE84BDDBBB5AB48301F0084E9950CAB264D2349F91DF60

Uniqueness

Uniqueness Score: -1.00%

Function 02C72C70, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7b64bbbf2f0bc9a503838ff6fe186c69974fa6bada40817254afa2edccd7b02
Instruction ID: f59ee9e5bf3c80dec94cd7cf8a7f6dfad12d744e2b1853fce55e8d7c301dd9df
Opcode Fuzzy Hash: c7b64bbbf2f0bc9a503838ff6fe186c69974fa6bada40817254afa2edccd7b02
Instruction Fuzzy Hash: E7D02E6048E244AAC73213F4190E3FC7F50AF86205F0405A8CC8A07043CBA10012DA01

Uniqueness

Uniqueness Score: -1.00%

Function 02C700ED, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 281c4621977220fae3d4b0162839a6dbf2bb6a83eb017d902e442c6ef642acbe
Instruction ID: 8843b8cd2d3e83249ef9a5140dd27a02fa2a1959e36da4f1f46bebcd1e9c4923
Opcode Fuzzy Hash: 281c4621977220fae3d4b0162839a6dbf2bb6a83eb017d902e442c6ef642acbe
Instruction Fuzzy Hash: D6D01735D41109CBCB009FA4E0842EDB7B1EB89325F109826C114A3300C3314454CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02C73FB8, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc5b1c08153259c14710db98d2a06712dd41dfb71d9adb289bdd95711862909f
Instruction ID: 0524e19193fbb30e450714a2621c9c549ecfea5e55e50b9d630b4797e46e7902
Opcode Fuzzy Hash: fc5b1c08153259c14710db98d2a06712dd41dfb71d9adb289bdd95711862909f
Instruction Fuzzy Hash: 00E0E23495920CEFC701EBA8DA496ACBBB8FB48605F1045E8D80957341DB71AA60DB91

Uniqueness

Uniqueness Score: -1.00%

Function 067C1CBD, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d39d7c7bd46530475c197fb3446d62f64aee1d5e414047ea8fcd82a26183a6
Instruction ID: 5edd6dbfb05097bb252af7e96036c04434d4670d8b8abf7641e26618fb04b1c6
Opcode Fuzzy Hash: b6d39d7c7bd46530475c197fb3446d62f64aee1d5e414047ea8fcd82a26183a6
Instruction Fuzzy Hash: 1DD017B8D04118CEDBA0DF25CC407BDB376AB45325F2495AE805EA3342D7300D82CF56

Uniqueness

Uniqueness Score: -1.00%

Function 067C3F88, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19b5c298f6190ffd6acb3a7a8c5753ac0a5f8e42eb116ffbf5d0f7ee55ced176
Instruction ID: 9e5590660c2e3536237a70cde21fff0812de6fa45dbd9ec8f51d306c650e8b1f
Opcode Fuzzy Hash: 19b5c298f6190ffd6acb3a7a8c5753ac0a5f8e42eb116ffbf5d0f7ee55ced176
Instruction Fuzzy Hash: D4E0BD74E11208AFCB40EFA8D1496ACBFF4AB08715F1081A9980893350EA30AA44CB42

Uniqueness

Uniqueness Score: -1.00%

Function 067C30CC, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc525133e573991fe6665f39b3f7d65761a87cf6887407c5a464b186396c8582
Instruction ID: a25e8fe93ebc2bb30804a19b7f1fd718d61d94be74ba44fa8096b7b78541272e
Opcode Fuzzy Hash: dc525133e573991fe6665f39b3f7d65761a87cf6887407c5a464b186396c8582
Instruction Fuzzy Hash: D5E0CD78908314CFCF45CF51C840B9DB7B5EB46310F1091D5956AD7380D73449418F16

Uniqueness

Uniqueness Score: -1.00%

Function 067C8D00, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6b60b4fca7c00b32a9afa59c19925cc3eed61370f3081a800373f991479e93a
Instruction ID: 73cfa7391affcc80f7bc60a3c544f9939eda48ba5eab58f54237716abcf4c5a2
Opcode Fuzzy Hash: f6b60b4fca7c00b32a9afa59c19925cc3eed61370f3081a800373f991479e93a
Instruction Fuzzy Hash: 59D0A770C22208DFC754EFF8A50936C7FB4AF01715F2041BDC80453240EB31A544C781

Uniqueness

Uniqueness Score: -1.00%

Function 02C7BEE0, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25c671f86c88c34b9b130c92af4b3b911f423921306d265ae7b768a8aefa8ce1
Instruction ID: fd5b2c65527c3a774d997a4dedde1ebd12594c307a3fa64bc61084709208ad04
Opcode Fuzzy Hash: 25c671f86c88c34b9b130c92af4b3b911f423921306d265ae7b768a8aefa8ce1
Instruction Fuzzy Hash: AFD052710222088BC300ABF4FA0F2697EAAEF0931AF040164B40A821C0DF301860CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 029A23F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682090784.00000000029A2000.00000040.00000001.sdmp, Offset: 029A2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94f17f404829a7c46a295035c1e9906f666856526bfe6f8f71b3809becf681a1
Instruction ID: 96511157aee118b9ca1d3c3d68351cfb972462cfb42caba86243cb9423852ede
Opcode Fuzzy Hash: 94f17f404829a7c46a295035c1e9906f666856526bfe6f8f71b3809becf681a1
Instruction Fuzzy Hash: 4BD05E79609B914FD3268B1CC1B8B953BD8AB51B08F4644F9EC008B667C369D681D240

Uniqueness

Uniqueness Score: -1.00%

Function 067C7C4F, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57cdb38eed87369004025e3fe66093dd0595b1e6e7cb3cbe4d936417464634d5
Instruction ID: 5799cc3db669cc601d5453a72269b84324b3cf0f50c8f8c3d7dd9761323075e9
Opcode Fuzzy Hash: 57cdb38eed87369004025e3fe66093dd0595b1e6e7cb3cbe4d936417464634d5
Instruction Fuzzy Hash: A9D092F68163298FCF319F259D442D9BAA0AB113A1F60D3DAA0B9622E1D2744B81DF10

Uniqueness

Uniqueness Score: -1.00%

Function 067C74D8, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cf61adf7719f0c3cae50e68f53cb3d7e35d4d40a236875891987cd60fa0c674
Instruction ID: bfcc29854e7b0a75c72dc5608a1440786d16d867472e11c2118daea601c5a260
Opcode Fuzzy Hash: 8cf61adf7719f0c3cae50e68f53cb3d7e35d4d40a236875891987cd60fa0c674
Instruction Fuzzy Hash: 11E09278A022688FEB24DF61CA487EDBBB1AF86301F1080D9904AA7284CB705BC1DF41

Uniqueness

Uniqueness Score: -1.00%

Function 067C73A3, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fea29ce5724bf8585e145d2a035301f3b757721203948c11c367b2081d8b2466
Instruction ID: 8670d48506ecaa63a2f16c507454366d5b1b46d48b22fda56d16e5348fc41000
Opcode Fuzzy Hash: fea29ce5724bf8585e145d2a035301f3b757721203948c11c367b2081d8b2466
Instruction Fuzzy Hash: 2BE0BDB5C042298FCF65DFA0CA80BDDBBB6AB58300F2080E9A148B3260DB355F81DF10

Uniqueness

Uniqueness Score: -1.00%

Function 02C700CD, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2225db0c385d73615a0174ad3bf61b7637ea8ab86aed317c31f4ebd10a7cfcd2
Instruction ID: 020bb8af6915b7a30f850c549c8f509ad28a84d0a9f4d098f2d73693c05e5bbd
Opcode Fuzzy Hash: 2225db0c385d73615a0174ad3bf61b7637ea8ab86aed317c31f4ebd10a7cfcd2
Instruction Fuzzy Hash: 42D0C93AE41108DF8B009FE8E4840DCF775EB8A326B519566C514B3300C7319815CF64

Uniqueness

Uniqueness Score: -1.00%

Function 029A23BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682090784.00000000029A2000.00000040.00000001.sdmp, Offset: 029A2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0990d380e6c5a5c7fdf19e81bb15b633001560a11b5b1151b743739d34dbfa3d
Instruction ID: 34630bc2484862255612652caf8c47f8f582f7bffef2546cfca3982690084442
Opcode Fuzzy Hash: 0990d380e6c5a5c7fdf19e81bb15b633001560a11b5b1151b743739d34dbfa3d
Instruction Fuzzy Hash: 4FD05E346003814BCB15DB0CC1A4F5937D8AB42B08F0644E8AC008B266CBA8D881C640

Uniqueness

Uniqueness Score: -1.00%

Function 067C6C78, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b81ae02f0fe5f856030b318d2e68aa563a5724e964b6f36d8ac26d570706df08
Instruction ID: 356ddb611c21c775008f7bff7a7cc5f581e1385b62d377142b4efb4ffc4f05a5
Opcode Fuzzy Hash: b81ae02f0fe5f856030b318d2e68aa563a5724e964b6f36d8ac26d570706df08
Instruction Fuzzy Hash: 8CD0A930C212089BCB90FBFCA40A26CBFF4EB08321F1042A8880883240FB306644C6D2

Uniqueness

Uniqueness Score: -1.00%

Function 02C729DD, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d5c66706723d941abf394812db66ecadaeb63ad7d09570cadec49678b14d81
Instruction ID: 2dd87477634a72a198216f45599bf8205f1e235ff36d13dd8672f738affff01f
Opcode Fuzzy Hash: e6d5c66706723d941abf394812db66ecadaeb63ad7d09570cadec49678b14d81
Instruction Fuzzy Hash: 13C0803164830447C119AF70B93557BF219DBDB601B005159DD0757144CD33C414CA8D

Uniqueness

Uniqueness Score: -1.00%

Function 067C7543, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89964e093b65b2ced3a47496311979f6ec92c1b17c90af0ae80daaa54c116429
Instruction ID: 8e10b43dc75809613320b53aa761d62663ed7a7195acaae34226895a109412d4
Opcode Fuzzy Hash: 89964e093b65b2ced3a47496311979f6ec92c1b17c90af0ae80daaa54c116429
Instruction Fuzzy Hash: E6E0E27994A2298FCF28DF60CA887EDBBB0AF51301F5054E98049A6294D3345BC1CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02C72C80, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9186346f8c9556f8e1d45d271a17c42e64fd91c711dbe97cfe04caf50647cab3
Instruction ID: 6b0730c59aa23814f2a02fc118ff93f44c1ec96706a6c84e71dd5bf7aaca1389
Opcode Fuzzy Hash: 9186346f8c9556f8e1d45d271a17c42e64fd91c711dbe97cfe04caf50647cab3
Instruction Fuzzy Hash: 4CC08C2148CA0486D22A26E86A083B9BA8CA7C9205F001A14894E024828BB09060D166

Uniqueness

Uniqueness Score: -1.00%

Function 02C7B108, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 867cf87826c66701f092ce487a4c3aadad43209257b6e6407ffb27a88a29d54b
Instruction ID: 5d91b8b24736b1eefbb5f2d6ac93d71511858b6f6cb88ed26f152f1463be342b
Opcode Fuzzy Hash: 867cf87826c66701f092ce487a4c3aadad43209257b6e6407ffb27a88a29d54b
Instruction Fuzzy Hash: EFC02B1008B90C43C00431D45C46770718DF78274CF440D18C90C03481CFF0A850C026

Uniqueness

Uniqueness Score: -1.00%

Function 02C7AF30, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 691089062270d8ce0b9ea4880137f628021404091b0cb3c477f77da7dff68ec9
Instruction ID: a735541b52965d763c5272a3eb036a4d47e5a8cd314e8d37df2b9123cbabc441
Opcode Fuzzy Hash: 691089062270d8ce0b9ea4880137f628021404091b0cb3c477f77da7dff68ec9
Instruction Fuzzy Hash: B8C02B5208AA0846C30531E551057B971CCF781604F10099CCA0C025428F629410C56E

Uniqueness

Uniqueness Score: -1.00%

Function 067C1CCC, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61e41bb6e3919031a03912f9de381b5b2fb64fdd8088e0aa1898f753e2317834
Instruction ID: f4907e6283a56c9fb159e3958b9e0a11fa681b444ea22a3e74d1334823b373bf
Opcode Fuzzy Hash: 61e41bb6e3919031a03912f9de381b5b2fb64fdd8088e0aa1898f753e2317834
Instruction Fuzzy Hash: 43D092B8D04158CBDB50CFA0C840BAEB379AB45304F14909A861AB7281D7305A508F19

Uniqueness

Uniqueness Score: -1.00%

Function 067C2919, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1f084a9ad9411344a444e43b0c7ac4d73871fdbe6d60825c00ea803e6d789f6
Instruction ID: f7fc778aa6de6e49b72cf85ee7ffffa162557c888824c3693ad51487665e6abc
Opcode Fuzzy Hash: c1f084a9ad9411344a444e43b0c7ac4d73871fdbe6d60825c00ea803e6d789f6
Instruction Fuzzy Hash: 68D09278904348CFDB41CBA8C680B9EB7F5AB5A300F1450998148A7340D7305E448F16

Uniqueness

Uniqueness Score: -1.00%

Function 067C6DFC, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9c21e4084b5dace265976a41b855e1df6eb5cedc5edbcb8390539b658dcd9c6
Instruction ID: 0d978195b6b9115f3387c4d479c4b9eb1fa1b9243cf54a55f95b07a44ad24219
Opcode Fuzzy Hash: a9c21e4084b5dace265976a41b855e1df6eb5cedc5edbcb8390539b658dcd9c6
Instruction Fuzzy Hash: 80D06C78D052889FCF95CFE6E5949EDBFB1AF09301B20D01AF865A6294CA34AA05DF50

Uniqueness

Uniqueness Score: -1.00%

Function 067C36D2, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 801bd013b91f47fa6cf8e28d53261cfbfd0d1d07bbe9309e76c0d8ed08ec200d
Instruction ID: f67df71c8db7aa9f57658ced7767f86bf73057b75bcdf8b4de56f07577440865
Opcode Fuzzy Hash: 801bd013b91f47fa6cf8e28d53261cfbfd0d1d07bbe9309e76c0d8ed08ec200d
Instruction Fuzzy Hash: 12C012B4D04108DFCB80CF50C4907AEB37ABB45310F10909A9049B3200DB304E51CF25

Uniqueness

Uniqueness Score: -1.00%

Function 067C2FEC, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9a084d0f54c7bb4d3a637b33ddeade06e1ee46a840c965373564acc36ee92b2
Instruction ID: fa2a4c77f3a6656c26fd0c7134b6d557dd8b87e8b1e4ec30b12102092e24c92f
Opcode Fuzzy Hash: a9a084d0f54c7bb4d3a637b33ddeade06e1ee46a840c965373564acc36ee92b2
Instruction Fuzzy Hash: D8C012B8C04208CECB80CF90C581BAEB3BAAB86300F20D0AA804CB7200DA305E818F09

Uniqueness

Uniqueness Score: -1.00%

Function 067C61EE, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34eaa25a58b60f584a9f4a65b4ef0c614f692db3500a17daec6f0dbe0c7da143
Instruction ID: f03274b15d8ff590d8292746ab1b92030e9f469d51c267b57fa526dbe387850f
Opcode Fuzzy Hash: 34eaa25a58b60f584a9f4a65b4ef0c614f692db3500a17daec6f0dbe0c7da143
Instruction Fuzzy Hash: 38C0123092A3059F8704CB90F68A428BAB2AA45261B10240AA002A2094CE3089928A08

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02C72CA8, Relevance: 3.9, Strings: 3, Instructions: 165COMMON

Download Yara Rule

Strings

>_kq, xrefs: 02C72E16
f]kq, xrefs: 02C72D02
:@fq, xrefs: 02C72DF9

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID: :@fq$>_kq$f]kq
API String ID: 0-1744552541
Opcode ID: f1f315eba6d28a292041f39921023715f29629ab1613260d2cb6aa4caf4af281
Instruction ID: f446bbf7a2ed7c1f833e3b2e160c37aa7af5530cfa70fdc303104672bf7147ba
Opcode Fuzzy Hash: f1f315eba6d28a292041f39921023715f29629ab1613260d2cb6aa4caf4af281
Instruction Fuzzy Hash: EE611871E042198FD709EFAAD96469AFBE7FFC4344F14C529C8049B268DB70581A8F50

Uniqueness

Uniqueness Score: -1.00%

Function 02C72CB8, Relevance: 3.9, Strings: 3, Instructions: 156COMMON

Download Yara Rule

Strings

>_kq, xrefs: 02C72E16
f]kq, xrefs: 02C72D02
:@fq, xrefs: 02C72DF9

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID: :@fq$>_kq$f]kq
API String ID: 0-1744552541
Opcode ID: ae073fd44934e880d4946f42d09d1e521382eb5f62309413614eaf9f484c9b7b
Instruction ID: 22f4a119398debd1e3d6ea0f04938b2844c79b306795838c54ba075a49b10f53
Opcode Fuzzy Hash: ae073fd44934e880d4946f42d09d1e521382eb5f62309413614eaf9f484c9b7b
Instruction Fuzzy Hash: 63610771E042198FD708EFAAD96469AFBE7FFC4344F14C52AC8049B268EB7058198F51

Uniqueness

Uniqueness Score: -1.00%

Function 02C7F7E8, Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

|), xrefs: 02C7F872

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID: |)
API String ID: 0-3526027520
Opcode ID: 8fa1b2de98be2c7c3b16b7509253168298cdaa7e53e409978c0c9dee1e2072fc
Instruction ID: 5d3e967b52b754454f75e88a62ab5fc8c68040ecdae36a657d43060d891bf1cf
Opcode Fuzzy Hash: 8fa1b2de98be2c7c3b16b7509253168298cdaa7e53e409978c0c9dee1e2072fc
Instruction Fuzzy Hash: 8D71BB74E15219EFCB04CFAAD48499DBBF1FF49310F24D59AE419AB621D334AA81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067C03C8, Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

ii{N, xrefs: 067C0531

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID: ii{N
API String ID: 0-2109954960
Opcode ID: 55531dce4ba1a382bdc746d444d8387cb8c7f5a9bd01371fd7c87c414a5cb3b6
Instruction ID: f7f2f1854787fd07572ef5f28731eb64d310154a50a897143d7aa5d4ed5d7f03
Opcode Fuzzy Hash: 55531dce4ba1a382bdc746d444d8387cb8c7f5a9bd01371fd7c87c414a5cb3b6
Instruction Fuzzy Hash: 4551DE74D1521ADFDB84CFA8D5808AEFBB1FB59320F11855AE805BB211C731AA81CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 067C03B8, Relevance: 1.4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

ii{N, xrefs: 067C0531

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID: ii{N
API String ID: 0-2109954960
Opcode ID: b826c3dd444932edd0890d61c70f932a0e5a318d40a0799272f65a801b582c72
Instruction ID: 9dadb9b3593f66240a064dc30cc07455778c4c9730bd7f9c5e8203b5b7747232
Opcode Fuzzy Hash: b826c3dd444932edd0890d61c70f932a0e5a318d40a0799272f65a801b582c72
Instruction Fuzzy Hash: 7351F474D1521ADFCB44CFA8D5808AEFBB1FF5A320B15859ED805BB211C731AA81CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 067C0FA0, Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

f]kq, xrefs: 067C1013

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID: f]kq
API String ID: 0-4201003494
Opcode ID: 355170f147d5fcf138505cb71d984761992738821bd503ca5bc5a4daf17df38d
Instruction ID: d01a1c3d61ff4b2c181d99bb5c574170758c36ba0b9ac1aa5ff5c5241153d476
Opcode Fuzzy Hash: 355170f147d5fcf138505cb71d984761992738821bd503ca5bc5a4daf17df38d
Instruction Fuzzy Hash: 1521D671E016188FEB18CFABD84469EFBF3AFC9320F58C07AD908AA255DB3059418F51

Uniqueness

Uniqueness Score: -1.00%

Function 067C0F91, Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

f]kq, xrefs: 067C1013

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID: f]kq
API String ID: 0-4201003494
Opcode ID: 236f109308c56e75978de8501d23a2ec0f9ae186f7c02bc3a7cdf6e77bc953db
Instruction ID: 5ec2774d0ff136469947d472bbc06497c7a160080d3d2a6508771d13d6526774
Opcode Fuzzy Hash: 236f109308c56e75978de8501d23a2ec0f9ae186f7c02bc3a7cdf6e77bc953db
Instruction Fuzzy Hash: 3621F771E116188FEB18CFABD84479EBAF3AFC9310F18C0799808AB255DB305982CF55

Uniqueness

Uniqueness Score: -1.00%

Function 067C4D98, Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eec65b35a29d29c6dbf03c89eafd0f53fca6cae7bcbd9af6909138df870be42
Instruction ID: ae45bb8502ce287634723056f2253aea7def9fd3aaf973651a110dc9b854bfcf
Opcode Fuzzy Hash: 0eec65b35a29d29c6dbf03c89eafd0f53fca6cae7bcbd9af6909138df870be42
Instruction Fuzzy Hash: 1E912274D052099FCB44CFEAD5919AEFBF2BF89320B24C51DE414AB258D7349A42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 067C4D88, Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d8dc44f320e57bac416e7ac7a10419e9f1a4483126035bc3d0b1affb80beb4a
Instruction ID: 189fffa40a9a653b24be5c7bcd10fdbdceccb3ba08ae473f5b8cc328cd54120f
Opcode Fuzzy Hash: 8d8dc44f320e57bac416e7ac7a10419e9f1a4483126035bc3d0b1affb80beb4a
Instruction Fuzzy Hash: 2E912278D062098FCB44CFEAD5919AEFBF2BF89320B24C55DD414AB258D7349A42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 067C1980, Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a929a13e9f9f2504b5e03725046d84da47c1be75ef92bf53720538c40eecfe27
Instruction ID: d3dfe7952ea2a8f43b416fb13a553f3bb1b3f955bfc8cad5251103888c0a5aaa
Opcode Fuzzy Hash: a929a13e9f9f2504b5e03725046d84da47c1be75ef92bf53720538c40eecfe27
Instruction Fuzzy Hash: F0814071E016548BDB68CF678C4869AFBF3AFC5310F58C1BDC958A626ADB301946CF11

Uniqueness

Uniqueness Score: -1.00%

Function 067C5188, Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a77f7777d6a4224a835dbcce4aef94251a9a40e9fffe1f43b632abd0a9caa703
Instruction ID: 1362d438e1a2e0ff6be1171f4cb438454fae62bc7cb2c1b4c5b2618e530204ec
Opcode Fuzzy Hash: a77f7777d6a4224a835dbcce4aef94251a9a40e9fffe1f43b632abd0a9caa703
Instruction Fuzzy Hash: 145178B0D15209DFDB40CFA8C940AAEBBF2FF59324F14855ED421BB290D375AA10CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 067C0BB8, Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e4ea7e14df0e01e740c91ef3c9ba4a77efb5a812c7472c74e905d6fd37f1963
Instruction ID: 964b7f8aec4ddccda3b61c07c0dfbe2583f12705714733088af1240527f74346
Opcode Fuzzy Hash: 5e4ea7e14df0e01e740c91ef3c9ba4a77efb5a812c7472c74e905d6fd37f1963
Instruction Fuzzy Hash: 1C61EE70D15209DFDB54CFAAC5849EEBBF1FB88310F20966AD415AB214D3399A41CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 067C0BA9, Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbae7a7dee2a8447196867f3c439b47dd41f135d58a395fa228e979b67e030f4
Instruction ID: 2eb2bf687d75f46afd3453bf0ce5da40ebe029600a94dd6bdb63a3314152f304
Opcode Fuzzy Hash: dbae7a7dee2a8447196867f3c439b47dd41f135d58a395fa228e979b67e030f4
Instruction Fuzzy Hash: 5161FE70D1520ADFDB44CFAAC4845EEBBF2FB88310F20D66AD415A7214D3399A41CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 067C51D1, Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38c1080d104cd0812a21918ae9d243b258e971bac51822fbe4e3b2590715dfd0
Instruction ID: 6290a7c46a39050930dba1200c23b88fd842fd7c82b5f97f3c43969a522f2172
Opcode Fuzzy Hash: 38c1080d104cd0812a21918ae9d243b258e971bac51822fbe4e3b2590715dfd0
Instruction Fuzzy Hash: EF518AB0D112098FEB40CFA9C9409AEBBF2FF89324F54955ED421BB254D375AA10CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 067C51E0, Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a48b4b9901214abfe7e9075e5c3d4338975ded1029c850b8c5bf247b9e08f5c
Instruction ID: e215d2da11699dfd9add9ec8a082caebcae4fb3db3f1f146c426e52cc202786e
Opcode Fuzzy Hash: 3a48b4b9901214abfe7e9075e5c3d4338975ded1029c850b8c5bf247b9e08f5c
Instruction Fuzzy Hash: AB5178B0D112098FEB44CFA9C940AEEFBF2BF89324F54951DD421BB254C375AA108BA1

Uniqueness

Uniqueness Score: -1.00%

Function 067C0673, Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79bb57282ffe2efd67e588ec7b7c1bcb9758a5a4755fc807ef0264694f4d9218
Instruction ID: 3306fbf7ba16caee68fb61421faedee5ba2f62c838f4eebf6a678d359141ad96
Opcode Fuzzy Hash: 79bb57282ffe2efd67e588ec7b7c1bcb9758a5a4755fc807ef0264694f4d9218
Instruction Fuzzy Hash: 0851F3B5D0560ADFDB44CFA8C5819AEBBB1FB89320F10955ED811B7200D731AA81DFE5

Uniqueness

Uniqueness Score: -1.00%

Function 067C19E1, Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 390655a5e7a9b84b0c209be4f236f7f6541ea0db1a68f8e6e0838d63b2b06e16
Instruction ID: 68d11d9c66d181210defcead979781ef161f18e99d0f4e3ffffb240d8a136712
Opcode Fuzzy Hash: 390655a5e7a9b84b0c209be4f236f7f6541ea0db1a68f8e6e0838d63b2b06e16
Instruction Fuzzy Hash: 4F5199B1E056588BDB58CF6B9C4429EFBF3AFC9310F14C1BA954CAA265EB300946CF11

Uniqueness

Uniqueness Score: -1.00%

Function 067C1A18, Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1731ee94354081b6f1e9c3dba61156559a69f7a73cdc29d89b068cbba710dcce
Instruction ID: 2e6b8fe0c92f93247b2063d1183dc9645afb9407873d1a953af947ca7c09bf5f
Opcode Fuzzy Hash: 1731ee94354081b6f1e9c3dba61156559a69f7a73cdc29d89b068cbba710dcce
Instruction Fuzzy Hash: 58514BB1E016188BEB68CF6B9D4569EFAF3BFC8310F14C1BA950DA6254EB301945CF41

Uniqueness

Uniqueness Score: -1.00%

Function 067C0999, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4270e58b13ff68552e6a9f934d18da38536c45c39ac82bebb0a0510e8fcd5b51
Instruction ID: 5a6774b3d2aee7aaa1a8726b7db177cacc258695379d6b2f35172196ec4b3e58
Opcode Fuzzy Hash: 4270e58b13ff68552e6a9f934d18da38536c45c39ac82bebb0a0510e8fcd5b51
Instruction Fuzzy Hash: 3C411671D0920ADFEB48CFA6C4815AEFBB2FB88310F10D42ED421AA254D7359A81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02C74270, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.682296944.0000000002C70000.00000040.00000001.sdmp, Offset: 02C70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3af64d26ceac6a9ec6a328f1f1116798eb3cf095b20d474f052e211009c3724c
Instruction ID: 8cad876fda5a8e465bac8f71ad644f2531b0f08f2ec9be9a8952a28133a08ebd
Opcode Fuzzy Hash: 3af64d26ceac6a9ec6a328f1f1116798eb3cf095b20d474f052e211009c3724c
Instruction Fuzzy Hash: 744133B1E056188BEB2CCF6B8D4179AFAF3AFC9204F14C1BAC94CA6215DB3105968E11

Uniqueness

Uniqueness Score: -1.00%

Function 067C09A8, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d38383cc718d02acabeb2f9bb12059febad4c61bdb24bddb885de74439b7dd5
Instruction ID: 35a98f4f4fb97ffdada443f3c9ad76586a6aa90ab407de3d90262a07470cef4f
Opcode Fuzzy Hash: 3d38383cc718d02acabeb2f9bb12059febad4c61bdb24bddb885de74439b7dd5
Instruction Fuzzy Hash: 5841E671D0920ADFEB48CFA6C5815AEFBB1FB88310F10D46EC425AA254D7359A81CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 067C0DF0, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 105dd7411b250ed0fda080fea9e5b4f8e2d2044018f7a326b8a8f0c1ba5cb61c
Instruction ID: aa534dab1ac54483a93c8e4872c188c6c39a0e40fa636ce9dab33cf31accc50f
Opcode Fuzzy Hash: 105dd7411b250ed0fda080fea9e5b4f8e2d2044018f7a326b8a8f0c1ba5cb61c
Instruction Fuzzy Hash: 7A41F4B0D0120ADFDB48DFE9C5815AEFBB2BF88310F24C56ED505A7244E735AA81CB95

Uniqueness

Uniqueness Score: -1.00%

Function 067C0E00, Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 712d66b7312f20d6438dc2170c46b87aeb43c2eb3baac8726a49dcc3052f79da
Instruction ID: 3ff96510cac9f0afa27a98bb6533d8838707e025a012c36469192f6a849268bd
Opcode Fuzzy Hash: 712d66b7312f20d6438dc2170c46b87aeb43c2eb3baac8726a49dcc3052f79da
Instruction Fuzzy Hash: 9241E2B0D0520ADFDB44DFE9C5814AEFBB6AF89310F24C56EC509A7204D735AA81CF95

Uniqueness

Uniqueness Score: -1.00%

Function 067C8E18, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f39dc03a5defef043ea2286a218d739ae4964bfe8b95d49c572b037d6f0f1c62
Instruction ID: 0a0caa7a25a9f3d2e0cb9d75ae09c4ebb16c84672996d3efa333b584c3961df4
Opcode Fuzzy Hash: f39dc03a5defef043ea2286a218d739ae4964bfe8b95d49c572b037d6f0f1c62
Instruction Fuzzy Hash: 0B11E370D052199EDB94DFAAC945BFEBFF0AB4A310F14946DE414B3290D7348A40CF69

Uniqueness

Uniqueness Score: -1.00%

Function 067C59E8, Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f7114961419de26d461c639b2fea6591962af2ee20d458276bcd329b557e82c
Instruction ID: db1a1ee960b962a0eb166a5ef5c4cb70b4306057202cf45f50d193fe460ce419
Opcode Fuzzy Hash: 4f7114961419de26d461c639b2fea6591962af2ee20d458276bcd329b557e82c
Instruction Fuzzy Hash: 641195B1E116098BEB58CFABD54419EFBF7AFC8300F24C27E9518AB255DB3456118F40

Uniqueness

Uniqueness Score: -1.00%

Function 067C4558, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd60bbb50f5b6079315459b03a5fe2be57ae4ca0818126dd42d0897150baf247
Instruction ID: 21e00f1f8f639eee9c011aa9e4735c32e65610d95a6cad15f732cc90f7a52f12
Opcode Fuzzy Hash: fd60bbb50f5b6079315459b03a5fe2be57ae4ca0818126dd42d0897150baf247
Instruction Fuzzy Hash: 5E11E5B1D006089BDB58CFABD5011AEFBF6BF89310F24C57E9418AB219DB3456018F44

Uniqueness

Uniqueness Score: -1.00%

Function 067C5460, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.688240320.00000000067C0000.00000040.00000001.sdmp, Offset: 067C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a89df80bc24a8db36d7d698e2451c3f94f79374cfa3674778aedb6101aa278
Instruction ID: ef203dc78daffdc17e5c3015ed306406a645bba639f717e2ea5994c6bc3f855f
Opcode Fuzzy Hash: e1a89df80bc24a8db36d7d698e2451c3f94f79374cfa3674778aedb6101aa278
Instruction Fuzzy Hash: A811C9B1E056098BEB48CFABD9001AEFBF7AFC9310F24C57E8458A7255D73456518F40

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: MSBuild.exe PID: 6692 Parent PID: 1380 MSBuild.exeCOMMON

Executed Functions

Function 0505AF18, Relevance: 2.1, Strings: 1, Instructions: 897COMMON

Download Yara Rule

Strings

r, xrefs: 0505B9CC

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 6429e6792b4c53c4f527919004972398a686ddf35529192b0ea09c12354c0722
Instruction ID: 7ca9af3db39b8ca6d52c4f3a24474ffecf01fb741159f3e9bae0eb8d4c1f711b
Opcode Fuzzy Hash: 6429e6792b4c53c4f527919004972398a686ddf35529192b0ea09c12354c0722
Instruction Fuzzy Hash: 73823874A00605DFCB14CF68D584AAEBBF2FF88320F158669D81AAB651D730F985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05053850, Relevance: 2.0, Strings: 1, Instructions: 744COMMON

Download Yara Rule

Strings

>_kq, xrefs: 05053F9D

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: >_kq
API String ID: 0-4149988037
Opcode ID: 088af80f69f3dee3d3ffe4588296f702afcc3f3b41abbcfcc09ac9f61e3af2c1
Instruction ID: 011b6e3bae131772da5b159341ff8dba8b8f800709dff908498f38d049e6d20a
Opcode Fuzzy Hash: 088af80f69f3dee3d3ffe4588296f702afcc3f3b41abbcfcc09ac9f61e3af2c1
Instruction Fuzzy Hash: E642D571A04215CFCB15CF68D8849BEBBF2FF45360B1989AAE8159F256C731EC45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 051924F8, Relevance: 1.6, APIs: 1, Instructions: 91networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 051925AB

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: be0ab27b4a9286ac85973c5129bbb7a4d08d8ac6b1b5bcf85f2b3cc92ca29b5e
Instruction ID: 5ad50d697ec4652e9ee462913081a686bace43b3a3a66f14aefaf2e58517aab7
Opcode Fuzzy Hash: be0ab27b4a9286ac85973c5129bbb7a4d08d8ac6b1b5bcf85f2b3cc92ca29b5e
Instruction Fuzzy Hash: 75316DB550D3C46FD7138B258C54B96BFB8AF07214F0984DBE984DF1A3D264A909C772

Uniqueness

Uniqueness Score: -1.00%

Function 05190F23, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05190FA3

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: efd13e9b474bf90c559fb6be021f2b059e2df81ffd6b4d485ca074cacb77c5cd
Instruction ID: 5c6a747915be39279b43d17051fb027fa77fa8e22d3c15a3fa3dc14a7e721a40
Opcode Fuzzy Hash: efd13e9b474bf90c559fb6be021f2b059e2df81ffd6b4d485ca074cacb77c5cd
Instruction Fuzzy Hash: 2021D1765093849FDB228F25DC44B92BFF4EF06310F0984DAE9858F563D374AA08CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0519115F, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 051911D5

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 86d60b460096dbf0284fa1d5d9ec6b4ac75618cdba5becf6a1a8a8bc574081d1
Instruction ID: 23703cebbd456e0c616a47356a0529111445dde1e0b725daca2109031c9039f7
Opcode Fuzzy Hash: 86d60b460096dbf0284fa1d5d9ec6b4ac75618cdba5becf6a1a8a8bc574081d1
Instruction Fuzzy Hash: CB219D764097C0AFDB238B21DC51A52FFB4EF16214F0984DBE9848B163D265A509DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0519254A, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 051925AB

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 20aa8461bc5d7813c344fd8640e8b279c95a603e68487960b11f98c7b8469bcc
Instruction ID: 76f59250c1de5277075fe0265dbbb75a070801ce4b87598720d978d0027b79c5
Opcode Fuzzy Hash: 20aa8461bc5d7813c344fd8640e8b279c95a603e68487960b11f98c7b8469bcc
Instruction Fuzzy Hash: AA119DB5504304AFEB21CF55DC84FAABBA8EF04320F18846AED459B646D774E404CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 05190F5A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05190FA3

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: f32ad15110071047ade3a689b28ee468a8d0080608fff695e4fe25c04e8051c5
Instruction ID: 2dcb6976799449dafe1f7a73967b4189550ed210121626c5bec7a73eceb009a7
Opcode Fuzzy Hash: f32ad15110071047ade3a689b28ee468a8d0080608fff695e4fe25c04e8051c5
Instruction Fuzzy Hash: F611A0355043049FDB24CF55D844B66FBE4EF08320F0884AAED4A8B652D335E618CF62

Uniqueness

Uniqueness Score: -1.00%

Function 051923EE, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 05192420

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 5cb0e5d05da224e564735303cbac7da15692c3939a7dad821cf6e4eb044fe0f6
Instruction ID: a81a9dab8edc7c92e172396a6a6320401502f5d833375fe83d933a4bd4527e89
Opcode Fuzzy Hash: 5cb0e5d05da224e564735303cbac7da15692c3939a7dad821cf6e4eb044fe0f6
Instruction Fuzzy Hash: D10186755043449FDB24CF55D984B65FBA4EF04320F18C4AADD598F646D379A804CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 0519119A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 051911D5

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 80b0d217e8b7006d79d501c5550f9fa800594de0f19838af2ee6bedb7b7cd2d2
Instruction ID: 33f8a737c9bea4028b7e4383c99628f6e4dc443bbbbbee16747023681113ff11
Opcode Fuzzy Hash: 80b0d217e8b7006d79d501c5550f9fa800594de0f19838af2ee6bedb7b7cd2d2
Instruction Fuzzy Hash: 60018B35504740AFDB20CF5AD884B65FBA1FF08320F08C4AADD494B616D376E458CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 050523A0, Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 499a01025efcbdf84e75a32b9d6f0c150b3341ca904ea7f0413762a64209dd37
Instruction ID: 10006095e4b8d825dff9599931f0f17246cadd1778da93bf5028b6529625cf30
Opcode Fuzzy Hash: 499a01025efcbdf84e75a32b9d6f0c150b3341ca904ea7f0413762a64209dd37
Instruction Fuzzy Hash: 1312BD34A0422ACFCB24DF39E98466EBBF3BF85324F148129D816EB255DB749946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05058648, Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9333e686b92bf1b3aa3fc8726da167ae9917e31364a8bdc1f9c4893fa40e70fd
Instruction ID: 2838ca2830311fad464d9b2fa20a5b7a075a19b11d1d95be82ccaa2c0106f79b
Opcode Fuzzy Hash: 9333e686b92bf1b3aa3fc8726da167ae9917e31364a8bdc1f9c4893fa40e70fd
Instruction Fuzzy Hash: 9A12B930E04629CFDB28DF25E48466EBBF2BF84320F24C569EC16AB244DB74C885CB50

Uniqueness

Uniqueness Score: -1.00%

Function 05052FA8, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 449ddddb74a4483a1e4f032baf539423d93fc1b5a9f3e5c3c7d666d89e01e20c
Instruction ID: d145645a9c91f3d4302a3648974271636112210dba7e9146a44e91e3def48214
Opcode Fuzzy Hash: 449ddddb74a4483a1e4f032baf539423d93fc1b5a9f3e5c3c7d666d89e01e20c
Instruction Fuzzy Hash: 58819E32F011169BDB14DB69D894AAEB7F3AFC8360F2A8574E815EB355DE30DC418B90

Uniqueness

Uniqueness Score: -1.00%

Function 05059248, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6566e2365e746936270995b80ac0672438fc3568386738ce41f57c1e6e5574
Instruction ID: c89133dbdd787d1c3a28318b5791a35def4748055741f72e89d3df234fceead2
Opcode Fuzzy Hash: cc6566e2365e746936270995b80ac0672438fc3568386738ce41f57c1e6e5574
Instruction Fuzzy Hash: D4816B32F01115DBDB14DB69D884AAEB7F3AFC4321B2A8565E809AB355DE35DC01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 051901F4, Relevance: 3.1, APIs: 2, Instructions: 100synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0519019D
FindCloseChangeNotification.KERNELBASE(?), ref: 05190264

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: ChangeCloseCreateFindMutexNotification
String ID:
API String ID: 2967213129-0
Opcode ID: bafd05b646e14026f8ed8aa041c46cf136517ad41c566b23e0aa94fe86df20e6
Instruction ID: e88efed7af5c09f9973872d9149e5931651b0c9c10b7350e1dacd454f7906210
Opcode Fuzzy Hash: bafd05b646e14026f8ed8aa041c46cf136517ad41c566b23e0aa94fe86df20e6
Instruction Fuzzy Hash: B231E6714093809FEB15CF15DD89BA6BFA4EF06324F0884ABED448F253D375A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05052D58, Relevance: 2.6, Strings: 2, Instructions: 135COMMON

Download Yara Rule

Strings

>_kq, xrefs: 05052DA5
, xrefs: 05052E76

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: $>_kq
API String ID: 0-1412446344
Opcode ID: 2c7522b7cdcb6fe9cb203452a2b81e124dd45e1bdb717903b46017d43ee68a13
Instruction ID: 52b5421e299b218fb49148729809cb7395ed41a66f82a0eab9f9e193dc14f7ba
Opcode Fuzzy Hash: 2c7522b7cdcb6fe9cb203452a2b81e124dd45e1bdb717903b46017d43ee68a13
Instruction Fuzzy Hash: 11419138E081568BCB14CF69D8845BFBBA3FFC5224B29C57AC816DB605C735D852CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05191410, Relevance: 1.6, APIs: 1, Instructions: 122networkCOMMON

Download Yara Rule

APIs

DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 05191506

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: Query_
String ID:
API String ID: 428220571-0
Opcode ID: 8666d8064e798c0eca80ee6ef58abf7a99324d9f331cdad73a2eb1b571bc9f74
Instruction ID: d63a033a83414c9418a14f10d3123ae99bc4f05f5ae9a2366da85156c53b631f
Opcode Fuzzy Hash: 8666d8064e798c0eca80ee6ef58abf7a99324d9f331cdad73a2eb1b571bc9f74
Instruction Fuzzy Hash: 6641456540E7C06FD3138B358C61A61BFB4EF47614B0E85CBE884CF5A3D219690AD772

Uniqueness

Uniqueness Score: -1.00%

Function 05190390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0519045E

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 3f29b02bdd30293547af05d28b7cac69e2b4c5a9a7daf236d24b3f65fc653ab9
Instruction ID: c6eabad755d2c41ba7f54c19ab8ea20e88ff1d326eaa33a7ab95389ea2861ef5
Opcode Fuzzy Hash: 3f29b02bdd30293547af05d28b7cac69e2b4c5a9a7daf236d24b3f65fc653ab9
Instruction Fuzzy Hash: EC31C4B20043446FE7228F11CC45FA6FFB8EF05714F04899EE9858B192D365A949CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00F5AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00F5AAB1

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: f7305b451713ac849d817513501ef1306127af9c36666d0b9a4f203e479bd996
Instruction ID: 7bd58b21e690a9126b252230c6f7451aa5308f4f1ca6f4b41bba585f191278ab
Opcode Fuzzy Hash: f7305b451713ac849d817513501ef1306127af9c36666d0b9a4f203e479bd996
Instruction Fuzzy Hash: 1131D672504784AFE7228F25CC45FA7BFECEF05320F08859AED808B152D264E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051907F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05190899

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 9e0a34314895e0db2c48c1249ed58eaa543af8431c2735ccf06721b1602a0a5e
Instruction ID: 490c1f64c68886f9073bc667f61ac36e2fc79da26a832c3f42f017b169cfca93
Opcode Fuzzy Hash: 9e0a34314895e0db2c48c1249ed58eaa543af8431c2735ccf06721b1602a0a5e
Instruction Fuzzy Hash: 3E3172B1505740AFE722CF25DC44FA6BFE8EF09210F0885AEE9858B252D375E905DB71

Uniqueness

Uniqueness Score: -1.00%

Function 05192A9F, Relevance: 1.6, APIs: 1, Instructions: 90windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 05192B55

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 31d7d0c6fa4439f1786df4b8c876cd134d410c6dfbefebd3785a72d31b4011b2
Instruction ID: bf11670029e20397d517be4118321f860a159f6378ed51931fe0817d59b4cbf5
Opcode Fuzzy Hash: 31d7d0c6fa4439f1786df4b8c876cd134d410c6dfbefebd3785a72d31b4011b2
Instruction Fuzzy Hash: 2E319F7240E7C45FD7139B258C61A66BFB4EF47710F0A80CBD884CF2A3E6246909C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00F5AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 00F5ABB4

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: dc5b2a85b9dfb107c45ad4e59cb03929e37887f2391caf77172034cef6fd3335
Instruction ID: 455801f3f2a84a721c9ddf43ba52ab92da9a6eff075346bbbb711272a6a48aba
Opcode Fuzzy Hash: dc5b2a85b9dfb107c45ad4e59cb03929e37887f2391caf77172034cef6fd3335
Instruction Fuzzy Hash: E93193725093846FD722CF25DC44F92BFF8EF46320F08859AE9858B153D264E949CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 051900F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0519019D

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: c6574053608c80bb27c15069a5768f404e69791fa89eb7a7db00a97f276fc144
Instruction ID: 9a8478bfb12a77c7e4bd82854ef0fda8557efbd6bfff7d897c02bb89902c0100
Opcode Fuzzy Hash: c6574053608c80bb27c15069a5768f404e69791fa89eb7a7db00a97f276fc144
Instruction Fuzzy Hash: 033161B15097806FE722CB25DC85B56BFF8EF06310F0884AAE9858B292D375E909C761

Uniqueness

Uniqueness Score: -1.00%

Function 051921E0, Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 0519227D

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 3c3b0815e46dd7dd169e69e6e768be12aff00f2c8695229ffe2b9659c90f09f4
Instruction ID: c60bca58c88e8a312fe81beeedef981f198a0bc9b9f322c3b15e0ec626682cd8
Opcode Fuzzy Hash: 3c3b0815e46dd7dd169e69e6e768be12aff00f2c8695229ffe2b9659c90f09f4
Instruction Fuzzy Hash: 9B3193B25093806FEB128F65DC45FA6BFB8EF06310F0885AAE9859B153D2359505CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00F5AF50, Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 00F5AFEA

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 6d397ce1c8b1910577d16ef346540364879b3bc9f39225c34ee25257f2f54e45
Instruction ID: 7f4487a7bec6f04e15b415fbfb234b568a6f0b19154e267045e3867bcad6a94a
Opcode Fuzzy Hash: 6d397ce1c8b1910577d16ef346540364879b3bc9f39225c34ee25257f2f54e45
Instruction Fuzzy Hash: BD31A27140E3C06FD3138B258C51B62BFB4EF47610F0A81DBE884CB5A3D128A919C772

Uniqueness

Uniqueness Score: -1.00%

Function 05191D74, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 05191E26

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 17b4498fbe72f495ef3d5dc50119f5083db97fc8b34b320cc8b45dd928b9cbab
Instruction ID: 3777c1d6793eb78537fa3f8938c15d63b1833c90c34ab9a1a61ce64ac487797b
Opcode Fuzzy Hash: 17b4498fbe72f495ef3d5dc50119f5083db97fc8b34b320cc8b45dd928b9cbab
Instruction Fuzzy Hash: 823191B2405780AFE722CB65DC45F96FFF8EF06320F08859EE9848B152D365A549CB61

Uniqueness

Uniqueness Score: -1.00%

Function 051904AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 0519055C

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: f36fdd4c67f91771fd30e517c9439658abdf062ea0f900b5f59b265de7e5fc8d
Instruction ID: 2c0c6c141b24319c96b0f45e3928366963f242640340fe7c3e2ceb92e79d12c3
Opcode Fuzzy Hash: f36fdd4c67f91771fd30e517c9439658abdf062ea0f900b5f59b265de7e5fc8d
Instruction Fuzzy Hash: B6318471109780AFD722CB25DC44F92BFF8AF06310F0885DAE9859B153D364E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A120, Relevance: 1.6, APIs: 1, Instructions: 82networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00F5A1C2

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 197fe6c48b0aeb09483f0c54489c5ca41f61df20ca8ac68f13b67fab5ffa58b4
Instruction ID: 66c68bcde6bfec0de49cb4284b29ebbcb74dbf490888160958448d848e7404b8
Opcode Fuzzy Hash: 197fe6c48b0aeb09483f0c54489c5ca41f61df20ca8ac68f13b67fab5ffa58b4
Instruction Fuzzy Hash: 6821AD7140D3C06FD7128B358C61AA6BFB4EF47620F1985DBD8C48F193D225A90AC7A2

Uniqueness

Uniqueness Score: -1.00%

Function 051902AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05190353

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: f6a7c6f8ce0bddf393a0d86fbff7a5763e9da69e9c5225310a098c271ab64389
Instruction ID: 419134792adf5ae0c601bd62f8adfb15952b952045bd408dfb56e0e971741e76
Opcode Fuzzy Hash: f6a7c6f8ce0bddf393a0d86fbff7a5763e9da69e9c5225310a098c271ab64389
Instruction Fuzzy Hash: D92197750097846FE7228F11DC45FA6FFB4EF06310F1885DAE9848B193D275A949C772

Uniqueness

Uniqueness Score: -1.00%

Function 05191C92, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 05191D1D

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 86e3860ebd1193ec674d29f48afa44129da63c2c79e6a179d6145289d863c4e8
Instruction ID: 7628644622f499c9b69954c837f177eadb5de4da258b58c7ff6665bedd41e485
Opcode Fuzzy Hash: 86e3860ebd1193ec674d29f48afa44129da63c2c79e6a179d6145289d863c4e8
Instruction Fuzzy Hash: D72171B1509780AFE722CB25DC45F66FFE8EF45210F08849AE9858B252D375E548C761

Uniqueness

Uniqueness Score: -1.00%

Function 05191532, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 051915BE

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: a51f7b68f3fb1020bb5f4bbc709426d76ac9559c876c0e2af8126ef6370dec91
Instruction ID: 7c52ed9fa96c35aec74820428f7dce14494be31767f0e9db4fc9ca1ed7ed60da
Opcode Fuzzy Hash: a51f7b68f3fb1020bb5f4bbc709426d76ac9559c876c0e2af8126ef6370dec91
Instruction Fuzzy Hash: CA218D71509780AFE722CF65DD44FA6FFB8EF05310F08899EE9858B652D375A408CB61

Uniqueness

Uniqueness Score: -1.00%

Function 051908F0, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 05190985

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 0969c29792fa29924abdbe667e28f06cd7a13f096d3c9f023c4f340df9aba57d
Instruction ID: e5312ecf5c0e3b1f6a331d2cc66387ac14e6bcf1b4ed3a465555ca58f11844cc
Opcode Fuzzy Hash: 0969c29792fa29924abdbe667e28f06cd7a13f096d3c9f023c4f340df9aba57d
Instruction Fuzzy Hash: DA21F2B64087846FE712CB25DC44FA2BFB8EF46720F1884DAE9849B153D224A909C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 0519081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05190899

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a57f66d17711476737d7204a6652447f579a7a6940bfcaf6a7ad711868323afc
Instruction ID: ba46c2105c7affb05dc266448b163273f1c70e023e12165bcfe6f2e8337aa339
Opcode Fuzzy Hash: a57f66d17711476737d7204a6652447f579a7a6940bfcaf6a7ad711868323afc
Instruction Fuzzy Hash: D6218171A04700AFEB25DF65DC44BA6FBE8FF08310F04886AE9858B651D375E404CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 05190B79, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 05190C10

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 712d05527054224fb8101372fffc0be7cec9b144e5d41bbcdb8cc9c65275bb80
Instruction ID: 77f553713d5dac0379b34de9b132df816acc87eca014c3b545f4e3b116d287aa
Opcode Fuzzy Hash: 712d05527054224fb8101372fffc0be7cec9b144e5d41bbcdb8cc9c65275bb80
Instruction Fuzzy Hash: A321B0B25083406FEB228E15CC84F67BFF8EF05710F08889AE9859B252D320E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 051903CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0519045E

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e04d01cc0a420bd9fd844c17621dc3d3dec32e25e0fa95be59646853d8be5002
Instruction ID: 6c7e53955b760397b06ab293f61987abb69866cea15eee6c95c66051971c21ee
Opcode Fuzzy Hash: e04d01cc0a420bd9fd844c17621dc3d3dec32e25e0fa95be59646853d8be5002
Instruction Fuzzy Hash: D121C2B2100304AEEB31DF15DC45FA6FBACEF08710F14895AFA858B581D7B5A949CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 051909C0, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 05190A51

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 6812b2b6b9eced22deecf797a6f34a03ab4758de6f68860b50208625b89bbd40
Instruction ID: 1f2cd48841a7896f468f395646d65612e1d19585fc6e5bfa145810c8ee14ca95
Opcode Fuzzy Hash: 6812b2b6b9eced22deecf797a6f34a03ab4758de6f68860b50208625b89bbd40
Instruction Fuzzy Hash: 79219072409380AFEB228F25DC44F56BFB8EF06314F08849BE9849B153C225A409CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00F5AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00F5AAB1

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: efa211afdbd3d3692555479d3a151a476ff8ef8448afbf334394c7c89a85a8da
Instruction ID: 0897b2ab218ef623549784af354fdcfa30e6433b4347b75788d3710e7b432e65
Opcode Fuzzy Hash: efa211afdbd3d3692555479d3a151a476ff8ef8448afbf334394c7c89a85a8da
Instruction Fuzzy Hash: 0821C272500704AEE7219F55CD84FAAFBECEF04320F14855AEE419A241E624E919CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 0519012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0519019D

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 9a7b62fa8c64f57f68cf356ffd6a8a126be46fe0e2f16dbd546d51425aa3e9a9
Instruction ID: 4010e5aa902cdba0551910f006860e69d5040a083884d202e5a10d8b6187cc57
Opcode Fuzzy Hash: 9a7b62fa8c64f57f68cf356ffd6a8a126be46fe0e2f16dbd546d51425aa3e9a9
Instruction Fuzzy Hash: F5219F71604740AFEB25DF69DC89B6AFBE8EF08310F08846AED458B241E775E904CA71

Uniqueness

Uniqueness Score: -1.00%

Function 05190723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 0519079F

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 915e17c8f1ed9ac882838e938e8916a3ed77dfcbbd06d6fe107b4aaee1304cec
Instruction ID: f9fb68a2416b3b6b5b171748eebc74e4b18a7710dd96b18eb93bb6c098495e4c
Opcode Fuzzy Hash: 915e17c8f1ed9ac882838e938e8916a3ed77dfcbbd06d6fe107b4aaee1304cec
Instruction Fuzzy Hash: D12171765093809FDB55CB25DC88B56BFE8EF06214F0984EAE885CF152D324D909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05190A9B, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 05190B1E

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 1de1feeedca1a753bb7d983359e4efb234ecefff889c11c821e87009f8dd8f62
Instruction ID: 57ce3337896e80c11d500d96b5c8df4870b8f33de7ec6cdcd9670202f0ffe4dd
Opcode Fuzzy Hash: 1de1feeedca1a753bb7d983359e4efb234ecefff889c11c821e87009f8dd8f62
Instruction Fuzzy Hash: C62183B55093845FDB22CB25DC95B52BFE8AF06314F0984EAED85CB253D225D808C761

Uniqueness

Uniqueness Score: -1.00%

Function 00F5AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 00F5ABB4

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 5858ec95740bea13a294aba2fadce73fc0bb1b2276857390f13fc76b0d816c6b
Instruction ID: 41eb6fe3cea766b28178ccb1dcde90e2675ed10861280feae128389225178db6
Opcode Fuzzy Hash: 5858ec95740bea13a294aba2fadce73fc0bb1b2276857390f13fc76b0d816c6b
Instruction Fuzzy Hash: 5F21A172600304AFE721CE15DC40F66FBECEF44721F04855AEE458B251D370E818DAB2

Uniqueness

Uniqueness Score: -1.00%

Function 05191CB2, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 05191D1D

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 64177916324ec251d3a8c5d319bbded105500945a9f9f6650cb3fcf3078dfb96
Instruction ID: 1f3435f96e8a414237fa3deffceae6f7f76d9ce88f7ff44eb72333e32cf0e96b
Opcode Fuzzy Hash: 64177916324ec251d3a8c5d319bbded105500945a9f9f6650cb3fcf3078dfb96
Instruction Fuzzy Hash: 2B21C0B5504740AFEB25DF29DC49F66FBE8EF44320F18886AED458B241D375E444CA71

Uniqueness

Uniqueness Score: -1.00%

Function 05190FF0, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0519105C

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: f465b4ec231903028965fb7c918bab2af5e2256fb7409fd780a6a5db2e9e7b98
Instruction ID: 4ed66cca4bbb3009b2d5e9138dc66a98f532e3c889b2fda20773eaba441036a4
Opcode Fuzzy Hash: f465b4ec231903028965fb7c918bab2af5e2256fb7409fd780a6a5db2e9e7b98
Instruction Fuzzy Hash: 4C218E725093C05FDB128B25DD94A92BFB4AF07224F0D84DAEC858F663D275A948CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05191552, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 051915BE

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: ae79578ec625dda3a6f2cc99ffca8df81f6dd0634973a49e4f8aefc9966a911a
Instruction ID: 4d90519353740ba4f6535533ee4e1f7c7eb17e067e720dacda7692d14c5b4f2f
Opcode Fuzzy Hash: ae79578ec625dda3a6f2cc99ffca8df81f6dd0634973a49e4f8aefc9966a911a
Instruction Fuzzy Hash: 9A21CF71500740AFEB21CF55DD44F66FBA8EF08310F08896AE9858A641D376A404CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05191DB2, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 05191E26

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 9499a0f092b1ec7f886dc8c88ad5a4e0e18382bb0e213bb631a1a55633ab7252
Instruction ID: a5f3867301195400260695b82d33955cb2d21575d385de83a013b7c0a1eb0787
Opcode Fuzzy Hash: 9499a0f092b1ec7f886dc8c88ad5a4e0e18382bb0e213bb631a1a55633ab7252
Instruction Fuzzy Hash: D8219D71500740AFEB26CF55CD44FA6FBE8EF08320F04895EE9858B641D375A549CB61

Uniqueness

Uniqueness Score: -1.00%

Function 051910A5, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,18ED3FAD,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 05191116

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 195f6bc106e56a4d52e8ad804aedefe96c4245ade659b7e56cfab7caafe58ffc
Instruction ID: 142f0cfbf5e276a3da7e88d8f8b9dfb3ca507ed0f2fe4cb66dd38d072b5e7659
Opcode Fuzzy Hash: 195f6bc106e56a4d52e8ad804aedefe96c4245ade659b7e56cfab7caafe58ffc
Instruction Fuzzy Hash: B8214F71509384AFDB12CB25DC84A96BFE4AF06210F0984EAE985CB262D234A948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05190B9E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 05190C10

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: c00c33cb1b9cf41d076ebe04ae4f55015f55d9d5e2d9d06ba5486ff7851a535f
Instruction ID: 74df8a63a1c24d9d6b567431d893b54f0bb63c6305de028172bf621340741892
Opcode Fuzzy Hash: c00c33cb1b9cf41d076ebe04ae4f55015f55d9d5e2d9d06ba5486ff7851a535f
Instruction Fuzzy Hash: 7F117FB6604304AFEB31DE15DC85F66BBE8EF08710F04885AED459A646D764E405CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 051904EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 0519055C

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: d482b11f697c5bf38a78f14fde367997915b4ab1a93d68a1aab4c6b7aba2204a
Instruction ID: 36077dd6dbdd296239bde41b3ce1f3ddb13e2b50ab1440e9174005571eb8b4c6
Opcode Fuzzy Hash: d482b11f697c5bf38a78f14fde367997915b4ab1a93d68a1aab4c6b7aba2204a
Instruction Fuzzy Hash: 64117C72604704AFEB21CE15DC84FA6FBE8EF08720F08846AE9469B652D764E508CA71

Uniqueness

Uniqueness Score: -1.00%

Function 05190D1C, Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05190D86

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 071d56fc1c74deb2a0f17a78fa5beb6621e4a10ba371365f90626dcc269bdd13
Instruction ID: 38c5304303da05bb27081c5bef81adcc7653a9890a43a6e81d2b3de2f040ca94
Opcode Fuzzy Hash: 071d56fc1c74deb2a0f17a78fa5beb6621e4a10ba371365f90626dcc269bdd13
Instruction Fuzzy Hash: 7F1172765093809FDB65CF25DC85B56BFE8EF45210F0884AAED45CB252D374E808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0519221E, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 0519227D

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 22b31aa00959afa84dd461e27a6e07e5acf5e5a3fae26756ce5f66aff6615d2c
Instruction ID: e8d57e702f5736ee6b142f2117b98745c697199a244c374fdd0b7663da0c4fb4
Opcode Fuzzy Hash: 22b31aa00959afa84dd461e27a6e07e5acf5e5a3fae26756ce5f66aff6615d2c
Instruction Fuzzy Hash: 3A11C476604304AFEB21CF65DC45FAAFBA8EF04320F04886AED458B655D774E404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00F5B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 00F5B841

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 979881ecb7c459b27ee3c1593e7765ae47bdd2877bc518953c543212c6f0c696
Instruction ID: 0f8a256a2de45e632786a9143f6bc2dcfcafa45e2b1cdfb3f7705b6083f38ffc
Opcode Fuzzy Hash: 979881ecb7c459b27ee3c1593e7765ae47bdd2877bc518953c543212c6f0c696
Instruction Fuzzy Hash: 8A219D724097C09FDB228B21DC50AA2BFB4EF17324F0D84DAEDC44F163D265A959DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F5A58A

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5338c84eae1ffec95e56e03b6eca32ea08bd2bb27a94eb6d39260d1618f15412
Instruction ID: fe5b37a2529085e27681d18081e045727ee52ff8836c20420cee4fdb6267d9cb
Opcode Fuzzy Hash: 5338c84eae1ffec95e56e03b6eca32ea08bd2bb27a94eb6d39260d1618f15412
Instruction Fuzzy Hash: FE11A272409380AFDB228F55DC44E62FFF4EF4A320F08859AEE858B152D235A418DB62

Uniqueness

Uniqueness Score: -1.00%

Function 051923BB, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 05192420

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 55b8ce93038b2fc3829db0b56e71db10a59b2846ff71f86c4d0d223331559ec6
Instruction ID: 17787cef73b07e42655fce28f10ba51e42cbd75920f4ebfbacddeeb8dc0b69f8
Opcode Fuzzy Hash: 55b8ce93038b2fc3829db0b56e71db10a59b2846ff71f86c4d0d223331559ec6
Instruction Fuzzy Hash: 17116D754093C0AFD7128F25DC54A92BFB4EF07224F1984EBDD848F253D2799909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 051902DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05190353

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: eb3fb429bdf5829e09950710d8b8db461793c82b0f249d68bc04513d79d5346b
Instruction ID: 81babdbd992844d88c0bcf7cd246c23666405415cb78ad045418ba595f099b08
Opcode Fuzzy Hash: eb3fb429bdf5829e09950710d8b8db461793c82b0f249d68bc04513d79d5346b
Instruction Fuzzy Hash: 8811E371100704AFEB31DF15DC45FAAFBA8EF08720F14849AFE454A696D375A608CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 051909F2, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 05190A51

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 609638396fccad7320f12605a70332efdacf422447fae65dcb81f2d2c6aafca2
Instruction ID: 67563360cb04fc6f9f47b5c1b7eeacd07340cec86ffd99db027b784a247a74ce
Opcode Fuzzy Hash: 609638396fccad7320f12605a70332efdacf422447fae65dcb81f2d2c6aafca2
Instruction Fuzzy Hash: B111E771500304AFEB21CF55DC44FA6FBA8EF08720F04846AED459B155D374E404CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 00F5BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 00F5BBB9

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 59d42a109c1c0794eca800436a7fb5f212a42a9b1b797f5ff6c9acaa06c58684
Instruction ID: 5169f444710922b1e9c3869c44ec0f0816bd961f034b1a21c31a451e09d46275
Opcode Fuzzy Hash: 59d42a109c1c0794eca800436a7fb5f212a42a9b1b797f5ff6c9acaa06c58684
Instruction Fuzzy Hash: E811BE36409380AFDB228F25CC45A52FFB4EF16220F0885DEED858B563D265A858DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00F5BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 00F5BE70

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: d05cc055f6f2271147483cf77b1ee80e032c6910e06931ea7db12b27f8eb9545
Instruction ID: 65186badad46e6c5048649cf92f926fe23f70ae06cae2d431361a0ccb8ece265
Opcode Fuzzy Hash: d05cc055f6f2271147483cf77b1ee80e032c6910e06931ea7db12b27f8eb9545
Instruction Fuzzy Hash: 24117C7580D3C0AFD7128B25DC45B61BFB4DF47624F0984DAED848F263D2656808DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00F5B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32 ref: 00F5B78A

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: f41e07d3030b76954ee9a3c6e54647aca4bc4af2dd1cbfda7c85ef0e93792e94
Instruction ID: 7f202e29a092d410c4ed57d9d50609abe41bb3f1512c6941864edf96815429a0
Opcode Fuzzy Hash: f41e07d3030b76954ee9a3c6e54647aca4bc4af2dd1cbfda7c85ef0e93792e94
Instruction Fuzzy Hash: 4811A2324083809FDB228F55DC44A52FFF4EF49320F08899EED858B522D375A418DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00F5BEB4, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 00F5BF0C

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 9a2ee383f9091e05ad626f0ecc46b1251ca052330575c80cfa68d7b12c5556a9
Instruction ID: bff7b516fcb3a07b78455b71d0a7fbae94e3668cd6f2394e1d9f8e14810b1fea
Opcode Fuzzy Hash: 9a2ee383f9091e05ad626f0ecc46b1251ca052330575c80cfa68d7b12c5556a9
Instruction Fuzzy Hash: DD1173729053849FD711CF65DC85B96BFE8EF45221F0884AAED45CF252D374E848CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05190D3E, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05190D86

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 9946887d074cbbcfc4c44af90c5bea838b2df3b46764fc1d66f96ce0d3f64e09
Instruction ID: dc015328cf36948c97b422cccdb97d507a2030dc894fe5dc4329b7f55c02729f
Opcode Fuzzy Hash: 9946887d074cbbcfc4c44af90c5bea838b2df3b46764fc1d66f96ce0d3f64e09
Instruction Fuzzy Hash: 661165796043409FDB64CF6ADC45B66FBD8EF48320F08846ADD49CB646D774E404CA71

Uniqueness

Uniqueness Score: -1.00%

Function 05190AD6, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 05190B1E

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 9946887d074cbbcfc4c44af90c5bea838b2df3b46764fc1d66f96ce0d3f64e09
Instruction ID: 8eac63cc3a020896e2a4f09ffb8292ab2f192c3f84f27d04674e1fccd6133363
Opcode Fuzzy Hash: 9946887d074cbbcfc4c44af90c5bea838b2df3b46764fc1d66f96ce0d3f64e09
Instruction Fuzzy Hash: 021152756043048FDB64CF6ADC85B56FBE8EF08724F0884AADD4ACB646D775D404CA71

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00F5A7BC

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: f5540cc3ae67cc5df5fb5341802557609cc92830e1f9fd7ed0417a4fd2103b91
Instruction ID: 0c55e9393a28a6b62ab8e4cc5410d6c49b14fb78dd94714316f3166f05d34a3d
Opcode Fuzzy Hash: f5540cc3ae67cc5df5fb5341802557609cc92830e1f9fd7ed0417a4fd2103b91
Instruction Fuzzy Hash: 4B119E714493849FD712CF15DC84B92BFB4EF06225F0884AAED448F253D275A859CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 05190932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,18ED3FAD,00000000,00000000,00000000,00000000), ref: 05190985

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 4946cee98d97aec11e56175d2169759c830873fb98b42bb7adb6a5e8e71b98d0
Instruction ID: 984257c20b941cbcf8d3ca0f8c4fb31c4944ebf93c7242894279464be7cff8b3
Opcode Fuzzy Hash: 4946cee98d97aec11e56175d2169759c830873fb98b42bb7adb6a5e8e71b98d0
Instruction Fuzzy Hash: EC01D671504704AEEB21CF19DC45FA6FBA8EF08720F548456ED489B246D374E404CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0519075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 0519079F

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 57de638a93871d4b22cfbd433fc749096fb4e39a79d665e880976dfe8aee765d
Instruction ID: ba37dd4c64b3ed67796fa3ed338d795d15e8f683938c4b05ba79e4f7fc18b129
Opcode Fuzzy Hash: 57de638a93871d4b22cfbd433fc749096fb4e39a79d665e880976dfe8aee765d
Instruction Fuzzy Hash: 8A1165756043448FDB68DF19D888B66FBD8EF08220F08C4AADD45CB645E774D504CF61

Uniqueness

Uniqueness Score: -1.00%

Function 051910D6, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,18ED3FAD,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 05191116

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 94be62825b5c4aceef60f834f5c93f23bba972efb908c19a94663c323f7bcfbe
Instruction ID: 9d13939d1b5881c87a037a5536945d787f57def28c17d15fadc45404f8f2c090
Opcode Fuzzy Hash: 94be62825b5c4aceef60f834f5c93f23bba972efb908c19a94663c323f7bcfbe
Instruction Fuzzy Hash: 1F11AD71604345AFDB24CF6AD884BA6FBE4EF04220F0884BADD49CB656D334E448CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 00F5A926

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 1c24788f32755734134e3321d7492c13c92ad94a081f3ac1eddc117cb3019789
Instruction ID: 728e5da0f628c8c1dc9d2d11405c0ce6a524766588a805592d848c9567e9b80b
Opcode Fuzzy Hash: 1c24788f32755734134e3321d7492c13c92ad94a081f3ac1eddc117cb3019789
Instruction Fuzzy Hash: 71118E314097849FD7228F15DC85A52FFB4EF06320F09C5DAEE854B262D375A819DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00F5BED2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 00F5BF0C

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 1e42589eaadabe2c3a42cadcd35c271602b7deedcd24a372e1f15058580562e0
Instruction ID: 5b622303902ce791b5bc5553f1e787ac313ca5f86ad6d19fdaf638310a10fa6b
Opcode Fuzzy Hash: 1e42589eaadabe2c3a42cadcd35c271602b7deedcd24a372e1f15058580562e0
Instruction Fuzzy Hash: F7015271A043449FD760CF6ADC857A6FBD4DF04321F1884AADD45CB646D774D808DE61

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00F5A1C2

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 52e535a1a115a138fba96d619eed699ef41ca34e6d0a2891f94bc6c65981f292
Instruction ID: 0196390b3022d871d7af02910a49037265905b5f2de7e61dff138e4c7e1c345e
Opcode Fuzzy Hash: 52e535a1a115a138fba96d619eed699ef41ca34e6d0a2891f94bc6c65981f292
Instruction Fuzzy Hash: 7001B171500600AFD710DF1ADC81B66FBA8EB88A20F14856AED088B641E231B916CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05192B0A, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 05192B55

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 20b1087cd78caffaba7fa2cacf063bbfac66cc1d3ece072c36fc69dd6faedebf
Instruction ID: 5a830fb33902be59c73109f9100d1034eb85276c4e25b258003c4d51aacdf0b0
Opcode Fuzzy Hash: 20b1087cd78caffaba7fa2cacf063bbfac66cc1d3ece072c36fc69dd6faedebf
Instruction Fuzzy Hash: A501B171500604AFD310DF1ADC81B66FBA8EB88B20F14852AED088B641E231B916CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F5A58A

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 558f6cc1820c438f42dce6b5e931c88b60de31807841aa549360e40af015213b
Instruction ID: c69978d4fdedb8438b1e256946167497eaa474c3bf43618f7e54cf5cb529d742
Opcode Fuzzy Hash: 558f6cc1820c438f42dce6b5e931c88b60de31807841aa549360e40af015213b
Instruction Fuzzy Hash: 810161325047049FDB218F55D844B56FFE0EF08321F18C99ADE454A616E375E428DF62

Uniqueness

Uniqueness Score: -1.00%

Function 00F5B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32 ref: 00F5B78A

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 588521feb0ff0c6871df7e1aede9cbf92c46d4cc73a44ecd5e62afcab4a5c796
Instruction ID: 050c5a1e0f7c0b76bf3fcb3d608e111486034c283cc988fc74d392af0732bf6b
Opcode Fuzzy Hash: 588521feb0ff0c6871df7e1aede9cbf92c46d4cc73a44ecd5e62afcab4a5c796
Instruction Fuzzy Hash: 4D016D324047009FDB218F95E844B56FFE0EF48321F0889AEEE854A616D375E418EF62

Uniqueness

Uniqueness Score: -1.00%

Function 00F5AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 00F5AFEA

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 535dceb14fd9fc054613631f21176e349bfcfd81da273594df71842cda58e116
Instruction ID: 30929a9fbf482f1ad44fce25e207469aa615643e49dee47eded626025d31c3d6
Opcode Fuzzy Hash: 535dceb14fd9fc054613631f21176e349bfcfd81da273594df71842cda58e116
Instruction Fuzzy Hash: B001AD71500604ABD224DF1ADC82B26FBA8FB89B20F14815AED084B741E231F916CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 05190232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 05190264

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 4fe632c31b310e283b2f9009a60c8449c0a8917556bc9d0cc7b991e2000768cf
Instruction ID: 0e4728ae205264ba64b8d8efce027116e1c1eca9b83726b2ee7354c6a992746e
Opcode Fuzzy Hash: 4fe632c31b310e283b2f9009a60c8449c0a8917556bc9d0cc7b991e2000768cf
Instruction Fuzzy Hash: 7001DF719043008FDB64CF2AD8887A6FBA4EF44320F08C4ABDC498F646D379E448CA62

Uniqueness

Uniqueness Score: -1.00%

Function 0519102A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0519105C

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 311973258dff5e1770eb5eb9be6a5e4764df6df36a91e290f5d4d8d43234f84c
Instruction ID: 1e539b1551727050eff9301cc9da4f7d7572bac6604de964c15d133887ffbb73
Opcode Fuzzy Hash: 311973258dff5e1770eb5eb9be6a5e4764df6df36a91e290f5d4d8d43234f84c
Instruction Fuzzy Hash: F101D4715043409FDB24CF2AD884B66FBA4EF00220F08C4ABDC498F646D375E448CB72

Uniqueness

Uniqueness Score: -1.00%

Function 051914B6, Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON

Download Yara Rule

APIs

DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 05191506

Memory Dump Source

Source File: 00000005.00000002.943275858.0000000005190000.00000040.00000001.sdmp, Offset: 05190000, based on PE: false

Similarity

API ID: Query_
String ID:
API String ID: 428220571-0
Opcode ID: d79d4a0df366fa3be36ce7113a4ae2948179ea3c4e6f5c5e41b5eba9170100ef
Instruction ID: 498889ec99b6842bb51af4ee267bda8dbff01293bb747c2ea4af2e2cfa3823b5
Opcode Fuzzy Hash: d79d4a0df366fa3be36ce7113a4ae2948179ea3c4e6f5c5e41b5eba9170100ef
Instruction Fuzzy Hash: 5001A271500604ABD214DF1ADC82B26FBA8FB89B20F14C11AED084B741E271F516CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00F5BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 00F5BBB9

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 5210b2612d2bff7668b224a38020ddc46692f351b0711b28fd1910163134d13b
Instruction ID: 27d721a01b7ad8ad73b5d1d076f7b6d4073e5b60aa5fd626009aa421196cdc52
Opcode Fuzzy Hash: 5210b2612d2bff7668b224a38020ddc46692f351b0711b28fd1910163134d13b
Instruction Fuzzy Hash: 6B01D4369043009FDB208F16DC44B65FBA0EF44321F08C49EDE454B666D375E418EF62

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00F5A7BC

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 1b2763ad8c2ad9ad87ac289f5d134aa63f019870072618a0787c500c5fb14ff3
Instruction ID: 49a85c9ef2a9c39b7a46da921eb3dbd8e8e9bb8e1c80d9740eca82aef59722eb
Opcode Fuzzy Hash: 1b2763ad8c2ad9ad87ac289f5d134aa63f019870072618a0787c500c5fb14ff3
Instruction Fuzzy Hash: D301A2759043448FDB10CF15E884755FBA4EF04321F18C5AADE488F606D279A418DAA2

Uniqueness

Uniqueness Score: -1.00%

Function 00F5B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 00F5B841

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: f40239dd283bedfaee967ed04b2b6e047dfb89fd2d6201265321beaa7527ebe0
Instruction ID: 420bc692ce41aeb2640268cef7c1af0f54023179c717f10cd7925f86dc16b60e
Opcode Fuzzy Hash: f40239dd283bedfaee967ed04b2b6e047dfb89fd2d6201265321beaa7527ebe0
Instruction Fuzzy Hash: 88018F329043449FDB208F56D884B65FBA4EF14322F08C49ADE450B666D375A419EBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 00F5A926

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 37be994dbe50cc94599f5bf267795802683d1a152d4fab48f8dbc5f07adab33a
Instruction ID: 5ece2449b8d159ceb284067365e404c2ff268a2ccba25614571a803961a3ed8a
Opcode Fuzzy Hash: 37be994dbe50cc94599f5bf267795802683d1a152d4fab48f8dbc5f07adab33a
Instruction Fuzzy Hash: 7701AD329047048FDB208F06D885B51FFA0EF08321F08C5AADE460B656D375A828EB72

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00F5A3A4

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 658946a1982b52dce100242ababc17f7c5a0116a897799bd7cb9909011d4f2b3
Instruction ID: 73fcdb04f4c53f6a131df6a0d03e76689f89ac71f9b66f998ee24bc9220ee4db
Opcode Fuzzy Hash: 658946a1982b52dce100242ababc17f7c5a0116a897799bd7cb9909011d4f2b3
Instruction Fuzzy Hash: FAF0FF35904344CFDB208F06D884765FFA0EF04325F18C19ADE484B606D27AE41CDAA2

Uniqueness

Uniqueness Score: -1.00%

Function 00F5BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 00F5BE70

Memory Dump Source

Source File: 00000005.00000002.941427661.0000000000F5A000.00000040.00000001.sdmp, Offset: 00F5A000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 658946a1982b52dce100242ababc17f7c5a0116a897799bd7cb9909011d4f2b3
Instruction ID: 9007dc59516b567f6929c527e46bf2b7c4e6a9d3f59072ab7d31f41127863c1b
Opcode Fuzzy Hash: 658946a1982b52dce100242ababc17f7c5a0116a897799bd7cb9909011d4f2b3
Instruction Fuzzy Hash: 7EF0AF359047448FDB208F06D8867A5FBA0EF04721F1CC4AADE494B656D379A80CDAA2

Uniqueness

Uniqueness Score: -1.00%

Function 050502E8, Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

:@fq, xrefs: 05050537

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: 80d3dd68c716a9ecf3813d14cf14abafcc01353a224209cd176075f23c2f6091
Instruction ID: fdbbd726941892deb798bcb9684ef2cffe0661b957ef488675659a983577cf27
Opcode Fuzzy Hash: 80d3dd68c716a9ecf3813d14cf14abafcc01353a224209cd176075f23c2f6091
Instruction Fuzzy Hash: 6761B130A05205CFCB18DF68D4A476E7BF2FF89320F148569D906AB355DB35AC46CB51

Uniqueness

Uniqueness Score: -1.00%

Function 05050682, Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

Z)q^, xrefs: 050506A1, 050506A6

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: Z)q^
API String ID: 0-2666575130
Opcode ID: 2182f3ebb424282ae757e85a23145f9ce80d39767fcacd4accae8846b4ab82a3
Instruction ID: 4c5354348348e723f422e50ffaec01336511fdd9bccf77d913198d854ed36370
Opcode Fuzzy Hash: 2182f3ebb424282ae757e85a23145f9ce80d39767fcacd4accae8846b4ab82a3
Instruction Fuzzy Hash: C4417D316083498FC7147B35ED2D66E3BA3BF8171A7148669F812CB2B5DFB44C05AB91

Uniqueness

Uniqueness Score: -1.00%

Function 050521F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

r*+, xrefs: 0505230F

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 55ef985f760c0092740a5ee7df989554c72a8222660f0cb47b5f52d1c9c94753
Instruction ID: 1c9fd6757e1719eee60665f4a4af208a44bbe879b0cd48a7db49ad7aa623bda4
Opcode Fuzzy Hash: 55ef985f760c0092740a5ee7df989554c72a8222660f0cb47b5f52d1c9c94753
Instruction Fuzzy Hash: 63416D38E0820AEFCB48DFA5D4456BEBBF2FF45314F50806AC802A7260D7748A05CF52

Uniqueness

Uniqueness Score: -1.00%

Function 050584A0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

r*+, xrefs: 050585B7

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: b5c4d9fdc31ab7be16bd08551fec9f0590ea3328e3ef7b488335c5abba7f977a
Instruction ID: 8482ca69d39bcf22c93e34cf416f5a50472583ede78b013bb6f38bafd4561855
Opcode Fuzzy Hash: b5c4d9fdc31ab7be16bd08551fec9f0590ea3328e3ef7b488335c5abba7f977a
Instruction Fuzzy Hash: 4841F634E05209DFDB58DBA5E5567AFBBB2BF44310F2084AADC06A7260DB349A41CF52

Uniqueness

Uniqueness Score: -1.00%

Function 050550E0, Relevance: 1.3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

Strings

d@q, xrefs: 050551BC

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: d@q
API String ID: 0-1277414842
Opcode ID: 7aa4adbad899ea24f7ae188190f87033b1e9f881c20a25a7f8a5380b9924071f
Instruction ID: 8bf91aaec5273cbec26a588195b4958fdfd49f072221c536030e93bb5413aa78
Opcode Fuzzy Hash: 7aa4adbad899ea24f7ae188190f87033b1e9f881c20a25a7f8a5380b9924071f
Instruction Fuzzy Hash: 2C216D31E003099FDB04DFA9D8146AFFBF7AF89310F548529D90AAB355EB70A945CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0505699E, Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

]P)q^, xrefs: 05056A09

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: ]P)q^
API String ID: 0-3378420405
Opcode ID: e53c83d445c2309295d998ccfd3ef399d98f2d947e1d70d0d8835930b84184a6
Instruction ID: af951c727a4ba2d3371edf143d2367c401ffac796cc2fc51b6b850b9898f436a
Opcode Fuzzy Hash: e53c83d445c2309295d998ccfd3ef399d98f2d947e1d70d0d8835930b84184a6
Instruction Fuzzy Hash: 73319C346003048BC754AB79D45A56D3BB6FF823553448B6DE10ADB38ADF769C0BCB81

Uniqueness

Uniqueness Score: -1.00%

Function 050550D0, Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

d@q, xrefs: 050551BC

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: d@q
API String ID: 0-1277414842
Opcode ID: 42403931fc207893edbe2132c0ddad5c84c9a5195869a6db4639cafcfdb05294
Instruction ID: 934d5b714f2ee2e45753a44756ceace2bbf15b68810e539ab8825e3809c37126
Opcode Fuzzy Hash: 42403931fc207893edbe2132c0ddad5c84c9a5195869a6db4639cafcfdb05294
Instruction Fuzzy Hash: FA114671D043499FEB05CFA5D855AEFBFB2AF89320F144429C90AAB661E770654ACB80

Uniqueness

Uniqueness Score: -1.00%

Function 0505C678, Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

m?)q^, xrefs: 0505C6E4

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID: m?)q^
API String ID: 0-188400998
Opcode ID: 1a9ee1d13acf23ebda1df5a39c6c6a5468a53e306006bdb49d432629014750e3
Instruction ID: bc3cd11fb301554f2c1894bed43ec85f86147989cd5e4b95690dd3d14be7f6af
Opcode Fuzzy Hash: 1a9ee1d13acf23ebda1df5a39c6c6a5468a53e306006bdb49d432629014750e3
Instruction Fuzzy Hash: 4A11BF34308344CBD314E738D51112EBB97ABC6764794892EA44B9F682CF36DC46CB86

Uniqueness

Uniqueness Score: -1.00%

Function 050512A0, Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80506d34f2c1658db8ca6fe6bcf599420a91b27213c0e952e17f3c0edac9228
Instruction ID: c0a0204a99a658f7800d91d21a2ef8f5938e3c9507cb584abfd92d559357b933
Opcode Fuzzy Hash: e80506d34f2c1658db8ca6fe6bcf599420a91b27213c0e952e17f3c0edac9228
Instruction Fuzzy Hash: ED220334A00615CFCB24DF29D490A6EB7F2BF48314F148A99D85AAB75ADB34ED46CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0505E708, Relevance: .4, Instructions: 372COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16985e19ff8db0a1dabf4eedaa1a0ac150175c3a3556e2eb2f8bad5d782934ac
Instruction ID: 56275340c3a53516f9aa98f520e1d11210c564b2e13a3da65aabf828db1178a0
Opcode Fuzzy Hash: 16985e19ff8db0a1dabf4eedaa1a0ac150175c3a3556e2eb2f8bad5d782934ac
Instruction Fuzzy Hash: 54E18334A04205DFDB54CF68E584AAEBBFAFF48320F158599E886AB251D734EE41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F52477, Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.941420839.0000000000F52000.00000040.00000001.sdmp, Offset: 00F52000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 637ad13ed7f2df779d9d62348cdae7f2e6dccf3ffe206928ae639665a6e21582
Instruction ID: 805fb311eff68dcc8942a273a96d63cb527561fd43a3269af3856843b05564cb
Opcode Fuzzy Hash: 637ad13ed7f2df779d9d62348cdae7f2e6dccf3ffe206928ae639665a6e21582
Instruction Fuzzy Hash: B4A1AD6690E3C15FD7538B78583A294BF719F23322F4E41CBD9C08E0E3E149588AD7A6

Uniqueness

Uniqueness Score: -1.00%

Function 05055F30, Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09680156fc892041941a9c989584fe07e9916fa04f77f5d1f49f6c42f311e8db
Instruction ID: 284678efcbb29e9ed7dbf53bf74d707f48f361644601591588ba351dc9025879
Opcode Fuzzy Hash: 09680156fc892041941a9c989584fe07e9916fa04f77f5d1f49f6c42f311e8db
Instruction Fuzzy Hash: BD816F31A006198FCF15CF14C880AAFB7B3AF85314F558595DD0AAF215DB72AE8ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 0505A96F, Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61be6f35e88b417243ef59a8580184d0e7aa7284654857c7eae2c57beaaea60
Instruction ID: 095f8a054a61ad44f73d92b3835f81f02ba566b8fba4f81f9c914bd4d7f5b02b
Opcode Fuzzy Hash: b61be6f35e88b417243ef59a8580184d0e7aa7284654857c7eae2c57beaaea60
Instruction Fuzzy Hash: 1481B1317006158BC704EB68C89AB6E7BA2FFC5315F60862DE6058B699CF749C0ACBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0505DFA0, Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b83cd13f45ff276219763243bfb1caf934f793de976a0b0b4dba6e04c18639bf
Instruction ID: 4c2a3ea531fdf9d7a43d62653399539069f811d547ace2a3eec775adb5adf6bf
Opcode Fuzzy Hash: b83cd13f45ff276219763243bfb1caf934f793de976a0b0b4dba6e04c18639bf
Instruction Fuzzy Hash: 8751B635A00119DFCF14DF94D8818AEB7BBFF84320B148559E90AAF255DB30EE56CB54

Uniqueness

Uniqueness Score: -1.00%

Function 05057398, Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6bc42a6b3ef5edc2d78ca7f7c5b199dd5b5d1a54bac97411eb7e66d5fd7c173
Instruction ID: eb4df6f0da47cb728536bed67c7335af6259308e49d41473d4f96489658a28aa
Opcode Fuzzy Hash: c6bc42a6b3ef5edc2d78ca7f7c5b199dd5b5d1a54bac97411eb7e66d5fd7c173
Instruction Fuzzy Hash: B4311931900229CFCF11CF14D8586DEBBB2EF85354F518594D9097B215DBB06A8ADFC0

Uniqueness

Uniqueness Score: -1.00%

Function 05056FE8, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78e746d6b25f8cc7410a138f15ccf490dcb849dc12ad3282e3923dd52bd782aa
Instruction ID: 7d7f12106bff6dafee186e6443f3bf0778f8cf7be1985f3c0bc6e0924824925a
Opcode Fuzzy Hash: 78e746d6b25f8cc7410a138f15ccf490dcb849dc12ad3282e3923dd52bd782aa
Instruction Fuzzy Hash: 44515231F002198BCB54DBB9D4546AFB7F3BF88710B648569C80AAB395DF31AD42DB90

Uniqueness

Uniqueness Score: -1.00%

Function 050509A0, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40284a872b08f61e8ee7da51414056763a17391b57ff0bfa8349a79a729c068c
Instruction ID: f5cc873cb98be0037c8be0e367448f3b5c4a2110988440154c73bf2f15eb6a9b
Opcode Fuzzy Hash: 40284a872b08f61e8ee7da51414056763a17391b57ff0bfa8349a79a729c068c
Instruction Fuzzy Hash: 4141E631B04655EBDB14DBA8E8A87BFB7B3BB45324F204555ED569B240DB30AD06C780

Uniqueness

Uniqueness Score: -1.00%

Function 05057F40, Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11a0e61f964c01033849e5e3fcd070e03836769e257638ad203da8860996a66a
Instruction ID: 094110828b9e33719ee54655acb7ee25981b22d6f044670f10931157f74b58aa
Opcode Fuzzy Hash: 11a0e61f964c01033849e5e3fcd070e03836769e257638ad203da8860996a66a
Instruction Fuzzy Hash: E8514774D04218CFCB54DFA8D98469EBBF2FF48320F20866AD85AB7294E7316946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05057970, Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7007c458e405c5ab52905781ed8b2f4e71a161d6f46d52d55d53a3834816618
Instruction ID: bc7f404f148126aa27f6e8db8e54d44f9298ceb4ca50940b707fcd89f25a1c3f
Opcode Fuzzy Hash: a7007c458e405c5ab52905781ed8b2f4e71a161d6f46d52d55d53a3834816618
Instruction Fuzzy Hash: A9511734A01219CFCB24DB78D598BAD77F2FF89350F6086A9D80A9B295DB30DC41DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0505CA68, Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af1c3a83bcbf53fc70250235ce20928977fb6f2f1f1f026ad7f8da980c41758
Instruction ID: 3a54c073587192e6b31c4b71901dfb9a6661719a707ea998183d7135230ee51e
Opcode Fuzzy Hash: 0af1c3a83bcbf53fc70250235ce20928977fb6f2f1f1f026ad7f8da980c41758
Instruction Fuzzy Hash: EC418034A147058FE724DF76E89866FBBE2FF88324F14C62DC85697691DB70AC428B50

Uniqueness

Uniqueness Score: -1.00%

Function 05050BC0, Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f432b2f56ace08fde106918c3c97dfb11a6cc2e5a1bfb1b3b8113b60a850748
Instruction ID: 3f9ce6a2b106901570e4b9e5dd93dd554a22c1cf74999570d58183552a9638d7
Opcode Fuzzy Hash: 6f432b2f56ace08fde106918c3c97dfb11a6cc2e5a1bfb1b3b8113b60a850748
Instruction Fuzzy Hash: F6419631B051088FC715DB68D4287AF7BE7AF86321F15806AED069F3A1DEB19D068791

Uniqueness

Uniqueness Score: -1.00%

Function 05051458, Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 495775eacc82ee9f7a71993c35342fe80a95d1b366b3728d3e01a3ee7ce85635
Instruction ID: efc0f1910140ccd7d3774f75e3ca124c84cef67035e70c84f97fee0e0c644b01
Opcode Fuzzy Hash: 495775eacc82ee9f7a71993c35342fe80a95d1b366b3728d3e01a3ee7ce85635
Instruction Fuzzy Hash: E951E134A00219CFCB54EB64D894B9DBBB2BF49304F1441A9D80AAB366CB359D89CF51

Uniqueness

Uniqueness Score: -1.00%

Function 05058178, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2a5b531399a456b831a5eff0c65cc482bf88a7f4e6d0b3a81b2b93cdac0a364
Instruction ID: b5b5d429a5850abe4861cea01271fd6510b7e90c98f2e6bb281c1781d8beaa8f
Opcode Fuzzy Hash: f2a5b531399a456b831a5eff0c65cc482bf88a7f4e6d0b3a81b2b93cdac0a364
Instruction Fuzzy Hash: 04418135A0450ACFC700DBA8E4889AEBBF5FF44324F64C666DD16DB254DB30D845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05056B6A, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14e157da5f89b171825ac4a4baebf76ac9610b32b0031a71857a06899443f871
Instruction ID: a3b3db4216d5d9a8fea7b2fc1302e48243cb8f3ad4aaf71549f26f340a8305dc
Opcode Fuzzy Hash: 14e157da5f89b171825ac4a4baebf76ac9610b32b0031a71857a06899443f871
Instruction Fuzzy Hash: 4241A134B01210CFC705AB76E4541AE7BB2BF8D31175802A8ED4AEB396DF359C06DB51

Uniqueness

Uniqueness Score: -1.00%

Function 05052BF8, Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e67471e245ac80f032086840382e90da5cc5e8b633904b5c2c2a21f2eb45b98a
Instruction ID: 03caa88331081417a805566321d1dd6c097483ed304221f01c9c66aad902bed6
Opcode Fuzzy Hash: e67471e245ac80f032086840382e90da5cc5e8b633904b5c2c2a21f2eb45b98a
Instruction Fuzzy Hash: E041F53460D396DFC715C728A89863E7FF6AF42220B198596D85ACF2A3C7619C05C751

Uniqueness

Uniqueness Score: -1.00%

Function 0505ED88, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bb4531c58fad486e543aa80be11eb9c78fa1409e2fa6be87d04c9d0d131a830
Instruction ID: 8b5351a37c97ac7cf826c65045477b6492d5276283037bc7790824f83c982b6f
Opcode Fuzzy Hash: 7bb4531c58fad486e543aa80be11eb9c78fa1409e2fa6be87d04c9d0d131a830
Instruction Fuzzy Hash: 78410874E10209DFCB54CFA8D484A9EBBF6FF48314F1485A9E815AB355D731A982CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05056B78, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5152b72961d5e96f50226173e1a64a39876fedca922565326e647957a902152d
Instruction ID: b6d4743f2eef08d1b8ee2bf7e420bacdceeaf21930cc3882c3fc6ef34f6d9eee
Opcode Fuzzy Hash: 5152b72961d5e96f50226173e1a64a39876fedca922565326e647957a902152d
Instruction Fuzzy Hash: 7A419134B01210CF8705AB66E4541AE7BF6BF8D32175802A8ED0AEB396DF359C06DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0505AD10, Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97306ea71ff071b4b5b8e3024eeffecbea698e0b5801b9a18d6b0a09124df625
Instruction ID: e5aa879319a8b9fcc280324bcb016ef4d0556d52e57b4d6d6047ba4f67edadb2
Opcode Fuzzy Hash: 97306ea71ff071b4b5b8e3024eeffecbea698e0b5801b9a18d6b0a09124df625
Instruction Fuzzy Hash: 4E31C471B046658FCB14DBA9D4906AEBBF2FF88322F604529E846D7740CB35EC428B90

Uniqueness

Uniqueness Score: -1.00%

Function 0505DF90, Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bd87aa58771aab4267ce95e6514514a7fe50eebeb699f93c93e677cb7f53dbf
Instruction ID: 023ef95c9f013a704aff6c389cfb2146a0bbda04ea338919eba0b52d34fc5fb2
Opcode Fuzzy Hash: 4bd87aa58771aab4267ce95e6514514a7fe50eebeb699f93c93e677cb7f53dbf
Instruction Fuzzy Hash: F431B236A04209DFCF08DFA4D8459EEBBBBFF84310F044469E906AF261DA31AE55DB54

Uniqueness

Uniqueness Score: -1.00%

Function 050509A9, Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92819a71a262646b866eaca3efe905a286d5d2ad02b405496435ab0ae4ddedd
Instruction ID: c84fa675d4b0b1084596ce3fa4b5f3fef5a6d91337609a3944653d6383008088
Opcode Fuzzy Hash: c92819a71a262646b866eaca3efe905a286d5d2ad02b405496435ab0ae4ddedd
Instruction Fuzzy Hash: 23419531B006099FCB04DFA9D898A6EB7F7FF88304F258158E5169B365CB70AC06CB80

Uniqueness

Uniqueness Score: -1.00%

Function 050502DA, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93bee697a3c16213dfbada52ed51cbdefc0ec9d48244220a8e9c5a5c2725da6f
Instruction ID: 81c68841cc20448f9ce6eebd45dba4f807410197485601ffc4971ab970251f87
Opcode Fuzzy Hash: 93bee697a3c16213dfbada52ed51cbdefc0ec9d48244220a8e9c5a5c2725da6f
Instruction Fuzzy Hash: 5E416B70A01205CFDB28CF68D468BAE7BF6EF89320F144469D902AB7A5DB759C41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0505DE79, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc0d0a0fde06cfee7ae8f35019a5f83d0b6f8305157fa7dcb5c46694dbfa39af
Instruction ID: 4c5d19b99c6b111781ca137c509ec6eea1ce71ba4323f432974aa9a72a77ea17
Opcode Fuzzy Hash: cc0d0a0fde06cfee7ae8f35019a5f83d0b6f8305157fa7dcb5c46694dbfa39af
Instruction Fuzzy Hash: E8313F72A04205DFC754DF68D445AAEFBF6FB88320F14857AE80AA7241DB31DE41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0505CE40, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3525f2c8a56c5d7788c313ba83aa5dfb01b8f44e7d061661a97bdca3f947e9c
Instruction ID: 250285b8e322528dbed9b65a1af30292c00044aa47260b9f25d86bfcb49747fe
Opcode Fuzzy Hash: e3525f2c8a56c5d7788c313ba83aa5dfb01b8f44e7d061661a97bdca3f947e9c
Instruction Fuzzy Hash: 2441C275A00209DFDB54CFA8D481A9EBBF2FF48324F248469E806AB255D771ED46CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05051290, Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1bed8fc10b8a6994b75d44b7d6078f9a3763d28bcdf2e060e1554a5e75ceb65
Instruction ID: 3aac0d9215f8feaa2afb808512404c76c1a280136a49addf83672a9223dd5ec8
Opcode Fuzzy Hash: a1bed8fc10b8a6994b75d44b7d6078f9a3763d28bcdf2e060e1554a5e75ceb65
Instruction Fuzzy Hash: 22411234E04218DFCB20EF65D894B9EBBB2BF49314F1441A9D84AAB355DB309D85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 050520D0, Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7de133d0f92478dc7442615a172c9502c124e0647b6b574be1c2ac11f9f162c9
Instruction ID: 4b6a57219680c275bc749cbb07f1e758f2b1e5e11a3ab1fb78939c15c07a72da
Opcode Fuzzy Hash: 7de133d0f92478dc7442615a172c9502c124e0647b6b574be1c2ac11f9f162c9
Instruction Fuzzy Hash: D1318338A05207DFCB04DF68D880A7F7BB6FF95320B1585A6C946DB255DB30AC41C795

Uniqueness

Uniqueness Score: -1.00%

Function 050543C0, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 872881f097bbf28a1ba56ee60c8d926c3fbc3a90cc684e7c349107b9839335b9
Instruction ID: eba14a721b1646ad96898466f8f2365ce2981ab4128adbff60321ca8bd39f33e
Opcode Fuzzy Hash: 872881f097bbf28a1ba56ee60c8d926c3fbc3a90cc684e7c349107b9839335b9
Instruction Fuzzy Hash: 8B31E631904225DFCB01EF64E8588EE7BF2FF453143148295E906AB37ACB359856EF50

Uniqueness

Uniqueness Score: -1.00%

Function 050545C8, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b23a902587f6b183a392327bbc4810b22b7f714fc01c0a3a20f4c8abd5e62c4a
Instruction ID: 913b65db407844de3c1c471580a4020e29d5ac5e2948cca39e5b0e783af600b5
Opcode Fuzzy Hash: b23a902587f6b183a392327bbc4810b22b7f714fc01c0a3a20f4c8abd5e62c4a
Instruction Fuzzy Hash: 4B218535F001199FDF44DAA5EC81BFFB3FAFB88224F104125EA19D3140EA70594987A2

Uniqueness

Uniqueness Score: -1.00%

Function 0505EC60, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ca3ce1180fbf5e72193d2c40803de06cd8073db87fafb9a97698337f8038ae3
Instruction ID: 1cd569a7461d0dbd89a01ac56736caa776fcaf0518d1f0f6fd46dcc171f67571
Opcode Fuzzy Hash: 7ca3ce1180fbf5e72193d2c40803de06cd8073db87fafb9a97698337f8038ae3
Instruction Fuzzy Hash: 06410830508B50CFD379CF2AD54476BBBE6BF84215F1488AEC9DB86AA0DB75E542CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0505CAD0, Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2321e611cf0305f1479ee069bf20ad587481a776c2fc24cb9c5a0175d5a99296
Instruction ID: b00d303364c776e629626ba509bfa942275694cd0422d5cdf5ffa54372137712
Opcode Fuzzy Hash: 2321e611cf0305f1479ee069bf20ad587481a776c2fc24cb9c5a0175d5a99296
Instruction Fuzzy Hash: E2315034A04305CFE714EFB5E8986AF7BF3BF88320F548629C816A7255DB74AC419B50

Uniqueness

Uniqueness Score: -1.00%

Function 05050006, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f77cec6ae449bcf31d9b3998c949a071fe372cf363e7bad6c1cae7db96160c4
Instruction ID: bb161eb79267d683c877bf0a327a299265861beb39e3690a1bd0e15b55c510db
Opcode Fuzzy Hash: 0f77cec6ae449bcf31d9b3998c949a071fe372cf363e7bad6c1cae7db96160c4
Instruction Fuzzy Hash: 8B314C7050E3C59FC702EB74EC6861D3FB2AF42315F09469BE485CB2A7DA79880AD712

Uniqueness

Uniqueness Score: -1.00%

Function 05056FD8, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c55b3d522b0dac401e6139f2bba7e4878fe45284bb493c895279874d61c5c62
Instruction ID: e39f70c6a070ca26059371c59045615518bbbeb779877390a9b95d1ac099ac66
Opcode Fuzzy Hash: 0c55b3d522b0dac401e6139f2bba7e4878fe45284bb493c895279874d61c5c62
Instruction Fuzzy Hash: F9313C31E002198FCB14DBAAD4949AFF7F3FF88310B148569D81AAB355DB31AD46DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0505E3E9, Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ca41eca103eb0d70d9f855b98c8cbf0e8f161c2f50f2d4e7d9a5aaf3b6fe126
Instruction ID: 6d7cb167bdf6f82769f027701a743adbc5c4da4b43aabbcca44f0935f67279d2
Opcode Fuzzy Hash: 7ca41eca103eb0d70d9f855b98c8cbf0e8f161c2f50f2d4e7d9a5aaf3b6fe126
Instruction Fuzzy Hash: 19317C34B00304CFCB55DFA9C485AAEBBF6BB88311F508469E946AB740EA35E942CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0505DC91, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aee5ccf3989f0733865c00f05b209fd05b1068112f446927a01ec348671af47
Instruction ID: 6ea062f5f1b6581a90efe358c5725923cf5f5adcf0102c22b0aebc9ab7be5e2e
Opcode Fuzzy Hash: 5aee5ccf3989f0733865c00f05b209fd05b1068112f446927a01ec348671af47
Instruction Fuzzy Hash: 4E3148307017058FC7A5AB38C45066E77A3BFC97047648A2CE1469F798DEB6EC079B80

Uniqueness

Uniqueness Score: -1.00%

Function 050543D0, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3db896e6debea0c6a0980e44c092d89d0498ad0db404d331eb9408a1a5aa051
Instruction ID: 9e12e8de2c0d4a39ac098eb0a972b80953a6289efa1390412bc0a09d224b849f
Opcode Fuzzy Hash: f3db896e6debea0c6a0980e44c092d89d0498ad0db404d331eb9408a1a5aa051
Instruction Fuzzy Hash: D031D635900225DFCB01EF64E84889E77F3FF443147148165E90A6B379DB75A956EF40

Uniqueness

Uniqueness Score: -1.00%

Function 05058470, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2bbfbf7ab0aedbebe5b6b0c0dbfd7f209eb7aa0e536bca4cf003a8f4d3e5a4a
Instruction ID: 645f2ba1f1b17cffa5762d185dd410dc0a37293fb9209e8b667d52dcee1909f7
Opcode Fuzzy Hash: b2bbfbf7ab0aedbebe5b6b0c0dbfd7f209eb7aa0e536bca4cf003a8f4d3e5a4a
Instruction Fuzzy Hash: 5A316C30D08249DFCB55CFA4E1A57AF7BB2FF45320F2484AADC429B251DA349A05CB52

Uniqueness

Uniqueness Score: -1.00%

Function 050555E8, Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd5d2aae5a308069171b8b6801aee956b897d3f8952b1dfa65523a9154bbd775
Instruction ID: 5280a4e38dc12095ea07508cda87f9183563ec9d1cd906654b843fc91c04190b
Opcode Fuzzy Hash: cd5d2aae5a308069171b8b6801aee956b897d3f8952b1dfa65523a9154bbd775
Instruction Fuzzy Hash: 7F21D330B402049FDB149B79D8957EEBAE7AF88720F14006AE902EB3D0DEB54D49CB91

Uniqueness

Uniqueness Score: -1.00%

Function 050582E0, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7caa73e3f3ba0585bad6fc670486af2f8753d2f61b10eab132d7fc7933714959
Instruction ID: e16b6064f060f4393de7645840f4a556ff2bee48d2d724fb34a8cc4de07cbbd4
Opcode Fuzzy Hash: 7caa73e3f3ba0585bad6fc670486af2f8753d2f61b10eab132d7fc7933714959
Instruction Fuzzy Hash: A3318930B14210DFCB58EB38E44966E3BA7AF85321B25C569EA06DB2A4DF34CC41CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0505A5F8, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2c211a52eedeb82c821f0cc0cd55e8804964e3b418ffbb6190cc2310a2a4ce5
Instruction ID: f0587b2bc153fcde4450094013ceae9dcafcc88d6bb40919de35ab8f1a1b574d
Opcode Fuzzy Hash: f2c211a52eedeb82c821f0cc0cd55e8804964e3b418ffbb6190cc2310a2a4ce5
Instruction Fuzzy Hash: 42218630F042099FCB14DF75E841AAFB7B2BF88751F104A29E402AB244DF74AD09C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 05055831, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 366100d77b91658613ea5d6496b262744de79a55eabac98830f7706e3f1bc671
Instruction ID: e0294cbfba01656d6f84d852358a3f6087a8e0011867521f5a82f973270a30f5
Opcode Fuzzy Hash: 366100d77b91658613ea5d6496b262744de79a55eabac98830f7706e3f1bc671
Instruction Fuzzy Hash: 8A21F330B051045FCB18A7BAAC586BFBBEBAFCA230B504569D8079B7E1DD748C0587A1

Uniqueness

Uniqueness Score: -1.00%

Function 05058EF8, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b26d1f3c813aed0a95dc76b11c7c3a5a550acff83332a9d34713a7d463f6ace
Instruction ID: 80d0144a9f1c75060c939f0961cfafff3e51185abf57b56c97e665a4f8ab692a
Opcode Fuzzy Hash: 8b26d1f3c813aed0a95dc76b11c7c3a5a550acff83332a9d34713a7d463f6ace
Instruction Fuzzy Hash: 8C219031609101DFC700DB28E84A97E7BE7BF49324B25C5A6FC4ACB692DB719C04C752

Uniqueness

Uniqueness Score: -1.00%

Function 0505DB27, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4604f3d3720f29b0c273d15cecbb878197b3e1938cb3250f7dace25a1c1f058
Instruction ID: dcac6f01829f40b598009cf44074d316c9940460dfce26b553132fd17ef45dce
Opcode Fuzzy Hash: b4604f3d3720f29b0c273d15cecbb878197b3e1938cb3250f7dace25a1c1f058
Instruction Fuzzy Hash: 7221A136A18219CBDB14DB64E4407BFB7E7BB88321F10856BD806DB340DF75AE468B91

Uniqueness

Uniqueness Score: -1.00%

Function 050525DE, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9990bccc8b899dfd55e5207a87728f46d671d3e74b709b420e4acf6e53234e6
Instruction ID: 55c3d844478379da1ed9dd67d21a2c6ae2e5a66a717caf056e0608adebcf5d77
Opcode Fuzzy Hash: f9990bccc8b899dfd55e5207a87728f46d671d3e74b709b420e4acf6e53234e6
Instruction Fuzzy Hash: 7631CD34E0020ACFCB60DF65E95475EBBF2BF85328F20C229C415AB265CBB49589CF81

Uniqueness

Uniqueness Score: -1.00%

Function 050521E8, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 468f6bf3e86be00901a6553c1f285a2734005d00667b4dbffee2533b286e5d95
Instruction ID: 00959fb58265044af2d8e1ff06b3811ada126055cb444264d42593b4bcff1e28
Opcode Fuzzy Hash: 468f6bf3e86be00901a6553c1f285a2734005d00667b4dbffee2533b286e5d95
Instruction Fuzzy Hash: CB318F38D0820AEFCB84DFA4D4447BEBBF2FF45310F90419AC802A72A1DB358A45CB52

Uniqueness

Uniqueness Score: -1.00%

Function 05058886, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9893c2415c37cbc4ff2f306df2b0ce0ea693d1d2effa680f7514e717c07900
Instruction ID: 8dcdf3af73f1d081e490d4c6f2933fd6cd852f0f5f950d31f61ea4239573ba66
Opcode Fuzzy Hash: 6e9893c2415c37cbc4ff2f306df2b0ce0ea693d1d2effa680f7514e717c07900
Instruction Fuzzy Hash: E2317630A00249CFDB60CF65E44565FBBF2BF84324F24C629E804AF258CF749489CB81

Uniqueness

Uniqueness Score: -1.00%

Function 05054F10, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fa0a2e2750dc70d6e74b93ac261c2fc6418bd5777e29138ba65d1cd62443887
Instruction ID: 2864318ebf6149f5904ae8859c90482d9ca81c02bf34dd54647dc228b8b86179
Opcode Fuzzy Hash: 0fa0a2e2750dc70d6e74b93ac261c2fc6418bd5777e29138ba65d1cd62443887
Instruction Fuzzy Hash: D721C5306092558FCB05E769F8915BF3753AFC03617108A66E8464755ECF309C828352

Uniqueness

Uniqueness Score: -1.00%

Function 050548B9, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04ddbb1fb7d6d6c2b80dd04c211683fc24e29aa868cb947ff3ad9a1f2005217
Instruction ID: 335a5868799e382a15ba4cf3a928f9389b58b3fe0fb0146b3403c8b126c505ed
Opcode Fuzzy Hash: f04ddbb1fb7d6d6c2b80dd04c211683fc24e29aa868cb947ff3ad9a1f2005217
Instruction Fuzzy Hash: 4A11D331B0815AAFCF06DBB4E8915FFBBB7AFC5320B044069DD06B7251DE24594687A1

Uniqueness

Uniqueness Score: -1.00%

Function 05055840, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9e63bcea44603c1d0d7586d9e52ad76f46d99f87a6691d262361343d158ea84
Instruction ID: 2d6c9a1aa95b7cfca4f8a8f8c9f405d450ea68fb87d249b38367eeefd45465d4
Opcode Fuzzy Hash: d9e63bcea44603c1d0d7586d9e52ad76f46d99f87a6691d262361343d158ea84
Instruction Fuzzy Hash: 3811E230B001149BCB18E7BAEC5867FB6EBAFCA630BA04539D8179B7E5DD708C0047A1

Uniqueness

Uniqueness Score: -1.00%

Function 0505AD00, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc819909af5e1115e376615602b70e8f1a3063ff73c759973b8d8c5193966ba9
Instruction ID: e94e9987c4d70d1462cba420897219c8a5d1b3dc9dc5e4792f5c58005ad99b7d
Opcode Fuzzy Hash: bc819909af5e1115e376615602b70e8f1a3063ff73c759973b8d8c5193966ba9
Instruction Fuzzy Hash: BA21A1B1F046659FCB04DA98D8944AEFBF6FB88311F10812AE856E3351D734A911CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0505A5E8, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 804409ae170cfca6b63ec9ea3c2094222fb4d86a53203698b805b5d8289109b3
Instruction ID: 95251abcdf935e5df77873539a3423d29d98c91c75cb2b17143e4f2909f7dd89
Opcode Fuzzy Hash: 804409ae170cfca6b63ec9ea3c2094222fb4d86a53203698b805b5d8289109b3
Instruction Fuzzy Hash: 6B11D670B042599FCB14DB74E881AAF77F3BB88761F10466AE9029B284DB749C098791

Uniqueness

Uniqueness Score: -1.00%

Function 0505E290, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45c15bd01eef285c1b591837c5713ccd56ce6b4832f7129f4acf7f747f57f702
Instruction ID: 6eb7eb4a1cadc5b8658a94a8db4139f11877c098413e297d21cea38dc994f9f2
Opcode Fuzzy Hash: 45c15bd01eef285c1b591837c5713ccd56ce6b4832f7129f4acf7f747f57f702
Instruction Fuzzy Hash: D7215135A04114DFCB54DFA9D5499BFB7FAFB48320B6080AAD98AE7244D731AF01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05055000, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90d3594438d4822434a3c0f58d46bd0505ac4f86b8746e7eb347137453e6c39e
Instruction ID: a5d6cfa580983069de9cc2886b70d2be9aeb4dc09fe5be22dc2dc0058839215b
Opcode Fuzzy Hash: 90d3594438d4822434a3c0f58d46bd0505ac4f86b8746e7eb347137453e6c39e
Instruction Fuzzy Hash: 8E118431B042158FCB54EBB9A8502AF77E6EF842607544179CD0AE7345EF309D02C7D6

Uniqueness

Uniqueness Score: -1.00%

Function 05054511, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f7e1653c4ff0c8c85be1caa1c91969515630e80044bbf2738e079bc7519a303
Instruction ID: 6ab13d26357d6eb59c2f8044d6558e87fab5ef294e4965b0a38c5e569132cac3
Opcode Fuzzy Hash: 5f7e1653c4ff0c8c85be1caa1c91969515630e80044bbf2738e079bc7519a303
Instruction Fuzzy Hash: 83110632F085458BCF05DA69E8103EF7BA7DFC6321F0440BAED469B391DAB19845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0505E280, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27edea4cb12e6dec5b6ad2fe53f2b70cbe09fd4effc6db0c01433615d1e37662
Instruction ID: 70767c52f33ca2b3e0fb6307ce3b9478fd91ae69f64c48c5b57fe5e2f564c7cc
Opcode Fuzzy Hash: 27edea4cb12e6dec5b6ad2fe53f2b70cbe09fd4effc6db0c01433615d1e37662
Instruction Fuzzy Hash: FE114275904104DFCB54DF58E9499BFB7FAFB48220B5080AAD98AE3204D731AF11CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0505C548, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935c2dae99de5359aa4d7ce3039ea5afc6fbc61353b496efd9a466a482c64a8e
Instruction ID: 70478dc5f8c5c8fc6b91225cf5b034ac437e9b08ec700df5e908f738a4dd97fc
Opcode Fuzzy Hash: 935c2dae99de5359aa4d7ce3039ea5afc6fbc61353b496efd9a466a482c64a8e
Instruction Fuzzy Hash: E0118F34B002149BC748EBA9D854B6F77E7AFC972471481A9E80ADB391CF31EC02C791

Uniqueness

Uniqueness Score: -1.00%

Function 0505C8C8, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deb7bd482e32bb80c90237aeed11cab872352fa67756bd3d0db8a33f73a6f100
Instruction ID: 90155969ad7b99b27c81b3c9997f450c08c8d0f74708398a60b142f25d0a98d8
Opcode Fuzzy Hash: deb7bd482e32bb80c90237aeed11cab872352fa67756bd3d0db8a33f73a6f100
Instruction Fuzzy Hash: 7E112938700702ABD728DA59D594A7AB3EBFF88624B14C519E85A47B51CB71FC12CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05055730, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e677f07c8b2d9ec775e361b0fb5065e140f4d1000217c795d19a8889b83217
Instruction ID: 38c463bea52b393b0645507e65d2b865d4860ec942ce49b5f695b6142a1e4fed
Opcode Fuzzy Hash: 59e677f07c8b2d9ec775e361b0fb5065e140f4d1000217c795d19a8889b83217
Instruction Fuzzy Hash: 3D118F30E04209CFD711EBB5FA856AF7BB3EF44360F20416AD809AB259D7359802CB90

Uniqueness

Uniqueness Score: -1.00%

Function 029E087C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.941883414.00000000029E0000.00000040.00000040.sdmp, Offset: 029E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0507b27eaa1ad180e90ef08c577534af980bd8ab6f315879afd2418a62b2f60a
Instruction ID: aa909a30461b317798731984a5bfc7bab698535a4e76ad2a18ec756bc8b890e0
Opcode Fuzzy Hash: 0507b27eaa1ad180e90ef08c577534af980bd8ab6f315879afd2418a62b2f60a
Instruction Fuzzy Hash: C411EC34204344DFD716CB14D940B26BBD5EB58718F24C99CE98A1B743C7BBD813CA91

Uniqueness

Uniqueness Score: -1.00%

Function 05057F30, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bd466923d1907d9cbdc95fa63674ffd86aadd9d065959596ff750c4ff3b7910
Instruction ID: 776389960476b72e384b3445ef83a5c4fff4ff8fa8cca62408933f3a6aef1b20
Opcode Fuzzy Hash: 9bd466923d1907d9cbdc95fa63674ffd86aadd9d065959596ff750c4ff3b7910
Instruction Fuzzy Hash: 6111E731D08144DFDB12CBB8D844AEEBFF2EF49354F1481AAE942A72A1D7315D4ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 0505A061, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69773e6154e161b485639b18dbf0c737f86ce3c1d5c9c2449afb4acc69060933
Instruction ID: 29b647ccd7734d66f9c45bf244cf22b394263b26965390a5d2e26dea3b2f88cb
Opcode Fuzzy Hash: 69773e6154e161b485639b18dbf0c737f86ce3c1d5c9c2449afb4acc69060933
Instruction Fuzzy Hash: E8110432B182048FC725CBA4E9517AFBFF26B44331F544B5AC81667280CB35AD018B81

Uniqueness

Uniqueness Score: -1.00%

Function 050511DF, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f114a7eea85f33bd03295db385c34ce3f5b04fa4d7a1426244a2dc51f1750055
Instruction ID: 512e871fd155a2c6fbdd92575eef5e032f9a764cc673385558e1520b1933e5a0
Opcode Fuzzy Hash: f114a7eea85f33bd03295db385c34ce3f5b04fa4d7a1426244a2dc51f1750055
Instruction Fuzzy Hash: 6C11A5303082808FC705D738D468A6E7FE6AF8661075541EAE886CF2B6CE659C5AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0505C260, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb6ac4531aecfca5c81a9bc1e8f8f1bbb904268942d3006588481fa0fa243a0d
Instruction ID: b35a5d783793c692b77401f9ab03af83a0aaf7c86ab94ab1c836d8425fd20f30
Opcode Fuzzy Hash: fb6ac4531aecfca5c81a9bc1e8f8f1bbb904268942d3006588481fa0fa243a0d
Instruction Fuzzy Hash: 9C11C135B102208FD345AB79A44472E37ABBBC5721F050568F50AEB398CE709C42D784

Uniqueness

Uniqueness Score: -1.00%

Function 05054FF0, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e17d6e3b4d44f97f86c927a82d79b07e73b0a5fd60eb99af3c06729621cd24e
Instruction ID: a5c1dbec0538a9b4b5a01f4f7c7cbc69596144cc1e3029e5279a0aa493dde74e
Opcode Fuzzy Hash: 1e17d6e3b4d44f97f86c927a82d79b07e73b0a5fd60eb99af3c06729621cd24e
Instruction Fuzzy Hash: 2A01D631E051159FC750EBB9AC513EF7BE2EF84260B148266DD09E7642EB304912CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 0505D999, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b1e5df2a9b7513d34cccc6609103c58d3a99cc26abcb4d58337d102fbefbf01
Instruction ID: 4e87ed1f75068fbae4a97eeda8241673940324a17d8786eb3e406b3b601b01f1
Opcode Fuzzy Hash: 8b1e5df2a9b7513d34cccc6609103c58d3a99cc26abcb4d58337d102fbefbf01
Instruction Fuzzy Hash: 4601F5317042155BCB142BB9AC0826F7A9BAF8A765B54457AE907D7382CD31CC0293A0

Uniqueness

Uniqueness Score: -1.00%

Function 050554F8, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b0ff691bd4cc3a0af9c6f5868080c389a297ac9c523afc2b601266c3fc4b9f4
Instruction ID: f74283f9e16d83482dde741d480bc5b3a7dc0567a583c80fa8a17dccd335add9
Opcode Fuzzy Hash: 8b0ff691bd4cc3a0af9c6f5868080c389a297ac9c523afc2b601266c3fc4b9f4
Instruction Fuzzy Hash: B4119E30A252159FC745EFB6EC59AAE7FB3EF88310F104529D509A7269DB315902CB80

Uniqueness

Uniqueness Score: -1.00%

Function 05054789, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88b9cd37e442436c7c6ccb8ec564162e28bc531e88a4979f982950ef79595113
Instruction ID: d693e618c7836d83f54e3d40f0104b0e7f858ca9b1dcf2e15731efb187e8a8c1
Opcode Fuzzy Hash: 88b9cd37e442436c7c6ccb8ec564162e28bc531e88a4979f982950ef79595113
Instruction Fuzzy Hash: 6601A931F001098FCB55EBB888552FE7BE3DF89310F20843AC40AE7281EA384A468791

Uniqueness

Uniqueness Score: -1.00%

Function 00F6AC7C, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.941445904.0000000000F62000.00000040.00000001.sdmp, Offset: 00F62000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37fa489db4dccb6e9cc163b53c5e10e6e7e6725accde3216a5f3183a497dcb3b
Instruction ID: fbff24f2a1c983ed32dbea9094ee620dab265e10f18e8037485658ac77af689e
Opcode Fuzzy Hash: 37fa489db4dccb6e9cc163b53c5e10e6e7e6725accde3216a5f3183a497dcb3b
Instruction Fuzzy Hash: D211FEB5608305AFD350CF09DC40E5BFBE8EB88660F14891EFD9997311D231E9098FA2

Uniqueness

Uniqueness Score: -1.00%

Function 0505238F, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 066ccdbb0aa201a56a5b7335511559d5eabfc829d84f0fb171ad58a45fdba830
Instruction ID: e49e5dc682a44b7d6857616beb304f177542e767adf53ff3a2437553600db0f5
Opcode Fuzzy Hash: 066ccdbb0aa201a56a5b7335511559d5eabfc829d84f0fb171ad58a45fdba830
Instruction Fuzzy Hash: C4114874D0825ACFCB29CFA4EA547AFBFB2EF44350F10406ADA46AB645DB714842CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0505D9A8, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6a1b2660578aa16193c49de3e42e36fc3a721aa0a90da0f303280277a178505
Instruction ID: e3054a42fcbf0b5f94c7b35a62bb0cefdb9653987d07665c6b085d50e3a03cfc
Opcode Fuzzy Hash: d6a1b2660578aa16193c49de3e42e36fc3a721aa0a90da0f303280277a178505
Instruction Fuzzy Hash: 7A018F317042249BCB142BBAA80866F7A9BAF8A665B50453EE90BD7391DD75CC0293A0

Uniqueness

Uniqueness Score: -1.00%

Function 050505B9, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e1b8e0cb0884060972b8995257986a4ee37b5015060287e516985cbf63f61a9
Instruction ID: 99a924e229b65afe82fb4d980f2a523471cf1de020fd407763640652b2358b29
Opcode Fuzzy Hash: 6e1b8e0cb0884060972b8995257986a4ee37b5015060287e516985cbf63f61a9
Instruction Fuzzy Hash: 7C01F4213001600BC749727DA8123BF278B9BCAB59F18442EF546EB386CD789C0B53D2

Uniqueness

Uniqueness Score: -1.00%

Function 0505A098, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca5d2fd778febad0238086de893367ba9be41dd413a64bd75b9e15e9235cfcd
Instruction ID: fdeb5e35f7c4a493a5af7fccc482b522bd03c9a143b653be32e60e3bb5245e8d
Opcode Fuzzy Hash: 4ca5d2fd778febad0238086de893367ba9be41dd413a64bd75b9e15e9235cfcd
Instruction Fuzzy Hash: 9801D831B141088BCB24DA54E955BBFFBF6AB84332F14466EC907A7240DF72AD059BD1

Uniqueness

Uniqueness Score: -1.00%

Function 05055740, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 189e6657372639a5482d7481525aaf79f8847f9d6cea068740a179a48a629bfc
Instruction ID: fb0532673a0c8d44f192fed2596681eb6c87b76636910d23fa06be91432854ea
Opcode Fuzzy Hash: 189e6657372639a5482d7481525aaf79f8847f9d6cea068740a179a48a629bfc
Instruction Fuzzy Hash: DA115E30E14209CFD754EBB5FA816AF77B7FF44250F604229D809A7259D731A902CB91

Uniqueness

Uniqueness Score: -1.00%

Function 050577E8, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fadd5e55763aa2425ef944991f7c16a33c823f34a961e62da16419d43f5ab46a
Instruction ID: ba47702d5cfea30d37e65d4db2e80c4aa040d2e6266bb597fb0ee4eb8857f0c1
Opcode Fuzzy Hash: fadd5e55763aa2425ef944991f7c16a33c823f34a961e62da16419d43f5ab46a
Instruction Fuzzy Hash: 8B01F531E442049BCB24CA58E8507BFBBF3EB84361F14446EC816A7640CB71BD01D7D1

Uniqueness

Uniqueness Score: -1.00%

Function 050577D9, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f48f326d1d70b131bae039783759c19e77925fb46cf1ac54988a1b2bf8ab99
Instruction ID: 958af860b33388da29667a27c3c199fa34c671ee85ffff4d2c0331e2f86a6117
Opcode Fuzzy Hash: a6f48f326d1d70b131bae039783759c19e77925fb46cf1ac54988a1b2bf8ab99
Instruction Fuzzy Hash: 47018030E882049BC725CB68E9557BF7BF3EB84761F18485DC816AB641CB61BD02E7C1

Uniqueness

Uniqueness Score: -1.00%

Function 0505A720, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c078b8312cc9ef7bddb858039cba7ffcc466cfdc5d77300afcd21f242d100196
Instruction ID: 68ff45e358eb49c66a102cbf74745c43a2655cd655273279946bf352a5ccd3f1
Opcode Fuzzy Hash: c078b8312cc9ef7bddb858039cba7ffcc466cfdc5d77300afcd21f242d100196
Instruction Fuzzy Hash: 6A014471F002199FDB50EFB9A90579FBBF5EB44221F104276DA09E3144EB3195048FE1

Uniqueness

Uniqueness Score: -1.00%

Function 050505C8, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12379491e569e86de060d3cbc19191dc6d4851c2762aef202e9ed84d3d26a7f0
Instruction ID: 77f0829ca7ac170f662d7b95f08d89b72020e4cbb89c6567963b8c7cba41c45b
Opcode Fuzzy Hash: 12379491e569e86de060d3cbc19191dc6d4851c2762aef202e9ed84d3d26a7f0
Instruction Fuzzy Hash: 4CF0E9317001240BCB48767E981267F628F9FCAB99754452EF146EB3C5CD78AC0B63D6

Uniqueness

Uniqueness Score: -1.00%

Function 050568A8, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52539387ae9a7731b6ead25172e1f5d24deff10634b85aa4d2a0444daab128ee
Instruction ID: 5d614d721326c83ac5f0486b9cc6af842df747272b5c674c4e08df85886ede4c
Opcode Fuzzy Hash: 52539387ae9a7731b6ead25172e1f5d24deff10634b85aa4d2a0444daab128ee
Instruction Fuzzy Hash: 16018F71E002199FDB50EBB9E8407AFBBF8EB44220F10027AC508E7245EB315941CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0505C251, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2339617ed38aeca4f0820ca9269f912b5ebb7db0d4ca692ad8d52818ffdbaf6d
Instruction ID: 00549822c6b9535c0f598c749be6661d2e4ab7da0c582e71e67a0529d8f2051a
Opcode Fuzzy Hash: 2339617ed38aeca4f0820ca9269f912b5ebb7db0d4ca692ad8d52818ffdbaf6d
Instruction Fuzzy Hash: 4C01B135B143208FD341AB79E54572D3BA7BB89321F0506A4E50BDB298CE709C82CB44

Uniqueness

Uniqueness Score: -1.00%

Function 05059ED0, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d53f78c19f8e1b5743d6ac6b38c0e3e20e67b222a2d947d1e65148b058b87dc6
Instruction ID: 535e931825d4dbfaa7f363a0e144fce576767ce4261f81f193a93083119bf430
Opcode Fuzzy Hash: d53f78c19f8e1b5743d6ac6b38c0e3e20e67b222a2d947d1e65148b058b87dc6
Instruction Fuzzy Hash: 49F0A42170D3504BCB0496BC6C926BE6B97AB863317644B6AB519DF2D9CD1C4C06D351

Uniqueness

Uniqueness Score: -1.00%

Function 0505A890, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e13cd183db96d4d0714495d2de6e76b109b146c338fa7d33e34a6164b72d019
Instruction ID: f10d0449c9d5965999305b959a92ec2f21ba7f5a13b0f584419aef201064afcb
Opcode Fuzzy Hash: 2e13cd183db96d4d0714495d2de6e76b109b146c338fa7d33e34a6164b72d019
Instruction Fuzzy Hash: F801F231308304CFC700EB78E81A55E3BA7EB8536170482B9E50ADB258DF31DD0A8791

Uniqueness

Uniqueness Score: -1.00%

Function 0505A710, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c11e046532a66a8f6537fb3051e5d544dd2813f0fb30b1a3a5f89faa6d2aaf4f
Instruction ID: 9470ed4d431e6c1c59194623f842414430a6bb5230ec1572997d45da3603a987
Opcode Fuzzy Hash: c11e046532a66a8f6537fb3051e5d544dd2813f0fb30b1a3a5f89faa6d2aaf4f
Instruction Fuzzy Hash: BF01D470F002098FCB50EFB8AA097AEBFF2EF44210F10426ADA45E3246EB3085108BD0

Uniqueness

Uniqueness Score: -1.00%

Function 05057220, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb462ce0b0e199f2e508b7e49c7db995c92f23dc74aa194cf33f00d24589dd69
Instruction ID: e08e93ea39238d5cab977c4e36c0b4a40cf4a40e004f4e728e6ad0dd8ec6749f
Opcode Fuzzy Hash: fb462ce0b0e199f2e508b7e49c7db995c92f23dc74aa194cf33f00d24589dd69
Instruction Fuzzy Hash: F2F0467270931007C714667C6C8077E6B87ABC63707A8431AB906DF3CECD298C0A63A2

Uniqueness

Uniqueness Score: -1.00%

Function 05054710, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 214e4cfc0c839c04dc4afa8f4bce042b44a1490b1748c1549ff074bfea14d614
Instruction ID: 856a14d53ece5dd31e4b836d360cd82bc667f3a9ef626acc6a16d8dab38d6ee2
Opcode Fuzzy Hash: 214e4cfc0c839c04dc4afa8f4bce042b44a1490b1748c1549ff074bfea14d614
Instruction Fuzzy Hash: 2FF050363012144BCF2466B975043FF33DB9BC6671F94047EEA0AC7780DD2588865350

Uniqueness

Uniqueness Score: -1.00%

Function 05051218, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 886594abf3125474643d212f424e39e27d6a3a617d71cb73b37ff420788a0d9c
Instruction ID: 2bd465a033234ca3ddad4a6a0ba7eee3cc62b34ff4b92c5d62f46ea9098c0901
Opcode Fuzzy Hash: 886594abf3125474643d212f424e39e27d6a3a617d71cb73b37ff420788a0d9c
Instruction Fuzzy Hash: F5011D303041108BC714E729E058A6EB7EBBFC572176541AAE946CB7A5CF759C49C782

Uniqueness

Uniqueness Score: -1.00%

Function 029E05CF, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.941883414.00000000029E0000.00000040.00000040.sdmp, Offset: 029E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 262011d704cc3f89a6f35f6438f760c2c2cef63c3e5dd728c0eced2753645a89
Instruction ID: 4fa02fbd57769e9c856161af18db3944fb4ceef6decbb2ce848e81253a0a5583
Opcode Fuzzy Hash: 262011d704cc3f89a6f35f6438f760c2c2cef63c3e5dd728c0eced2753645a89
Instruction Fuzzy Hash: 5FF0A47650D7806FD7118B16EC418A7FFF8DF8663070985ABEC89CB212D125B919CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 05058168, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 548d83b2171e5eed2437538a0da327dbcc267612c2d76eedd36d29d3732b2f41
Instruction ID: 4eb2eb3213022114c4052f1bc09ec6c32135cd2d3cbaa1fb0646ab4fb3dc4137
Opcode Fuzzy Hash: 548d83b2171e5eed2437538a0da327dbcc267612c2d76eedd36d29d3732b2f41
Instruction Fuzzy Hash: 4BF0F635B0C145EFC701C7B5EC968AFBFB6EE86120728C4B6DD41EB252C23188068B96

Uniqueness

Uniqueness Score: -1.00%

Function 05056897, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f9e8c07c022830f3a90a7f6c5aaea52400e30590e3edb09e2669d802c9c2ea8
Instruction ID: 1f81fe0c39e6cd7b0a9917793095088e66d4afc76bc1dede0567efb45468e84e
Opcode Fuzzy Hash: 8f9e8c07c022830f3a90a7f6c5aaea52400e30590e3edb09e2669d802c9c2ea8
Instruction Fuzzy Hash: 3B018470E002499ECB50DB79D9447AEBBF9FF44310F544269C549E7285E7314941CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05057230, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b82fb9a45d0da8df326eb61d4e8fae8e575098f998ff2d3936b5e3c69e2249
Instruction ID: ae38806363cae36e4d90078cf7d2465303d15129fee76ef381e8d918c52a2050
Opcode Fuzzy Hash: b7b82fb9a45d0da8df326eb61d4e8fae8e575098f998ff2d3936b5e3c69e2249
Instruction Fuzzy Hash: 73F0B43170831413C654666D6C80A6E668BEBC63707A44329B91A9F3C9CD159C0963A2

Uniqueness

Uniqueness Score: -1.00%

Function 0505A689, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b47483a7148f04e77a4c8352f6e4b898eb55f1df4ca8683fd758f2f0e9c2ef57
Instruction ID: ca2e98da1dedbb5ded6cdfa30ab5c48a3c7fdb4fd4fe640a51d90769dfa2af14
Opcode Fuzzy Hash: b47483a7148f04e77a4c8352f6e4b898eb55f1df4ca8683fd758f2f0e9c2ef57
Instruction Fuzzy Hash: D0F08130F002199BCB04EBB4DD85A9E7372BF88744F108A15E5055B289DF74DD059791

Uniqueness

Uniqueness Score: -1.00%

Function 0505A8A0, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f709c5615b1a93bab2162f9a515662b90f009dbbab0aec6331e7196936d5e79d
Instruction ID: 8b1abe1c22251f1af4a76062e6f6257d5a5937ae10f75a16e2b4c0a3d2b1038a
Opcode Fuzzy Hash: f709c5615b1a93bab2162f9a515662b90f009dbbab0aec6331e7196936d5e79d
Instruction Fuzzy Hash: 59F0A431304214CBC710FB79E40A56E77A7EB893617148279E50ADB758DF31DC068751

Uniqueness

Uniqueness Score: -1.00%

Function 0505E697, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ff09c474d42af5c3327d724237ed77a789a7ad0f55c5f16e0bb64091e1c3d75
Instruction ID: 94e2066bb8a51aa91251c413a585d03011c26c32a235fb96a447c71fd7482a66
Opcode Fuzzy Hash: 2ff09c474d42af5c3327d724237ed77a789a7ad0f55c5f16e0bb64091e1c3d75
Instruction Fuzzy Hash: 93F027A260825057E725402CFC4D7EF6A8EE7403F0F0841F9ECCBC72C2D8504A4982A1

Uniqueness

Uniqueness Score: -1.00%

Function 050562D8, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 029255af0a324b458d01db6d531f82be50faff7534ed842784b3e73fa0b20824
Instruction ID: 1c59e5370fcbcb22872ea9d3a39d86f8ec179d6e23c2d6456a85d2800f45e6f0
Opcode Fuzzy Hash: 029255af0a324b458d01db6d531f82be50faff7534ed842784b3e73fa0b20824
Instruction Fuzzy Hash: A7F02B30B052559BC7219374A8102BF7BE39FC62B0F8044A6CE4693381EA261902C2C2

Uniqueness

Uniqueness Score: -1.00%

Function 050562E8, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c15257cb0fa66889545cf8ff3c58fcef8d642e897c115862755f8179264926a
Instruction ID: 489dda9023debd97cd4f735ef6ffcf7717f688e9d73d34ecaf13f1321eca0c5a
Opcode Fuzzy Hash: 0c15257cb0fa66889545cf8ff3c58fcef8d642e897c115862755f8179264926a
Instruction Fuzzy Hash: 6BF0E930F041159BCB20D265B8105BFB7E797C56B0FC00526CE07D3381EF265A0286D3

Uniqueness

Uniqueness Score: -1.00%

Function 05055F21, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cea9894c7d06edeb3b608366863d06c63ed648fc14d4519c64d1328391f3d1ee
Instruction ID: 225263725af413358c008ab1897e310b2041852f16acc1729978a84e575a0552
Opcode Fuzzy Hash: cea9894c7d06edeb3b608366863d06c63ed648fc14d4519c64d1328391f3d1ee
Instruction Fuzzy Hash: 99F02430B141559FCB119274AC613AF7BA3DBC9260F0040A5ED0AD7281E734091283D1

Uniqueness

Uniqueness Score: -1.00%

Function 05059E61, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 751d0a9001af738030f591e7aff23b5e58b847273c788a659f0f179efb618a87
Instruction ID: b84ef68ec3ece27eb844fdcc0ed97550d3d0adeb55b1e74981e13386396be0c4
Opcode Fuzzy Hash: 751d0a9001af738030f591e7aff23b5e58b847273c788a659f0f179efb618a87
Instruction Fuzzy Hash: 51F0C231709240CFC34597A8A45106C3BB6DBC63223588DBEE049CF292DE35880BD711

Uniqueness

Uniqueness Score: -1.00%

Function 050545B9, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6964c170da0b7310c2a29a16e4334415aa6e6fb1ea9adfcac93d54196f3bcb2b
Instruction ID: 532f6cbea0200a2f4b7f5a22f46c128dc96d8883fb718ca70fd754fad992d105
Opcode Fuzzy Hash: 6964c170da0b7310c2a29a16e4334415aa6e6fb1ea9adfcac93d54196f3bcb2b
Instruction Fuzzy Hash: ABF0B430E042995ECB52CBB99C56BBBBFF8DF86210F1401AAD588D7152D1240915C761

Uniqueness

Uniqueness Score: -1.00%

Function 050555D9, Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e46c01cc9c878e2f7f73cdd34302533b9196fcc2bdf2a7bd80ec8207bf3535c3
Instruction ID: 3dd183f4a39dff951bed0699e1e849a31d6955940484d231d19de5b38fd43465
Opcode Fuzzy Hash: e46c01cc9c878e2f7f73cdd34302533b9196fcc2bdf2a7bd80ec8207bf3535c3
Instruction Fuzzy Hash: 0CF0E573B080842ECB1256BDA8A16FFBFF79FC5230F0841BBD905D3B51EA115426C690

Uniqueness

Uniqueness Score: -1.00%

Function 0505C53A, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65e44316b778018fb997bbf6f24af7aea1879aba1a565f58509d7cdab8f82951
Instruction ID: 040a21f116db8399f563c778ba84f15fd2483e652c2401bd0f2600af2286093c
Opcode Fuzzy Hash: 65e44316b778018fb997bbf6f24af7aea1879aba1a565f58509d7cdab8f82951
Instruction Fuzzy Hash: B8F0E5777042251783A961BDAC1672F368B9BC5A707588269F949DB3C0CE11AC0282E5

Uniqueness

Uniqueness Score: -1.00%

Function 05050918, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfa125d243a6687d9fb060165779bf4199986c026480ce37f7a0a998bc542fe3
Instruction ID: eff32ae4a4c1c062e6e33a8ad16674998d37e04d315b65b72cff6b64a530f042
Opcode Fuzzy Hash: bfa125d243a6687d9fb060165779bf4199986c026480ce37f7a0a998bc542fe3
Instruction Fuzzy Hash: C3E0E532E192189B9B109AF5B92C1AFB7AAA785770F0145679D0793208D9B0880642D1

Uniqueness

Uniqueness Score: -1.00%

Function 0505E619, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ba2894cb9d6cb0b11d1d86d93026b6042db998fe93a1adf6041c144c421e818
Instruction ID: 33f4a0f69d8cd8183524c43cd1e1a0e6ce675eac5c38ae46cf24569be1e54be7
Opcode Fuzzy Hash: 5ba2894cb9d6cb0b11d1d86d93026b6042db998fe93a1adf6041c144c421e818
Instruction Fuzzy Hash: FDE02B362012105BC750D25CD862B5F779ECBC6AB0B04C47DEC8A8B340EE22DA0643D0

Uniqueness

Uniqueness Score: -1.00%

Function 0505DDE7, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89c58f8cdbdc9c296e9b062eba250d66fab6800aafa8a3bdef61bf55d988f64e
Instruction ID: c83294a966ea8e3aa48d45eab29e3e95b9cb76764da00187486e909099d855e7
Opcode Fuzzy Hash: 89c58f8cdbdc9c296e9b062eba250d66fab6800aafa8a3bdef61bf55d988f64e
Instruction Fuzzy Hash: EAF0E5372052009BC354AA68D86196F77AACBC6630354883FD849CB341ED76D9068790

Uniqueness

Uniqueness Score: -1.00%

Function 050546A9, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfd9b222650e37042df368ea0b29059f63c6c93abe698b2732f9e2589f8859d2
Instruction ID: 779ced5281a019e8d753808c25edbc017567faadac967f7157110877e5d583ba
Opcode Fuzzy Hash: bfd9b222650e37042df368ea0b29059f63c6c93abe698b2732f9e2589f8859d2
Instruction Fuzzy Hash: B7F0A7216091905FCB1157F878646FE3F929F4221471440DAE946CB672D9058C1A9382

Uniqueness

Uniqueness Score: -1.00%

Function 05050908, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0c04447af7f5a19e5446fd5f3457afea367cc009398367c4231f3fd91ca768b
Instruction ID: a2301941bd9286439725d62fb69e58f231ed2cac7b0d6bf679b1854777bc7de0
Opcode Fuzzy Hash: a0c04447af7f5a19e5446fd5f3457afea367cc009398367c4231f3fd91ca768b
Instruction Fuzzy Hash: 89F05C309093448FD710DBB0E87C76F7FE76B82720F0504A68C0357309C9B48C028681

Uniqueness

Uniqueness Score: -1.00%

Function 029E0938, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.941883414.00000000029E0000.00000040.00000040.sdmp, Offset: 029E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
Instruction ID: 4f0295ae02fd9bcaf4a90b0c2f8a11da333904c2ba8477780c73ac7d390f5aef
Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
Instruction Fuzzy Hash: 48F01D35104644DFC706CF00D540B25FBA6EB89718F24C6ADE9891B752C377D823DA81

Uniqueness

Uniqueness Score: -1.00%

Function 05054700, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d91cc0dd2b70d7e6616f079ab4c452b8068af93a3585fb7a4740c54075024366
Instruction ID: c03539bdd2c0eb067b45c95d3a55dcd6bb72870f2b5d6f1ad3957c0c6d8b3014
Opcode Fuzzy Hash: d91cc0dd2b70d7e6616f079ab4c452b8068af93a3585fb7a4740c54075024366
Instruction Fuzzy Hash: 0BE0223220D1D45FCB2382B87610BFF2BA28B87130F2A08BFD946CBA92D41508828300

Uniqueness

Uniqueness Score: -1.00%

Function 05059E78, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1ea31f5b603cd6c594f1a76250b29aec78752d716ac6b71ada51be21b13bde8
Instruction ID: b40b3f5fa76cfb70929ec70ba04a28b7f868a9dc930a641da437dba017f7b464
Opcode Fuzzy Hash: c1ea31f5b603cd6c594f1a76250b29aec78752d716ac6b71ada51be21b13bde8
Instruction Fuzzy Hash: A9F0A0317042008B8758AB28A80556D7BABEBC6322798C93DE50ECB384DE36DC07D751

Uniqueness

Uniqueness Score: -1.00%

Function 050571BF, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9c41245e9e9d5fe0fe1d06d9ea25270257ad5388fa37e19effe6e099f59475d
Instruction ID: bffe185092de02039d163133974973107c4b7ff9c4228cbd9cf1e98809808605
Opcode Fuzzy Hash: a9c41245e9e9d5fe0fe1d06d9ea25270257ad5388fa37e19effe6e099f59475d
Instruction Fuzzy Hash: B7E03934B011155BCB58B7F9A8283EF62969F90A28B804978CA1ADB690EF6049019792

Uniqueness

Uniqueness Score: -1.00%

Function 050557A2, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e2c2d9d8e9d3285890884dabbb9ba8afdca4b8e1f29e19c1f0b032098d1368f
Instruction ID: 0d3b3557e74da9994afabc1181a14de8e5b205da371cbbda8cb2c6db86b41182
Opcode Fuzzy Hash: 3e2c2d9d8e9d3285890884dabbb9ba8afdca4b8e1f29e19c1f0b032098d1368f
Instruction Fuzzy Hash: 01F0A034F14109CBCB44F7B8FD502BE3363AF80224F608175D91BAB198EF2058058755

Uniqueness

Uniqueness Score: -1.00%

Function 05058408, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23e01ed484ef1bfe52c648d2c9ff3b8cbf8dd024fa04f155679d5a457d89ac87
Instruction ID: 7d154a3dfc96309dec116187a1c3a728d3c510e308895bd7e240d3db3bfdb1f7
Opcode Fuzzy Hash: 23e01ed484ef1bfe52c648d2c9ff3b8cbf8dd024fa04f155679d5a457d89ac87
Instruction Fuzzy Hash: B6F0E536E092918FC7574BB0B8546293FF3EF4D262325459AEC4AD7351DA304C0ACF52

Uniqueness

Uniqueness Score: -1.00%

Function 0505F178, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4fe66cffa47070bf5ffc41dd12cd66c6432c7e9dfba49d55968be693713fd98
Instruction ID: fd4e8d7bed1c03694593a7338c595a2f84d266091b959dd95249adb5d428dfe1
Opcode Fuzzy Hash: a4fe66cffa47070bf5ffc41dd12cd66c6432c7e9dfba49d55968be693713fd98
Instruction Fuzzy Hash: FCE08C2630021427E744A1ACCC02AB6738EC7C2A24B08C869B90AE7382CC669C0213E0

Uniqueness

Uniqueness Score: -1.00%

Function 0505C86E, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f2da9c5329a9d3349178e50e051e1ea8b694a290e117057a427a66590f64c71
Instruction ID: e4a9837add145f5da81fbdd451bc7d7f573d9b55da49080e664a7283da744350
Opcode Fuzzy Hash: 7f2da9c5329a9d3349178e50e051e1ea8b694a290e117057a427a66590f64c71
Instruction Fuzzy Hash: E6E020767093509FD7169338642127E27A77EC543631D80E7D507C7393CD258C068392

Uniqueness

Uniqueness Score: -1.00%

Function 0505A7D0, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc8412c4798ba66635255cc38907d101538c1bc3c9d9aa1296b1b67a2359418d
Instruction ID: cac58dee163d6829a948883017dfb8c448cd185a93e8222f39219864a655e838
Opcode Fuzzy Hash: dc8412c4798ba66635255cc38907d101538c1bc3c9d9aa1296b1b67a2359418d
Instruction Fuzzy Hash: E5E02B31B081404FC70167B8601A17E3FD65F5A21235540DA9806CB766CC218D128311

Uniqueness

Uniqueness Score: -1.00%

Function 0505AE50, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7b3fc62af3259c999aae713eb6621f7aee0703f6cc3dbb1996039a635c64d7d
Instruction ID: 049d7e1bdfcc65db1b6f89236f8885064249ed23ddcbe30137557e2bc8ac5cc3
Opcode Fuzzy Hash: c7b3fc62af3259c999aae713eb6621f7aee0703f6cc3dbb1996039a635c64d7d
Instruction Fuzzy Hash: 6CE01235600B149BD3249E6FD802653F7EAFBC1B26B18CB3E959983605DF7099054AA1

Uniqueness

Uniqueness Score: -1.00%

Function 029E05F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.941883414.00000000029E0000.00000040.00000040.sdmp, Offset: 029E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1de9a303cde3559bd7070464e24c2cdddcaee8c0a0c38db98be99ab4d2c1053a
Instruction ID: f33f3d38ee1c9dfa9cd259bef4704028cbe75a74ec3f17b5117b4d368ecba872
Opcode Fuzzy Hash: 1de9a303cde3559bd7070464e24c2cdddcaee8c0a0c38db98be99ab4d2c1053a
Instruction Fuzzy Hash: 28E06D766047045BD650CF0AEC41896FBE8EB84630718C46BDC0D8B701E536B5098EA5

Uniqueness

Uniqueness Score: -1.00%

Function 00F6ACCB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.941445904.0000000000F62000.00000040.00000001.sdmp, Offset: 00F62000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 313a2631a66abc7261f569ac0d111143f24efd7cb44eaeb78e5005dcd173ae94
Instruction ID: a782cb4c0486b0c995e7770ad664ed0358affb017e9c015957bee86b96b76a6c
Opcode Fuzzy Hash: 313a2631a66abc7261f569ac0d111143f24efd7cb44eaeb78e5005dcd173ae94
Instruction Fuzzy Hash: 61E0D8726053046BD2508E06DC41F52FB98DB40A30F08C557ED0C5B302E172B5148AF5

Uniqueness

Uniqueness Score: -1.00%

Function 0505DDF8, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d41146fa6e0c4a218dd891862f14278ebf5d893863261ea0cb1f70f216d8e1b4
Instruction ID: 69d6f2ec5210959abaf7609981cbd9e1048864edc3e748de133f71432198b7aa
Opcode Fuzzy Hash: d41146fa6e0c4a218dd891862f14278ebf5d893863261ea0cb1f70f216d8e1b4
Instruction Fuzzy Hash: 6FE04F373056109B8764EAA9D86196FB79ADBC6630350883ED90A8B341EE73ED0687D0

Uniqueness

Uniqueness Score: -1.00%

Function 05058418, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2167950b61ec06655629ff4fa3755413ab582b49d78037cf379ff4011fd5f75
Instruction ID: 9dd04c77516363a1e905b5916bc597aafe30992cb41598b223526b98e3a97557
Opcode Fuzzy Hash: c2167950b61ec06655629ff4fa3755413ab582b49d78037cf379ff4011fd5f75
Instruction Fuzzy Hash: 29E09B35F002258F87615769B8147297BE7EB4C6713304155DD0AD3354DE708C044FD2

Uniqueness

Uniqueness Score: -1.00%

Function 0505E628, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5db5fa103c2d250171f1108c8c961fbeef6dd7236a05b21afb740968efc70d3
Instruction ID: 43053952b39d31c9ef555b69f82d8d951b1ed10cca2d70678cd70fbf56113e4e
Opcode Fuzzy Hash: c5db5fa103c2d250171f1108c8c961fbeef6dd7236a05b21afb740968efc70d3
Instruction Fuzzy Hash: D5E0D8362052005B4714D658D42092F779ECBC56B0310846DD84A8B340EE72DD0547D0

Uniqueness

Uniqueness Score: -1.00%

Function 0505BAB8, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
Instruction ID: 7dd2c5dd9a4e1f4383e1d1dec993177d747b6a49171307844da86709e6f837ed
Opcode Fuzzy Hash: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
Instruction Fuzzy Hash: 0AF0A536204B009F8330DF5AE544C17F7FAEF89620315CA6EE99B83A14D770F8048BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0505C880, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8089349772c959256c0f7d1bc63942d51445d63ea99324a8b4ba87a26b655ee
Instruction ID: f042331314c42acc80b4423701220b05f946d04bb8c7d2dbd6bebd7853c8bb29
Opcode Fuzzy Hash: e8089349772c959256c0f7d1bc63942d51445d63ea99324a8b4ba87a26b655ee
Instruction Fuzzy Hash: 01E02B313042109B6514A22DB41147F32DFBFC5577304802FF907C7350CE519C0183D2

Uniqueness

Uniqueness Score: -1.00%

Function 0505DE39, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a42cedd02db27a4944e1ec79e67400c38a32c709dc7540cdde40102142db7ae7
Instruction ID: 0507abaecade4a085ec82b7980106e409259b68006577d9ea6c4aff15eaab36b
Opcode Fuzzy Hash: a42cedd02db27a4944e1ec79e67400c38a32c709dc7540cdde40102142db7ae7
Instruction Fuzzy Hash: 5FE04F33008210D7C754A964B40267FB26AE724965F00847BA84B83100C9319A41C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0505C8B9, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 144d55775a314cebb9cea98135a1a0755fbf89e47d15f076ff68e211f81a78c6
Instruction ID: 7f7ea7d09ca60e5744cd228149c75566f384d4b5d79ddb4fa814fe013bce32ea
Opcode Fuzzy Hash: 144d55775a314cebb9cea98135a1a0755fbf89e47d15f076ff68e211f81a78c6
Instruction Fuzzy Hash: 89E092352006029FC304CA58E5A0A79B796FF88234704C67AD51987742C735AC12CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0505E668, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d38a3981664488c86eea64a6f957a6c97e8fc332f0c8785a5caa847c7925c94
Instruction ID: 606bd7d3ad157ce4e098d245dc32871770e4d5a50ff655500e07aa711bd79c9d
Opcode Fuzzy Hash: 4d38a3981664488c86eea64a6f957a6c97e8fc332f0c8785a5caa847c7925c94
Instruction Fuzzy Hash: 4FE0123110D214DBC3558A15E85159F7BAEDB016E630149EAE8CBC7601DA61AF498B91

Uniqueness

Uniqueness Score: -1.00%

Function 05052D20, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e540336efe2b00b2537225b952acb5d550900209e7ad7f89b77b4cebcab7d688
Instruction ID: 74c7a3953c5acb7dce0d42e175af702aa68bed359c1886c3141f3d7e47520467
Opcode Fuzzy Hash: e540336efe2b00b2537225b952acb5d550900209e7ad7f89b77b4cebcab7d688
Instruction Fuzzy Hash: 7AD05B2804DAC59FD75357A4AC7576E3F12CF1B756F0909D2DCCA4D4A381D50413C762

Uniqueness

Uniqueness Score: -1.00%

Function 05050170, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b020404c2e9ac09b56c1cf93e45de6a4c10363135154886a7750d59e5294e76
Instruction ID: 52bb212bfc0b71d88283bfeb79fdd81a0fdc4db27b36532667ac7d6af65382dc
Opcode Fuzzy Hash: 2b020404c2e9ac09b56c1cf93e45de6a4c10363135154886a7750d59e5294e76
Instruction Fuzzy Hash: CCE0C27010A3848FC7077BB0E82A0583F62AF0620530804EED8468FFA2DBBAC852C700

Uniqueness

Uniqueness Score: -1.00%

Function 0505F188, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c62fd3fe92c3ea734d055ae5ba723237804343d72e5b4705488e02912e5c49f3
Instruction ID: ce0e9985ffe6357fedc982db3e55f5289d8218e9dbd33a75d40f2dc56d05634c
Opcode Fuzzy Hash: c62fd3fe92c3ea734d055ae5ba723237804343d72e5b4705488e02912e5c49f3
Instruction Fuzzy Hash: E4D0A739301224576A48A5BCCC51879B38ECBC6A21344886DB90EDB382CC73DC0253D0

Uniqueness

Uniqueness Score: -1.00%

Function 05057358, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cc0e48288b018543879def3864751ccd5e1cc094ac8617a5854cffced38c8a3
Instruction ID: f861d25b779cafe7fe191ef1eeb46f0a729a1381940f0b080b778d6777edd6f0
Opcode Fuzzy Hash: 3cc0e48288b018543879def3864751ccd5e1cc094ac8617a5854cffced38c8a3
Instruction Fuzzy Hash: D2D0C27100C711DAC339CA75B4086AFB7DAFB066F4F04066E8E434A6108661E685E393

Uniqueness

Uniqueness Score: -1.00%

Function 050557F6, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 243360b7a838d95967fffe22915b3b8db5714988d07d5e8a40bb1bfeecf6a350
Instruction ID: 99951fa5e4e7c0926b3f2a9d2877e00e52e980a639f349b114f5568ac28d1c38
Opcode Fuzzy Hash: 243360b7a838d95967fffe22915b3b8db5714988d07d5e8a40bb1bfeecf6a350
Instruction Fuzzy Hash: D3D01235F04108CBCB04E7E4BD191FD7B729B84234B4454B6C517A7154EF2048495796

Uniqueness

Uniqueness Score: -1.00%

Function 0505DE48, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c28629260912dc77c7bfe3c4f485e73587a4e9975694200064f66452750fb6f0
Instruction ID: 3ccf284912456c59773db73b7125fb4e23b94a0fdc804301c4cfcec4a637d347
Opcode Fuzzy Hash: c28629260912dc77c7bfe3c4f485e73587a4e9975694200064f66452750fb6f0
Instruction Fuzzy Hash: 11D01733108220DBC765BE64B0005BFB6ABA728AB6B00847BEC4B86100CA319E51C791

Uniqueness

Uniqueness Score: -1.00%

Function 050502A0, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ea5deb32c534cd8ab818b406012520d31af23176c85f7d79f35d91930bec1fa
Instruction ID: b5f75704b30377675e5b39d98c5f6bb6b3a123c0be5d046b3c1fc68bcd1d9026
Opcode Fuzzy Hash: 8ea5deb32c534cd8ab818b406012520d31af23176c85f7d79f35d91930bec1fa
Instruction Fuzzy Hash: 51E0C23050D7848FC3238364F97859E7FF2BF46300349888BD8968B956CB24BC05C740

Uniqueness

Uniqueness Score: -1.00%

Function 0505064F, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88f4cca72870a2da556e4761b7a2a255c40175b9b16b8ec011b12c0623b0f686
Instruction ID: 583497d7bff65aa5f188252bc83d1330ab63557de94f701c2a604b1d4bdbba09
Opcode Fuzzy Hash: 88f4cca72870a2da556e4761b7a2a255c40175b9b16b8ec011b12c0623b0f686
Instruction Fuzzy Hash: 44D05E7244D3848FC3569B702C2D2EE3F61CF93319B0448E6DC500A4339576295BA611

Uniqueness

Uniqueness Score: -1.00%

Function 0505CFC0, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7958f3c08290d82617ef8e6b1606013eb813204b63b919cae2e8614424c77958
Instruction ID: b1f26ca1816e56db4b1e90d6cdeb20b3945eb72bfe6022205eab3bf1ea359840
Opcode Fuzzy Hash: 7958f3c08290d82617ef8e6b1606013eb813204b63b919cae2e8614424c77958
Instruction Fuzzy Hash: CBD0923129C308CAF684C604B40BF3FB3ABBB40635F108057BD0B8A1A19A309C408B42

Uniqueness

Uniqueness Score: -1.00%

Function 05058FC2, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e811299e80624f9b6d1ef4acd68d3b4a4df3e29dfa32f5130ad6c442a88eb38
Instruction ID: 69b7544c162713ec752b4dab298b830f39731dd7f8786a8ec94dc60c0f518348
Opcode Fuzzy Hash: 8e811299e80624f9b6d1ef4acd68d3b4a4df3e29dfa32f5130ad6c442a88eb38
Instruction Fuzzy Hash: 5AD0A92104E240DFC38143D4282BB3F7F6B9F0D721F28C882BE0A4E4A340A114118346

Uniqueness

Uniqueness Score: -1.00%

Function 05056E08, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction ID: 7a3a75ef423bd3926e6d82a5727bb274b1551dd5a4b96a805c122ec1c910dfb6
Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction Fuzzy Hash: 73D0423AA010048FC714CB88E5949DDF7F2FB88225F28C1A6D915A7251C732ED56CA50

Uniqueness

Uniqueness Score: -1.00%

Function 0505E678, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1a17c5d76715fa43675cdfa39d99cbe56108ed81e559dc4db75aa7ff9b1807f
Instruction ID: c52c6d655df3adce584ba9480d21f3850753fe16655f1780ede2de25812397de
Opcode Fuzzy Hash: c1a17c5d76715fa43675cdfa39d99cbe56108ed81e559dc4db75aa7ff9b1807f
Instruction Fuzzy Hash: C7D0C93111D214DB8328DA55F4144AF7BAFAB456F67014DAAD8CB8B601DB72AA448B90

Uniqueness

Uniqueness Score: -1.00%

Function 00F523F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.941420839.0000000000F52000.00000040.00000001.sdmp, Offset: 00F52000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 958d712f8d5ed7c5cb956154da76f35638d7dcfb17f8e4e4fd2d191df56f5a8f
Instruction ID: ce003307ceb8c00a7902f79a38411774ad204f6efb14261970b9168790280ba8
Opcode Fuzzy Hash: 958d712f8d5ed7c5cb956154da76f35638d7dcfb17f8e4e4fd2d191df56f5a8f
Instruction Fuzzy Hash: C1D05E79605B914FD326CA1CC1A8B953BD4AB52B15F4644F9EC008B667C369DA86E200

Uniqueness

Uniqueness Score: -1.00%

Function 05059FC0, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ed7171d563410e658743a70cee18166e0021e42121ad426a0c127957cc8c034
Instruction ID: 87519bbb9e8a9567eab43866da3303e8d7ef2b34c0f11ac3d0346cd786bdc0f3
Opcode Fuzzy Hash: 1ed7171d563410e658743a70cee18166e0021e42121ad426a0c127957cc8c034
Instruction Fuzzy Hash: B9D0127102A6C0CFC7274BB091994A07FB0DF4720530689E6E0C98EA22EB3AC01BEB01

Uniqueness

Uniqueness Score: -1.00%

Function 00F523BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.941420839.0000000000F52000.00000040.00000001.sdmp, Offset: 00F52000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e6ececdd70b2b35182b7f84c766d0241833170f1fe544d9f298dee2ee31a0a
Instruction ID: 0c03e70b2341f25b8e1975ad60be1035d1f2bea119c0acdc8abc9f3c823c5dc7
Opcode Fuzzy Hash: 16e6ececdd70b2b35182b7f84c766d0241833170f1fe544d9f298dee2ee31a0a
Instruction Fuzzy Hash: C0D05E346002814BC715DB0CC194F5937D4AB42B11F0644E8AD008B266C7A8DC85D600

Uniqueness

Uniqueness Score: -1.00%

Function 0505F1C1, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a36df4dc8bf9294abe14521f1b246738732d7b63c01e62580f3fcbc6b6874902
Instruction ID: f10a270b5cbec10078981bd90b25ac71f8fa6eb42c2d8f5491778f45a6f81e66
Opcode Fuzzy Hash: a36df4dc8bf9294abe14521f1b246738732d7b63c01e62580f3fcbc6b6874902
Instruction Fuzzy Hash: 06C08C3254974C0BCB8033B8EC0A38EBA4C8F40604FC841659C0AC3242FD98A006816A

Uniqueness

Uniqueness Score: -1.00%

Function 0505D010, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e2ef4983c0cb73d8822802c462f2b5f676fb6d5637c63934fc1bd1e5ddafeb
Instruction ID: c16c662088896fbe8cca4c9a7c540aab9690ebc51c50b4be5acc776b9b4ec2a8
Opcode Fuzzy Hash: 74e2ef4983c0cb73d8822802c462f2b5f676fb6d5637c63934fc1bd1e5ddafeb
Instruction Fuzzy Hash: DDD0222000C384E7C301A336DC4BB8F3F24AF03394F880166E8400218BEFA06A02C799

Uniqueness

Uniqueness Score: -1.00%

Function 05055478, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c621db67b1c9165fc97d2d3ebe40f5d8055157b654d33374cd39d6b41fe9f47
Instruction ID: 97e1853aabdc22cd9d5f44002a3d6911da8c6359d40f507da7097b2d7c07234b
Opcode Fuzzy Hash: 7c621db67b1c9165fc97d2d3ebe40f5d8055157b654d33374cd39d6b41fe9f47
Instruction Fuzzy Hash: A0D0C930008208CBD662A7A97C1D72F3AB9A70026EB044185DC2680421DFA04154EE12

Uniqueness

Uniqueness Score: -1.00%

Function 050578E6, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaa61c34cce225d0d2798234c418e95183757306a972da521c22dcb0255f4ef0
Instruction ID: 1c22b893cd5b4c1367d69d699b35a6939f46945414ea14207628ac080d49782a
Opcode Fuzzy Hash: aaa61c34cce225d0d2798234c418e95183757306a972da521c22dcb0255f4ef0
Instruction Fuzzy Hash: A9D05230E1020ECFCB12DF72E91809E37F1EB082A0320072AD806AB381E7300D02CB20

Uniqueness

Uniqueness Score: -1.00%

Function 05050180, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3ae60fd8860f8241174755505886c6fbe8e8201c9626139b4ed54aa8a36cddb
Instruction ID: dd76e8568417c9b152cc6b3b6f3d1c6087616fa06ae2f56ef9f6cb1ee1d1f582
Opcode Fuzzy Hash: a3ae60fd8860f8241174755505886c6fbe8e8201c9626139b4ed54aa8a36cddb
Instruction Fuzzy Hash: 78D01230211308CFCB097B70E41D41C3765AF44205300087DD817C7750DF77E841DA44

Uniqueness

Uniqueness Score: -1.00%

Function 05059FD0, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca67a7ad50a5b4ffeda95f54c92764d1700b9360c28324459c12787db29708f4
Instruction ID: 35767c62b3f54ae0876db1711c64473deeec9d785544f1cc14d6bed9ed3bdf4d
Opcode Fuzzy Hash: ca67a7ad50a5b4ffeda95f54c92764d1700b9360c28324459c12787db29708f4
Instruction Fuzzy Hash: AEC04C3001D748C78B54D651B417C3F773EA6453397544C5AB80F091219B33E452CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0505EF13, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5cca100c9944c6b31d6547db7bebdc7b50e31ee47d8d2bcef392b55fa53459f
Instruction ID: 7b16b18cfdde5e888045c3da43acef6957a6fb3efb26c6321fc8a88aea021c53
Opcode Fuzzy Hash: d5cca100c9944c6b31d6547db7bebdc7b50e31ee47d8d2bcef392b55fa53459f
Instruction Fuzzy Hash: 2EC04C36A041098EEB009B94F4493EDB765E780329F1404A6D61E51441967506695791

Uniqueness

Uniqueness Score: -1.00%

Function 05050660, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be184cfd90c82888c42cb82a036500ba4fd58e3c51d5b3dd64c8bbe1e52a2def
Instruction ID: fda1bb4e79fa3b817fded6b89c9e4c5c5f801f0ba79c908cefeb8db06ded62fc
Opcode Fuzzy Hash: be184cfd90c82888c42cb82a036500ba4fd58e3c51d5b3dd64c8bbe1e52a2def
Instruction Fuzzy Hash: 25C09B7104D358CED254A7727C1D43F731A97D131D754C536ED1100121897774559955

Uniqueness

Uniqueness Score: -1.00%

Function 0505F1D0, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91dc6296edfc9f20fb19fc9443db9b4ad702b753ba5b1ebbedb4e5915e551940
Instruction ID: 0de3cdc7a7d6b90533fa5bf6082dfaf8efc2d34eff02bb04b90692eda84defe8
Opcode Fuzzy Hash: 91dc6296edfc9f20fb19fc9443db9b4ad702b753ba5b1ebbedb4e5915e551940
Instruction Fuzzy Hash: 3AB0123264060C47CE8033F4BC1C05D774C0D90511BC002169C1E83202FDA865054457

Uniqueness

Uniqueness Score: -1.00%

Function 0505D020, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eca2ab20da46c1fa8e1d0da88778e57848c507c23780eb4858c2d1a6c4e33e7f
Instruction ID: 0ba7cac9444aa626a04a42a028b0e0428ff8a45119ae3150d239ced087170f93
Opcode Fuzzy Hash: eca2ab20da46c1fa8e1d0da88778e57848c507c23780eb4858c2d1a6c4e33e7f
Instruction Fuzzy Hash: 13B09B31009358D78200F716E94D55E3B19B9026917800516E8014115DAF605A029795

Uniqueness

Uniqueness Score: -1.00%

Function 05056E2C, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction ID: cfac74fa8079cb0a5bbc1dcc84756920f47824dd4b5d3a580a18ddc7a05d558e
Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction Fuzzy Hash: AFB092BBA05008C9DB10CAC4F4413EEFB25E790235F104033C71052000C23201648691

Uniqueness

Uniqueness Score: -1.00%

Function 05052EC0, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50f5e7f7f00e861ebc0cdfa713fbc4584958479a2730d466a542b75cdccafaf6
Instruction ID: 6851a9d465f16fdf12437fededbc46ff9c42b568345c7881a9b124ed3ce46cf7
Opcode Fuzzy Hash: 50f5e7f7f00e861ebc0cdfa713fbc4584958479a2730d466a542b75cdccafaf6
Instruction Fuzzy Hash: D2B0123020820E0B17805BB13C08E2733CC9A404153500074DC1CC0000F590D0903140

Uniqueness

Uniqueness Score: -1.00%

Function 0505C649, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.942985597.0000000005050000.00000040.00000001.sdmp, Offset: 05050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c0f6fd40877356be16145a1c92757f577e4c7dce9f1beea170cb3dc5d54caf
Instruction ID: f370286c40464d8a854c26927521a617aa86f583cb299e9ec8d43200ff948ad2
Opcode Fuzzy Hash: f7c0f6fd40877356be16145a1c92757f577e4c7dce9f1beea170cb3dc5d54caf
Instruction Fuzzy Hash: 38C09B05549DC25DC60737790C967E55F207F03008FCF05E1D2D445543C515743086F5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: dhcpmon.exe PID: 6112 Parent PID: 3424 dhcpmon.exeCOMMON

Executed Functions

Function 0091A2C1, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0091A371

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 1cb5d6d96d805ecc95a285390ef4ba4ba1e98cf3efd67ba2f3bc6ec1f171ca62
Instruction ID: 33d86eebc25ef634d0f5fa95937e7347e28660d74f44e9d78ce18da4d5990f5e
Opcode Fuzzy Hash: 1cb5d6d96d805ecc95a285390ef4ba4ba1e98cf3efd67ba2f3bc6ec1f171ca62
Instruction Fuzzy Hash: E2319C75509780AFE722CF25DC84B56BFF8EF05310F0884AAE9858B252D335E849CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0091A2F2, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0091A371

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 62ff25ee94318ec876948b0e5c6d33737dd51d5f934e4dbcf213a009e915da72
Instruction ID: 19335e008006fba3d8074fff7bfd35f38ad202380a26933ccbb9b3ba6ea81534
Opcode Fuzzy Hash: 62ff25ee94318ec876948b0e5c6d33737dd51d5f934e4dbcf213a009e915da72
Instruction Fuzzy Hash: C721A171600704AFE721CF66DC45B66FBE8EF04710F04846AED858B651D375E945CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0091AE40, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

VerLanguageNameW.KERNELBASE(?,00000E2C,?,?), ref: 0091AED6

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: LanguageName
String ID:
API String ID: 2060303382-0
Opcode ID: 1447b742cf17d9044bb932f6187f38223fdd8f9354554cf5afed06dbb4d811a1
Instruction ID: 6f57555c95501ef6299eff825a6902aff1e4df52eb511a21f9d71e2fc3ed4cfa
Opcode Fuzzy Hash: 1447b742cf17d9044bb932f6187f38223fdd8f9354554cf5afed06dbb4d811a1
Instruction Fuzzy Hash: 4D2195754097806FD3138B259C51B62BFB4EF87B20F0981DBEC848B553D224A91AC7B2

Uniqueness

Uniqueness Score: -1.00%

Function 0091A483, Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,00825E39,00000000,00000000,00000000,00000000), ref: 0091A509

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 40123a132c2d2c1ba6d5a7a9a04380063a0a88a5e1e05b74272edeb5f7701bff
Instruction ID: a61fec11c41c41dfa953574c79e58fd98955a2beaa25f9e2de4b7f3d74714bcc
Opcode Fuzzy Hash: 40123a132c2d2c1ba6d5a7a9a04380063a0a88a5e1e05b74272edeb5f7701bff
Instruction Fuzzy Hash: 8D2108B55093846FE7128B25DC40BA6BFBCDF46310F0880DBED808F153C264A909C772

Uniqueness

Uniqueness Score: -1.00%

Function 0091A816, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,00825E39,00000000,00000000,00000000,00000000), ref: 0091A895

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: e17c4e6daf4da33def3955c6dda49439f788db81b00882a627510d1d1ad78dfd
Instruction ID: 9a2e813556d9a5288684612ea5fb2f11af07c52a88ee2e363da24b32d1bcf9c2
Opcode Fuzzy Hash: e17c4e6daf4da33def3955c6dda49439f788db81b00882a627510d1d1ad78dfd
Instruction Fuzzy Hash: DC21A471505384AFDB22CF55DC44F97FFB8EF45310F0884AAE9449B152C274A848CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0091A3C8, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0091A43C

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 436fe1d68bc1d08e984ed11a2884e970570ff58d5914d1a1a6b59e7a260ad054
Instruction ID: 2c1c43489eaa1047eb24e5166132fade8083e8131e954001f24daaf2c134fba6
Opcode Fuzzy Hash: 436fe1d68bc1d08e984ed11a2884e970570ff58d5914d1a1a6b59e7a260ad054
Instruction Fuzzy Hash: 1A21C2B55097C09FD7128F25DC94692BFB8EF12220F0984DBDC858F6A3D2649948C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0091AA16, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 0091AA87

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: FileInfoSizeVersion
String ID:
API String ID: 1661704012-0
Opcode ID: e574e00eab28b6cb47acfa9a5385bca88dce96ce6e5cf6e39754fa1f7aad605f
Instruction ID: 5a3c4eec48066a3afe31ef4e3a179a6e3ee3b0d1d10d42c68431c9405651affb
Opcode Fuzzy Hash: e574e00eab28b6cb47acfa9a5385bca88dce96ce6e5cf6e39754fa1f7aad605f
Instruction Fuzzy Hash: 8B21AE755093849FD7128F25DC45B52BFB8EF06310F0984DADC84CF253D2789849CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0091A836, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,00825E39,00000000,00000000,00000000,00000000), ref: 0091A895

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 30d193b5fe9660ae716931ef52eec892a9a02a6c7862632e5349e1d18243c5d8
Instruction ID: b270d69c9d00ef289e83516e82991a43ede5ba4d8e5e7b6795ce9656e080ea05
Opcode Fuzzy Hash: 30d193b5fe9660ae716931ef52eec892a9a02a6c7862632e5349e1d18243c5d8
Instruction Fuzzy Hash: 7011E371600304AFEB21CF55DC44FA6FBA8EF04720F1488AAED459B645D374E845CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 0091AAD8, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

GetFileVersionInfoW.KERNELBASE(?,?,?,?), ref: 0091AB3D

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: FileInfoVersion
String ID:
API String ID: 2427832333-0
Opcode ID: da8a467569a945eb59b3d68f299ea578284224daa10f412a6c0bd2618f78fc09
Instruction ID: 9fd5271235fb556c136a6222d84a7aeb6f215432a577e788492f68d649999efb
Opcode Fuzzy Hash: da8a467569a945eb59b3d68f299ea578284224daa10f412a6c0bd2618f78fc09
Instruction Fuzzy Hash: 8211E272609784AFDB218F15DC40B62FFB8EF16710F08809EED858B252D271E848CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0091A8DF, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNELBASE ref: 0091A949

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: ConsoleOutput
String ID:
API String ID: 3985236979-0
Opcode ID: a9a5eb7f3f5982e086a8652fc41d36d079e82e134f3af2f94004440e0684443a
Instruction ID: f360c4eaf3f1170d02359ac6f3f6db811e565754a11d17760a801ffcc9d02f48
Opcode Fuzzy Hash: a9a5eb7f3f5982e086a8652fc41d36d079e82e134f3af2f94004440e0684443a
Instruction Fuzzy Hash: DC11BF754097C45FD7128B25DC85792BFA4EF12324F0A80DADD848F153D264A949CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0091A4B6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,00825E39,00000000,00000000,00000000,00000000), ref: 0091A509

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 0cd62d27c689b3a38a21dd0c698dd4309c5e352b9bfbfb1bd1973c26ba2776d8
Instruction ID: b54cef2c37cb6f6e245b2c83564b1b7e0cac363868a740a22033105130dc6960
Opcode Fuzzy Hash: 0cd62d27c689b3a38a21dd0c698dd4309c5e352b9bfbfb1bd1973c26ba2776d8
Instruction Fuzzy Hash: D101D2B1604304AFE721CF15DD85BAAFBACDF44720F54C49AED059B246D278E948CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 0091A23C, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0091A290

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: d74fed471dd08c2225db0ef8976b1a135a47640f9ecc486aebfceb002a142bae
Instruction ID: 85574518170b848983b2322f313db22110ab59e0973dfdf07377c2faa8ced1cf
Opcode Fuzzy Hash: d74fed471dd08c2225db0ef8976b1a135a47640f9ecc486aebfceb002a142bae
Instruction Fuzzy Hash: A011A175509384AFD7228F15DC84B62FFB8DF56624F0880DAED848F252D275A848CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 0091AAFA, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

GetFileVersionInfoW.KERNELBASE(?,?,?,?), ref: 0091AB3D

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: FileInfoVersion
String ID:
API String ID: 2427832333-0
Opcode ID: e886a3872906e9c14a56fd22b6e3d2e007ce1f01ef0450ae8ec364a113085410
Instruction ID: 3b82bc954dad5885050e6f2f9fe75224d28dcec0e4fecf5cef527048fb22d875
Opcode Fuzzy Hash: e886a3872906e9c14a56fd22b6e3d2e007ce1f01ef0450ae8ec364a113085410
Instruction Fuzzy Hash: 1D01D2356447449FDB20CF16D880BA6FBE8EF14720F08849ADD458B652D274E888CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0091AA4A, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 0091AA87

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: FileInfoSizeVersion
String ID:
API String ID: 1661704012-0
Opcode ID: 435d8a8db15f395a79cdc21f16b0e5acc0f74d3d4b50e0b117a542c1f30ecbd6
Instruction ID: 8ef5ac2073e8044bc3f43f5afd55b35b21fa83e3f3e6d982775592478e52458a
Opcode Fuzzy Hash: 435d8a8db15f395a79cdc21f16b0e5acc0f74d3d4b50e0b117a542c1f30ecbd6
Instruction Fuzzy Hash: E9019E75A013449FDB20CF5AD9847A6FBD8EF04320F08C4AADD488B646D278E844CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0091AE86, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

VerLanguageNameW.KERNELBASE(?,00000E2C,?,?), ref: 0091AED6

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: LanguageName
String ID:
API String ID: 2060303382-0
Opcode ID: 21dc2da2bdc39f8bb2b742014e17f39a8e8f93f87193e2d7fac6a7a1094c268a
Instruction ID: d91589d30d77d947a60c3037ad712fdd18b8d5d77ff7261827e1c15eddce8661
Opcode Fuzzy Hash: 21dc2da2bdc39f8bb2b742014e17f39a8e8f93f87193e2d7fac6a7a1094c268a
Instruction Fuzzy Hash: 4601A275540600ABD214DF1ADC82B36FBA8FB89B20F14811AED088B741E271F516CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 0091A40A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0091A43C

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: f3ad537da2cc800c4a6175c7a5ac66d86114cd89e6e9777124a6cf987734a108
Instruction ID: 5b8b92eecfbc3892a47fad3e57a0ce410091d2a66fb68ccb5146d42b97addde4
Opcode Fuzzy Hash: f3ad537da2cc800c4a6175c7a5ac66d86114cd89e6e9777124a6cf987734a108
Instruction Fuzzy Hash: 1D0184756013449FDB20CF59D8897A6FB94DF04320F18C4AADD458F695D6B8D844CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0091A25E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0091A290

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: ed36895ed5994e3bae97fa24ca3766e51ed19090a721e6cb824c065ac9335243
Instruction ID: 47ebdae9816e2d896f0bce80ce46b61a13996e4ddcf9fa108a1a0888b81eea7b
Opcode Fuzzy Hash: ed36895ed5994e3bae97fa24ca3766e51ed19090a721e6cb824c065ac9335243
Instruction Fuzzy Hash: A8F0F434A043048FD7208F06D884761FB94EF04720F08C49ADD044B746D379A844CEA2

Uniqueness

Uniqueness Score: -1.00%

Function 0091A91A, Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNELBASE ref: 0091A949

Memory Dump Source

Source File: 00000007.00000002.715403698.000000000091A000.00000040.00000001.sdmp, Offset: 0091A000, based on PE: false

Similarity

API ID: ConsoleOutput
String ID:
API String ID: 3985236979-0
Opcode ID: ff677fe52f7e963526dffd354ddf526226af613712e46c4d2e5463c4bdb6295f
Instruction ID: 99939068ffa43a1e1e89d1e2ced755adee0be6baa846c50bb4cfe91345e1dd57
Opcode Fuzzy Hash: ff677fe52f7e963526dffd354ddf526226af613712e46c4d2e5463c4bdb6295f
Instruction Fuzzy Hash: DDF0AF346013448FD7108F16D8857A6FB94EF04720F18C09ADD494F756D278A984CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 02381B03, Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

:@fq, xrefs: 02381B58

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: adeb1c683ae377e57d8140e0939a526828995cfdfed11feab9a4c06edcf19e19
Instruction ID: d233c8becff2c0eb83a3f876ef712550072a442d011ebe1ceadc75d89ad740c7
Opcode Fuzzy Hash: adeb1c683ae377e57d8140e0939a526828995cfdfed11feab9a4c06edcf19e19
Instruction Fuzzy Hash: 0871EE30705304DFC325AB28D854F2ABBF6AF81311F15C4AAE58A8F692DB74EC46DB40

Uniqueness

Uniqueness Score: -1.00%

Function 02380150, Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

:@fq, xrefs: 023801A7

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID: :@fq
API String ID: 0-3673016210
Opcode ID: 101e9ac04dc22d5e514cd698ae7946767b0273b8569e75913d7df66d769b544c
Instruction ID: c05a7560a047e613fbf3b854156925f0f7f6129d82d6ff51e6f53db256ecdbda
Opcode Fuzzy Hash: 101e9ac04dc22d5e514cd698ae7946767b0273b8569e75913d7df66d769b544c
Instruction Fuzzy Hash: B3217431A15108AFCB15DFA6DD449DEBBFAAF8D310F14812AE505F7261EB304915DB50

Uniqueness

Uniqueness Score: -1.00%

Function 02381540, Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 645937c2a82b80114fc71c9b42a2af319ec53a5374df013d373c2f543d109ffc
Instruction ID: 42084b5e0a26c44d8aed24723406f6c8371714bfada4512b195c1a85b8f6800a
Opcode Fuzzy Hash: 645937c2a82b80114fc71c9b42a2af319ec53a5374df013d373c2f543d109ffc
Instruction Fuzzy Hash: 7851B0347143058FCB14AB78D8487AE3BE7AFC8320F15846AE84ACB3A5DB749D46DB51

Uniqueness

Uniqueness Score: -1.00%

Function 023806C8, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59bf1b7cf7be59bb493430c456eae650d5bc1d0913b8c1a6ef3fec50d86f5bdf
Instruction ID: 93c8c460fdb5a7c7063bf7aa3350122fbd9ec91e0a5d4ff1b12e45f6bc35e5ea
Opcode Fuzzy Hash: 59bf1b7cf7be59bb493430c456eae650d5bc1d0913b8c1a6ef3fec50d86f5bdf
Instruction Fuzzy Hash: 3251A0317002559FDB18EB69C890BAE77F2AF88310F248169E445DF2A1EB75DC4ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 02380007, Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 242ed222da3165802e679268cb0def2db85fbec14c50888d82243f05950cd5b6
Instruction ID: 080fbe842bc35400c341fb533f2a3a76b9afa1fd41011257097f2d52bd4f2057
Opcode Fuzzy Hash: 242ed222da3165802e679268cb0def2db85fbec14c50888d82243f05950cd5b6
Instruction Fuzzy Hash: 1531722050E3C19FD7039B7498786A93FB1AF83204F1A84DFD081CF2B7D669994AC762

Uniqueness

Uniqueness Score: -1.00%

Function 02381453, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52c02049c1d698d5f2b8ab2278685f862e80d5bc644f15d3fc5ade20a928b3bf
Instruction ID: 8c909ab829a5d610b35f4950c5a1bf09a3553959be2ffe6e1c8da0a10eec831b
Opcode Fuzzy Hash: 52c02049c1d698d5f2b8ab2278685f862e80d5bc644f15d3fc5ade20a928b3bf
Instruction Fuzzy Hash: C821A1303193518FD726AB74AC28B6E7BAAAFC5745B15806AD406CB3D6DB78CC03C751

Uniqueness

Uniqueness Score: -1.00%

Function 02380521, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e222eb45bd52ee88cf3c45a75f196c6e9b81acd0430990f5be9c13215b8fc157
Instruction ID: 74a38fe2967dd4a50bd1c95871315c6ba52713c24c32630fa31fb684d80219db
Opcode Fuzzy Hash: e222eb45bd52ee88cf3c45a75f196c6e9b81acd0430990f5be9c13215b8fc157
Instruction Fuzzy Hash: C4114C317052258FC759B73CD468A6D36E3AFC6305B1580B8E406CF7A6DE29CC86C792

Uniqueness

Uniqueness Score: -1.00%

Function 02381530, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd17abdab56c50d7173786cc4be8f0978203da813152fb51cef7e34af6f6b722
Instruction ID: 7b5dfb38775887877ba4622c40ac20bf808e138aaf793670c9719517fc4c922b
Opcode Fuzzy Hash: cd17abdab56c50d7173786cc4be8f0978203da813152fb51cef7e34af6f6b722
Instruction Fuzzy Hash: 4D112935614311DFC720BB35D8447AA77E6AFC1350F0584BAE84ACF562E7388A46DB51

Uniqueness

Uniqueness Score: -1.00%

Function 02380530, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edd965acf823d436cac71c379499ac9a8f77b4c669e4ef380b38be088984ecb8
Instruction ID: 0322c2e6fa57592a25aa2e6035d097cde48a4a994f7a79c765152d47f34db432
Opcode Fuzzy Hash: edd965acf823d436cac71c379499ac9a8f77b4c669e4ef380b38be088984ecb8
Instruction Fuzzy Hash: 49114C313012258FC759B73CD468B6D36E7AFC5345B158078E40ACF7A6DE29CC869792

Uniqueness

Uniqueness Score: -1.00%

Function 023805FB, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a8b9327adfb02fd883a666db51f599649b55cb89d534a0f3b920aec5f9e88d7
Instruction ID: 8a1e727b1024f7ea5b066935c762462193f7d8ef04d4f4981a62e921279f0957
Opcode Fuzzy Hash: 8a8b9327adfb02fd883a666db51f599649b55cb89d534a0f3b920aec5f9e88d7
Instruction Fuzzy Hash: FE01F93171C5A08FC719AB38A81C2AD7FE7AFCA21530980AAD145CB2A6CF344D47D741

Uniqueness

Uniqueness Score: -1.00%

Function 02381570, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b60dab157011a68672ddc9577b0f37aafda08aac20981c6fee3a4ad3a9804ba
Instruction ID: 3362a15e66fc2ad21a90871bc821c708d488353e4d75916cb5fbfc5f8a53a651
Opcode Fuzzy Hash: 3b60dab157011a68672ddc9577b0f37aafda08aac20981c6fee3a4ad3a9804ba
Instruction Fuzzy Hash: 1A01F535B103049BC720BB35EC4476A73EBABC4350F048539E94ACB255EB349906D790

Uniqueness

Uniqueness Score: -1.00%

Function 02381D7B, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c55239bef63b4cd5eeccf3662ce64f2daf5e5410e372d1863b8e7de91fc43456
Instruction ID: f06e0c344832439107d810a86b5ad94e21c7d9a4026810222f58f26d1f88515b
Opcode Fuzzy Hash: c55239bef63b4cd5eeccf3662ce64f2daf5e5410e372d1863b8e7de91fc43456
Instruction Fuzzy Hash: 80015E30A0E3C15FC717577558347A97FB68F87200B2940EAE886DB2E7D9688817D761

Uniqueness

Uniqueness Score: -1.00%

Function 02381D88, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87234934946f1b684fc28e9ae8b629b5bb8dd2d7c77c66f8780418db40902b9b
Instruction ID: 90cb0f06e0ba127f0e6922b60634a1de28fc4d2a85d71e539105547d72501367
Opcode Fuzzy Hash: 87234934946f1b684fc28e9ae8b629b5bb8dd2d7c77c66f8780418db40902b9b
Instruction Fuzzy Hash: FB018130A093C55FC7161775983475A3FFA9F87200B2940EAE886CB2A6DE748917D761

Uniqueness

Uniqueness Score: -1.00%

Function 02381770, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33cfb452c67d812d12b7ea24a00f9863a480b810acfced882c756caac2d0eaa2
Instruction ID: 084633cc77b9551a6f986100318f015506ed8e2634c95a7c981380ebaad37aea
Opcode Fuzzy Hash: 33cfb452c67d812d12b7ea24a00f9863a480b810acfced882c756caac2d0eaa2
Instruction Fuzzy Hash: E701A231B182905FC705A77898187693BE6AF8A311B1941E9E04ACB7A6CA758C46C751

Uniqueness

Uniqueness Score: -1.00%

Function 022905CF, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715547830.0000000002290000.00000040.00000040.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 761c468cdf001de24588e07531c1e95b3e669994cc2f8ab1f4f6c19abaee9e2f
Instruction ID: 5f9f65431950d781bc8e1c237125fe1bac70f6a0ea145d7f7fe2c1535cf5dfa0
Opcode Fuzzy Hash: 761c468cdf001de24588e07531c1e95b3e669994cc2f8ab1f4f6c19abaee9e2f
Instruction Fuzzy Hash: 3EF0D6B95487806FD3118B16EC51863FFE8DF8623070980ABEC89CB212D125A949CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 023817F3, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92eef7401e6e42390cab1ced17a037f343972295e65a50e4a519b1ce33a0c1de
Instruction ID: 0e07ced3b998cd2635045973a6d0bd2c48d2d0fd40e53843db2c6c4eaae435d8
Opcode Fuzzy Hash: 92eef7401e6e42390cab1ced17a037f343972295e65a50e4a519b1ce33a0c1de
Instruction Fuzzy Hash: 9EF0AF307053569FC705F37A8425A6E37EBAFCA64031445A9D146CB396EF28DC46C396

Uniqueness

Uniqueness Score: -1.00%

Function 02380630, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d6d259f129f1ff426a9d8538ac929e7585853e15b6cac14112becb6df96c7a5
Instruction ID: 3767ba5bbcb07239cc13e179b3df3624bb55102707d1da1348cd40f0177008f6
Opcode Fuzzy Hash: 4d6d259f129f1ff426a9d8538ac929e7585853e15b6cac14112becb6df96c7a5
Instruction Fuzzy Hash: 9FF06231B185608FC719AB79945C5ADBBF3AFC921131580BAD50AC77A6DF344C1B8742

Uniqueness

Uniqueness Score: -1.00%

Function 02380697, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2722cf931fca013385458e458e89c137a7c9a24ef3cde8d72e22caabe3c1bb87
Instruction ID: 0903174c41da62d96e6060464b79809022fd6d151f7b59660a9068b1f45c3b05
Opcode Fuzzy Hash: 2722cf931fca013385458e458e89c137a7c9a24ef3cde8d72e22caabe3c1bb87
Instruction Fuzzy Hash: 8AF0F6A214D3C04FC30657308C547C83FA5AF87270F1605DAD4519F0E7DA65884B8712

Uniqueness

Uniqueness Score: -1.00%

Function 023818E8, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93889fa1cf54e2ae923b68b3b6f7a229e184aec1daaa5270f7e8da5f16541325
Instruction ID: d3acbe5257b640e3d68499ead8daffa85474a6402e0ea7b7c2b88e6c072e41e3
Opcode Fuzzy Hash: 93889fa1cf54e2ae923b68b3b6f7a229e184aec1daaa5270f7e8da5f16541325
Instruction Fuzzy Hash: 7BF082327192006FC714DB38E88489A7B66EFDA311312817AE406C7255DA758D07DB50

Uniqueness

Uniqueness Score: -1.00%

Function 02380640, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e7d053844ba6950b9b240b8c89430d30e44d7ed0880f7503806a2702a8a0f02
Instruction ID: fef8c9ca9b105b75f7c8cd9643a81214d01166ff60b0e3921a3099b114f023a7
Opcode Fuzzy Hash: 3e7d053844ba6950b9b240b8c89430d30e44d7ed0880f7503806a2702a8a0f02
Instruction Fuzzy Hash: BCE02B317184204B4718B73A981C16D77D79FCC2113058039E90BC33A1CE344C034782

Uniqueness

Uniqueness Score: -1.00%

Function 02381990, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39539bc7cf2a38264f7798ffcff75c166360a281c11040c4b8106fdce49641d4
Instruction ID: bce3e109fc0c2a819e8daa0a22b64612e623de87bc2dea6f825e0623e88d0d42
Opcode Fuzzy Hash: 39539bc7cf2a38264f7798ffcff75c166360a281c11040c4b8106fdce49641d4
Instruction Fuzzy Hash: 24F0E5322092905FD71653B89410B9D7FEACFC7311B1840EFE045CB2A2C9B94C86C762

Uniqueness

Uniqueness Score: -1.00%

Function 022905F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715547830.0000000002290000.00000040.00000040.sdmp, Offset: 02290000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e56d5533a1285c7b8088e8bb2d3361c1fa3b50c0af27214595c5b5dc229b3eb8
Instruction ID: 29e2d55074b7ce27a4df53eaa1fdcf09f7a90d7771557a853e892fab85844b17
Opcode Fuzzy Hash: e56d5533a1285c7b8088e8bb2d3361c1fa3b50c0af27214595c5b5dc229b3eb8
Instruction Fuzzy Hash: 41E06DB66406005BD650CF0AEC41462FBD8EB84630718C06BDC0D8B700E679B5048EA5

Uniqueness

Uniqueness Score: -1.00%

Function 023818F8, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e3e5f2a988f440e63987be1bb21b55a188f71f6a0c4e51f9c1d1008a7a5f218
Instruction ID: fe9e7bedfd919595e7774ca72ed685bdc981c41005533cf447f282deb765068e
Opcode Fuzzy Hash: 6e3e5f2a988f440e63987be1bb21b55a188f71f6a0c4e51f9c1d1008a7a5f218
Instruction Fuzzy Hash: D3E09B323151046BC718EB39EC8485E7B5AEFC9310311843AE906C7314DE719D019750

Uniqueness

Uniqueness Score: -1.00%

Function 023819A0, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81d4ebe621419fd54c1d105f2a0d9b393ab0b1f347c8f1b7c0d53fc41db4e25a
Instruction ID: 440b6391293ac5bd7ad1d3dfdbedad35e5f86cf1a3f2c2bf05a3b1535abf3612
Opcode Fuzzy Hash: 81d4ebe621419fd54c1d105f2a0d9b393ab0b1f347c8f1b7c0d53fc41db4e25a
Instruction Fuzzy Hash: E0E0C2323001208BC30873ADE410B9E73DFCBC9321B10807AE109D7351CDB5AC4243A1

Uniqueness

Uniqueness Score: -1.00%

Function 02380251, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e5d81a9fcf2658469be0bb07a402bd337a2bdaa15ee10e2b458d20b8e201f3
Instruction ID: e59dd4ad7d67261b979975e42242565b08751811da7963d931623ae6181d6ee7
Opcode Fuzzy Hash: 63e5d81a9fcf2658469be0bb07a402bd337a2bdaa15ee10e2b458d20b8e201f3
Instruction Fuzzy Hash: 14D01236B05100CFDF54A6BDF8082ECB395EFC4225B10017BD50ADB661EA35CC59C712

Uniqueness

Uniqueness Score: -1.00%

Function 009123F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715394792.0000000000912000.00000040.00000001.sdmp, Offset: 00912000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a38a5f9959dfc2d71b64e882099273eb93e5d21c29c27b73a0f32b3a42fd1b0
Instruction ID: 78d93dee35f1b689ef586c7b78db594978829550db630e1ebb284e9cd7838d46
Opcode Fuzzy Hash: 4a38a5f9959dfc2d71b64e882099273eb93e5d21c29c27b73a0f32b3a42fd1b0
Instruction Fuzzy Hash: BCD05E79309A914FD3269B1CC1A8B953BD8AB51B04F4644F9E8008B6B7C369EAD1D200

Uniqueness

Uniqueness Score: -1.00%

Function 023818BB, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d08a9854400944c9a99b604006ad745bfa20298cc765a07e3e7c364c04287442
Instruction ID: d241d2cd67308fbc458a21f6753204902b4726933c5e77caa3e4773d09dacb10
Opcode Fuzzy Hash: d08a9854400944c9a99b604006ad745bfa20298cc765a07e3e7c364c04287442
Instruction Fuzzy Hash: 62E0127004D3815FC7068F28DC944697FB5AE82105F09C9AEE0C987156E275955BC752

Uniqueness

Uniqueness Score: -1.00%

Function 009123BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715394792.0000000000912000.00000040.00000001.sdmp, Offset: 00912000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 225c21668fbb71028936f0dd76a2f529020152a6fb3771d33de804a1bfc7a6cb
Instruction ID: 1090b15a95bc65d219e927f490b62fa0264ffaf919a9c65860136d13e6541161
Opcode Fuzzy Hash: 225c21668fbb71028936f0dd76a2f529020152a6fb3771d33de804a1bfc7a6cb
Instruction Fuzzy Hash: 89D05E343003894FC715EB0CC294F9937D8AB41B00F0644E8AC108B266C7A8DCD2D600

Uniqueness

Uniqueness Score: -1.00%

Function 02380130, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a27caa5b8063eb399ac82e3f182ef52535f404669061ad0c4f92c03b024f9ab
Instruction ID: 459d7f6d35884989dd95c153f8cd65eabe79bb2ff4c2120d9c9db479961a0290
Opcode Fuzzy Hash: 1a27caa5b8063eb399ac82e3f182ef52535f404669061ad0c4f92c03b024f9ab
Instruction Fuzzy Hash: E8C02B30358B080BDF1027F47C4C33633CC4781118F000430B40DCB141ED1DD8224140

Uniqueness

Uniqueness Score: -1.00%

Function 023818C8, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.715562223.0000000002380000.00000040.00000001.sdmp, Offset: 02380000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1214686e19cb7f5ef0f7e0f8825d4ee0acd7ed62d491b482496aa3acb56ac6e
Instruction ID: a78e7e9dd6b2bac99f10a31b06fa6f57e55c7c433259593a03574ee7d42713a3
Opcode Fuzzy Hash: d1214686e19cb7f5ef0f7e0f8825d4ee0acd7ed62d491b482496aa3acb56ac6e
Instruction Fuzzy Hash: 61C01270418201AFC740EF28EC4596A7BF0FB80605F41C92CE48DC2110F270561DCB52

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Yeni sipari#U015f _WJO-001, pdf.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: NanoCore

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

AV Detection:

E-Banking Fraud:

Stealing of Sensitive Information:

Remote Access Functionality:

Jbx Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Snort IDS Alerts