Windows Analysis Report Hong Tak Engineering SB Payment Receipt 241121_PDF.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: GuLoader |
---|
{"Payload URL": "https://onedrive.live.com/download?cid=7FA6B3"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Uses dynamic DNS services | Show sources |
Source: | DNS query: |
Source: | ASN Name: |
Source: | TCP traffic: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Installs a global keyboard hook | Show sources |
Source: | Windows user hook set: | Jump to behavior |
E-Banking Fraud: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
Executable has a suspicious name (potential lure to open the executable) | Show sources |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 3_2_022DD82A | |
Source: | Code function: | 3_2_022D8863 | |
Source: | Code function: | 3_2_022DB5A0 | |
Source: | Code function: | 3_2_022DFDCF | |
Source: | Code function: | 3_2_022DEA2B | |
Source: | Code function: | 3_2_022D1E67 | |
Source: | Code function: | 3_2_022D1272 | |
Source: | Code function: | 3_2_022D1E5C | |
Source: | Code function: | 3_2_022DDF39 | |
Source: | Code function: | 3_2_022D6F34 | |
Source: | Code function: | 3_2_022D6F0E | |
Source: | Code function: | 3_2_022DD76D | |
Source: | Code function: | 3_2_022DDF76 | |
Source: | Code function: | 3_2_022DDF44 | |
Source: | Code function: | 3_2_022D67AF | |
Source: | Code function: | 3_2_022DDFA4 | |
Source: | Code function: | 3_2_022D47EF | |
Source: | Code function: | 3_2_022D6FF3 | |
Source: | Code function: | 3_2_022D67C6 | |
Source: | Code function: | 3_2_022DD82C | |
Source: | Code function: | 3_2_022D7824 | |
Source: | Code function: | 3_2_022D6820 | |
Source: | Code function: | 3_2_022DF032 | |
Source: | Code function: | 3_2_022D481B | |
Source: | Code function: | 3_2_022DD863 | |
Source: | Code function: | 3_2_022DD8BF | |
Source: | Code function: | 3_2_022DB48A | |
Source: | Code function: | 3_2_022D7093 | |
Source: | Code function: | 3_2_022D08F9 | |
Source: | Code function: | 3_2_022DD8CC | |
Source: | Code function: | 3_2_022D48C3 | |
Source: | Code function: | 3_2_022D70DE | |
Source: | Code function: | 3_2_022D4933 | |
Source: | Code function: | 3_2_022DD903 | |
Source: | Code function: | 3_2_022D4967 | |
Source: | Code function: | 3_2_022D0943 | |
Source: | Code function: | 3_2_022D495D | |
Source: | Code function: | 3_2_022D8556 | |
Source: | Code function: | 3_2_022DB5AB | |
Source: | Code function: | 3_2_022D11B1 | |
Source: | Code function: | 3_2_022D498F | |
Source: | Code function: | 3_2_022D41F7 | |
Source: | Code function: | 3_2_022D11F3 | |
Source: | Code function: | 3_2_022D41C0 | |
Source: | Code function: | 15_2_02CF0710 |
Source: | Code function: | 3_2_022DD82A | |
Source: | Code function: | 3_2_022D8863 | |
Source: | Code function: | 3_2_022DF872 | |
Source: | Code function: | 3_2_022DDA3B | |
Source: | Code function: | 3_2_022DDA6A | |
Source: | Code function: | 3_2_022DDAA6 | |
Source: | Code function: | 3_2_022DDAD3 | |
Source: | Code function: | 3_2_022DDB38 | |
Source: | Code function: | 3_2_022DDB00 | |
Source: | Code function: | 3_2_022DDB76 | |
Source: | Code function: | 3_2_022DDBC7 | |
Source: | Code function: | 3_2_022DD82C | |
Source: | Code function: | 3_2_022DDC13 | |
Source: | Code function: | 3_2_022DD863 | |
Source: | Code function: | 3_2_022D887B | |
Source: | Code function: | 3_2_022DD8BF | |
Source: | Code function: | 3_2_022DD8CC | |
Source: | Code function: | 3_2_022DD93B | |
Source: | Code function: | 3_2_022DD903 | |
Source: | Code function: | 3_2_022D896B | |
Source: | Code function: | 3_2_022DD9B2 | |
Source: | Code function: | 3_2_022DD983 | |
Source: | Code function: | 3_2_022DD9E5 | |
Source: | Code function: | 15_2_02CF0B83 | |
Source: | Code function: | 15_2_02CF0C78 | |
Source: | Code function: | 15_2_02CF0CC8 | |
Source: | Code function: | 15_2_02CF0C47 | |
Source: | Code function: | 15_2_02CF0BD8 | |
Source: | Code function: | 15_2_02CF0D17 | |
Source: | Code function: | 15_2_02CF0C7F | |
Source: | Code function: | 15_2_02CF0C77 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Mutant created: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 3_2_00407491 | |
Source: | Code function: | 3_2_0040488D | |
Source: | Code function: | 3_2_022D9615 | |
Source: | Code function: | 3_2_022D5A4E | |
Source: | Code function: | 3_2_022D0516 | |
Source: | Code function: | 3_2_022D0516 | |
Source: | Code function: | 3_2_022D0516 | |
Source: | Code function: | 3_2_022DA806 | |
Source: | Code function: | 3_2_022D0516 | |
Source: | Code function: | 3_2_022D0516 | |
Source: | Code function: | 3_2_022D0516 | |
Source: | Code function: | 3_2_022D0516 | |
Source: | Code function: | 3_2_022D0516 | |
Source: | Code function: | 3_2_022D0D73 | |
Source: | Code function: | 3_2_022D0D73 | |
Source: | Code function: | 3_2_022D116C | |
Source: | Code function: | 3_2_022D9615 |
Source: | File created: | |||
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior |
Source: | Code function: | 3_2_022D4123 |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Code function: | 3_2_022D4123 |
Source: | Code function: | 3_2_022DEA2B | |
Source: | Code function: | 3_2_022DC345 | |
Source: | Code function: | 3_2_022D9889 | |
Source: | Code function: | 3_2_022DD108 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 3_2_022DAD16 |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Registry Run Keys / Startup Folder1 | Process Injection112 | Masquerading1 | Input Capture11 | Security Software Discovery421 | Remote Services | Input Capture11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | DLL Side-Loading1 | Registry Run Keys / Startup Folder1 | Virtualization/Sandbox Evasion23 | LSASS Memory | Virtualization/Sandbox Evasion23 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Side-Loading1 | Process Injection112 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol21 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | System Information Discovery2 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
40% | Virustotal | Browse | ||
27% | ReversingLabs | Win32.Downloader.GuLoader |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
40% | Virustotal | Browse | ||
27% | ReversingLabs | Win32.Downloader.GuLoader |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
olufem.ddns.net | 124.82.81.98 | true | true | unknown | |
onedrive.live.com | unknown | unknown | false | high | |
7ybh4q.bn.files.1drv.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
124.82.81.98 | olufem.ddns.net | Malaysia | 4788 | TMNET-AS-APTMNetInternetServiceProviderMY | true |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 528205 |
Start date: | 24.11.2021 |
Start time: | 21:11:59 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Hong Tak Engineering SB Payment Receipt 241121_PDF.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 41 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/3@10/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
21:15:22 | Task Scheduler | |
21:15:54 | Autostart | |
21:16:02 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
olufem.ddns.net | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TMNET-AS-APTMNetInternetServiceProviderMY | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 128816 |
Entropy (8bit): | 5.999498053134024 |
Encrypted: | false |
SSDEEP: | 1536:I+3sCKWgen7J84YCrMYpNxXeBwodguvRZkVT7yaBOJzFHKAgYX5:I1PX0JLHrJNvoPvoVT58JzFh5 |
MD5: | B2E24BC0F1F55F2AC9D8034098DFE32F |
SHA1: | 4A20778ACF6D512792077DC339F23ACFBDF22875 |
SHA-256: | D5ACE58C68D1FF767B284DEB172B5CE0550E96023A509A171FA7B34F0929B8E0 |
SHA-512: | 01DBC321743ACF74EF5557F9429D26AA5892B196C695A5E4ED0342D626C4E98A650D01729975D20812653EDAF5295FDC7484A43949738D9DE5EFFDB1DCB7B896 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Hong Tak Engineering SB Payment Receipt 241121_PDF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 1.3863194741075688 |
Encrypted: | false |
SSDEEP: | 96:GaabmG8CL3uSTdfPBeQaabmG8CL3uSTdf:i93jJBeU93j |
MD5: | B3A27F74C52AC98DDE14EA7A804ECFD6 |
SHA1: | 5F6D3F7644E0973D8A059AC228042EA60C507836 |
SHA-256: | F6C6736ACA8B6A743732E216DBB62B59B65DCBB0B6308B2B28D67706ABBC7F0C |
SHA-512: | F7129070C7133C63C57BE7724B322B2A8F3FB6624F35B7A4E730DECD418E488CBF53292E845255DEDCFBA1502A0332D7DB17EF29D0E2A2A4DD345F87EECB36BE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 144 |
Entropy (8bit): | 3.3458058208756873 |
Encrypted: | false |
SSDEEP: | 3:rklKlFlUef4qClDl5JWRal2Jl+7R0DAlBG45klovDl6v:IlKPlPf4qCb5YcIeeDAlOWAv |
MD5: | 15929DC814DA0FBE525987A12E1802A8 |
SHA1: | AF68046542D879732F3D447B3046FD02D5B5EFC1 |
SHA-256: | 3D48A06F43C9DC735B6174D4019EFBF866D9F11946A8D2F691CA7DF33460823F |
SHA-512: | 74C074F001B04538BE027C1E8FCE6F1CBC5A36D01083B3AB455DFDA14DC61850E12B816C5A4E9C7D3A22422E223E866306D874293DB157415B0C70DF3A1A8C3F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.999498053134024 |
TrID: |
|
File name: | Hong Tak Engineering SB Payment Receipt 241121_PDF.exe |
File size: | 128816 |
MD5: | b2e24bc0f1f55f2ac9d8034098dfe32f |
SHA1: | 4a20778acf6d512792077dc339f23acfbdf22875 |
SHA256: | d5ace58c68d1ff767b284deb172b5ce0550e96023a509a171fa7b34f0929b8e0 |
SHA512: | 01dbc321743acf74ef5557f9429d26aa5892b196c695a5e4ed0342d626c4e98a650d01729975d20812653edaf5295fdc7484a43949738d9de5effdb1dcb7b896 |
SSDEEP: | 1536:I+3sCKWgen7J84YCrMYpNxXeBwodguvRZkVT7yaBOJzFHKAgYX5:I1PX0JLHrJNvoPvoVT58JzFh5 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&T..&...&...&...&...&...&Rich...&................PE..L......V.....................`...... .............@........ |
File Icon |
---|
Icon Hash: | 42b97ce4f0e1f2e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401320 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x56BC1AFE [Thu Feb 11 05:24:14 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 995d60149de3040b4890e5871343f4eb |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | E=dykkerklokkeado@LOKALITET.Sk, CN=godkendelsesmil, OU=Iroquoianspri1, O=Klarissenobie, L=KEDECHRYSLEROVEREF, S=AFSPADSERING, C=SC |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8ACCDE5BD3D9438F5ED6CE6C1979787E |
Thumbprint SHA-1: | E6BE6E4C60B6588F4C337C033C6165C6914F3249 |
Thumbprint SHA-256: | A2E6DA055CC6C343D9251796595BC0A1882C21EC31DBD14C72A656EC419A4096 |
Serial: | 00 |
Entrypoint Preview |
---|
Instruction |
---|
push 0040284Ch |
call 00007F7778890783h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [esi-71919BE2h], al |
inc esi |
mov byte ptr [ecx-66h], cl |
popfd |
std |
iretd |
adc dword ptr [ebp+00003112h], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
inc eax |
add bh, byte ptr [eax] |
or byte ptr [ecx+00h], al |
inc esp |
outsd |
jnbe 00007F7778890800h |
imul esp, dword ptr [ebp+73h], 6E6F6B74h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
add esp, ebx |
mov byte ptr [DB0681D6h], al |
mov eax, dword ptr [DCCA9944h] |
clc |
mov dword ptr [128312C7h], eax |
sub eax, 4704A48Fh |
scasd |
dec ebp |
test al, E0h |
inc esi |
xor eax, ecx |
scasd |
call 00007F7725D84231h |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
stosb |
push cs |
add byte ptr [eax], al |
mov dword ptr [esi], ecx |
add byte ptr [eax], al |
add byte ptr [eax+eax], cl |
push ebx |
jne 00007F7778890800h |
jbe 00007F77788907F9h |
jc 00007F77788907FDh |
xor dword ptr [eax], eax |
or eax, 42000701h |
popad |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x19264 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1c000 | 0x373c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1f000 | 0x730 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x118 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x18728 | 0x19000 | False | 0.47935546875 | data | 6.37312654175 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x1a000 | 0x1a94 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x1c000 | 0x373c | 0x4000 | False | 0.217163085938 | data | 3.71594095347 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
SET | 0x1d296 | 0x24a6 | MS Windows icon resource - 3 icons, 24x24, 16 colors, 4 bits/pixel, 24x24, 8 bits/pixel | English | United States |
RT_ICON | 0x1c9ee | 0x8a8 | data | ||
RT_ICON | 0x1c486 | 0x568 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x1c464 | 0x22 | data | ||
RT_VERSION | 0x1c170 | 0x2f4 | data | Chinese | Taiwan |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaObjVar, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, __vbaR8Str, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaStrToAnsi, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaR8IntI4, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0404 0x04b0 |
LegalCopyright | Clamore |
InternalName | GRUDGEFULUNNOT |
FileVersion | 1.00 |
CompanyName | Clamore |
LegalTrademarks | Clamore |
Comments | Clamore |
ProductName | Clamore |
ProductVersion | 1.00 |
FileDescription | Clamore |
OriginalFilename | GRUDGEFULUNNOT.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Chinese | Taiwan |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
11/24/21-21:16:03.943231 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 54993 | 1.1.1.1 | 192.168.11.20 |
11/24/21-21:17:10.219978 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 61388 | 1.1.1.1 | 192.168.11.20 |
11/24/21-21:18:16.486809 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 56392 | 1.1.1.1 | 192.168.11.20 |
11/24/21-21:19:22.754077 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 53851 | 1.1.1.1 | 192.168.11.20 |
11/24/21-21:20:29.035139 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 57069 | 1.1.1.1 | 192.168.11.20 |
11/24/21-21:21:35.301983 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 50763 | 1.1.1.1 | 192.168.11.20 |
11/24/21-21:22:41.570485 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 62805 | 1.1.1.1 | 192.168.11.20 |
11/24/21-21:23:47.834671 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 63500 | 1.1.1.1 | 192.168.11.20 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 24, 2021 21:16:03.944188118 CET | 49768 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:04.954806089 CET | 49768 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:06.969886065 CET | 49768 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:10.984575987 CET | 49768 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:18.998584032 CET | 49768 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:26.054233074 CET | 49776 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:27.059231997 CET | 49776 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:29.058798075 CET | 49776 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:33.073483944 CET | 49776 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:41.087390900 CET | 49776 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:48.120667934 CET | 49783 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:49.132457972 CET | 49783 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:51.147586107 CET | 49783 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:16:55.162360907 CET | 49783 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:03.176305056 CET | 49783 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:10.221398115 CET | 49786 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:11.221426964 CET | 49786 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:13.236635923 CET | 49786 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:17.251171112 CET | 49786 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:25.265109062 CET | 49786 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:32.297257900 CET | 49789 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:33.310327053 CET | 49789 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:35.325279951 CET | 49789 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:39.340059042 CET | 49789 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:47.353986025 CET | 49789 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:54.386050940 CET | 49791 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:55.399092913 CET | 49791 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:17:57.414266109 CET | 49791 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:01.429003000 CET | 49791 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:09.442759037 CET | 49791 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:16.487657070 CET | 49793 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:17.487942934 CET | 49793 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:19.503175020 CET | 49793 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:23.522046089 CET | 49793 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:31.531696081 CET | 49793 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:38.563545942 CET | 49796 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:39.576857090 CET | 49796 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:41.591892958 CET | 49796 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:45.606659889 CET | 49796 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:18:53.620731115 CET | 49796 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:00.652743101 CET | 49799 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:01.665728092 CET | 49799 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:03.680870056 CET | 49799 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:07.695575953 CET | 49799 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:15.709378004 CET | 49799 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:22.755846024 CET | 49800 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:23.770164013 CET | 49800 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:25.785235882 CET | 49800 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:29.800086021 CET | 49800 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:37.814014912 CET | 49800 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:44.845944881 CET | 49802 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:45.859019995 CET | 49802 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:47.874130964 CET | 49802 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:51.889010906 CET | 49802 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:19:59.902756929 CET | 49802 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:06.934803963 CET | 49805 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:07.947868109 CET | 49805 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:09.963076115 CET | 49805 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:13.977791071 CET | 49805 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:21.991703987 CET | 49805 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:29.036036968 CET | 49807 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:30.036818027 CET | 49807 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:32.051997900 CET | 49807 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:36.066572905 CET | 49807 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:44.080523014 CET | 49807 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:51.112462997 CET | 49808 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:52.125577927 CET | 49808 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:54.140883923 CET | 49808 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:20:58.155420065 CET | 49808 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:06.169336081 CET | 49808 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:13.201263905 CET | 49810 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:14.214443922 CET | 49810 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:16.229585886 CET | 49810 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:20.244519949 CET | 49810 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:28.258208990 CET | 49810 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:35.302795887 CET | 49813 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:36.303348064 CET | 49813 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:38.318450928 CET | 49813 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:42.333194971 CET | 49813 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:50.347140074 CET | 49813 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:57.379214048 CET | 49821 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:21:58.392088890 CET | 49821 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:00.407411098 CET | 49821 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:04.422167063 CET | 49821 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:12.435956001 CET | 49821 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:19.469208956 CET | 49824 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:20.480978966 CET | 49824 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:22.496289968 CET | 49824 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:26.510926962 CET | 49824 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:34.524770975 CET | 49824 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:41.571574926 CET | 49827 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:42.585546017 CET | 49827 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:44.600801945 CET | 49827 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:48.615540981 CET | 49827 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:22:56.629332066 CET | 49827 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:03.661417007 CET | 49830 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:04.674488068 CET | 49830 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:06.689634085 CET | 49830 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:10.704372883 CET | 49830 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:18.718188047 CET | 49830 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:25.750206947 CET | 49831 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:26.747689962 CET | 49831 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:28.762836933 CET | 49831 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:32.777592897 CET | 49831 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:40.791372061 CET | 49831 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:47.835553885 CET | 49835 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:48.836481094 CET | 49835 | 6111 | 192.168.11.20 | 124.82.81.98 |
Nov 24, 2021 21:23:50.851612091 CET | 49835 | 6111 | 192.168.11.20 | 124.82.81.98 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 24, 2021 21:15:56.838493109 CET | 65394 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 24, 2021 21:15:57.603185892 CET | 63507 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 24, 2021 21:16:03.931648970 CET | 54993 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 24, 2021 21:16:03.943231106 CET | 53 | 54993 | 1.1.1.1 | 192.168.11.20 |
Nov 24, 2021 21:17:10.207977057 CET | 61388 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 24, 2021 21:17:10.219978094 CET | 53 | 61388 | 1.1.1.1 | 192.168.11.20 |
Nov 24, 2021 21:18:16.474395037 CET | 56392 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 24, 2021 21:18:16.486809015 CET | 53 | 56392 | 1.1.1.1 | 192.168.11.20 |
Nov 24, 2021 21:19:22.741189957 CET | 53851 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 24, 2021 21:19:22.754076958 CET | 53 | 53851 | 1.1.1.1 | 192.168.11.20 |
Nov 24, 2021 21:20:29.023251057 CET | 57069 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 24, 2021 21:20:29.035139084 CET | 53 | 57069 | 1.1.1.1 | 192.168.11.20 |
Nov 24, 2021 21:21:35.289797068 CET | 50763 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 24, 2021 21:21:35.301983118 CET | 53 | 50763 | 1.1.1.1 | 192.168.11.20 |
Nov 24, 2021 21:22:41.556521893 CET | 62805 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 24, 2021 21:22:41.570485115 CET | 53 | 62805 | 1.1.1.1 | 192.168.11.20 |
Nov 24, 2021 21:23:47.822930098 CET | 63500 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 24, 2021 21:23:47.834671021 CET | 53 | 63500 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 24, 2021 21:15:56.838493109 CET | 192.168.11.20 | 1.1.1.1 | 0x7c5f | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 24, 2021 21:15:57.603185892 CET | 192.168.11.20 | 1.1.1.1 | 0xb6f5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 24, 2021 21:16:03.931648970 CET | 192.168.11.20 | 1.1.1.1 | 0xcd2c | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 24, 2021 21:17:10.207977057 CET | 192.168.11.20 | 1.1.1.1 | 0xf8f8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 24, 2021 21:18:16.474395037 CET | 192.168.11.20 | 1.1.1.1 | 0x77ac | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 24, 2021 21:19:22.741189957 CET | 192.168.11.20 | 1.1.1.1 | 0x6f48 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 24, 2021 21:20:29.023251057 CET | 192.168.11.20 | 1.1.1.1 | 0x5463 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 24, 2021 21:21:35.289797068 CET | 192.168.11.20 | 1.1.1.1 | 0x2889 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 24, 2021 21:22:41.556521893 CET | 192.168.11.20 | 1.1.1.1 | 0xdd45 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 24, 2021 21:23:47.822930098 CET | 192.168.11.20 | 1.1.1.1 | 0x4b0f | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 24, 2021 21:15:56.848558903 CET | 1.1.1.1 | 192.168.11.20 | 0x7c5f | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Nov 24, 2021 21:15:57.780812979 CET | 1.1.1.1 | 192.168.11.20 | 0xb6f5 | No error (0) | bn-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 24, 2021 21:15:57.780812979 CET | 1.1.1.1 | 192.168.11.20 | 0xb6f5 | No error (0) | odc-bn-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Nov 24, 2021 21:16:03.943231106 CET | 1.1.1.1 | 192.168.11.20 | 0xcd2c | No error (0) | 124.82.81.98 | A (IP address) | IN (0x0001) | ||
Nov 24, 2021 21:17:10.219978094 CET | 1.1.1.1 | 192.168.11.20 | 0xf8f8 | No error (0) | 124.82.81.98 | A (IP address) | IN (0x0001) | ||
Nov 24, 2021 21:18:16.486809015 CET | 1.1.1.1 | 192.168.11.20 | 0x77ac | No error (0) | 124.82.81.98 | A (IP address) | IN (0x0001) | ||
Nov 24, 2021 21:19:22.754076958 CET | 1.1.1.1 | 192.168.11.20 | 0x6f48 | No error (0) | 124.82.81.98 | A (IP address) | IN (0x0001) | ||
Nov 24, 2021 21:20:29.035139084 CET | 1.1.1.1 | 192.168.11.20 | 0x5463 | No error (0) | 124.82.81.98 | A (IP address) | IN (0x0001) | ||
Nov 24, 2021 21:21:35.301983118 CET | 1.1.1.1 | 192.168.11.20 | 0x2889 | No error (0) | 124.82.81.98 | A (IP address) | IN (0x0001) | ||
Nov 24, 2021 21:22:41.570485115 CET | 1.1.1.1 | 192.168.11.20 | 0xdd45 | No error (0) | 124.82.81.98 | A (IP address) | IN (0x0001) | ||
Nov 24, 2021 21:23:47.834671021 CET | 1.1.1.1 | 192.168.11.20 | 0x4b0f | No error (0) | 124.82.81.98 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 21:15:22 |
Start date: | 24/11/2021 |
Path: | C:\Users\user\Desktop\Hong Tak Engineering SB Payment Receipt 241121_PDF.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 128816 bytes |
MD5 hash: | B2E24BC0F1F55F2AC9D8034098DFE32F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 21:15:37 |
Start date: | 24/11/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc60000 |
File size: | 480256 bytes |
MD5 hash: | 7871873BABCEA94FBA13900B561C7C55 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DB5A0, Relevance: 1.9, APIs: 1, Instructions: 432fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DB5AB, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D896B, Relevance: 1.6, APIs: 1, Instructions: 66nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DF872, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DAD16, Relevance: 1.5, APIs: 1, Instructions: 7libraryCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D11B1, Relevance: .2, Instructions: 249COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D11F3, Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D1272, Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418020, Relevance: 210.8, APIs: 110, Strings: 10, Instructions: 806COMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418B70, Relevance: 103.7, APIs: 53, Strings: 6, Instructions: 432COMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DCB17, Relevance: 1.6, APIs: 1, Instructions: 120COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D0E43, Relevance: 1.6, APIs: 1, Instructions: 119COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DC7F0, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D69D9, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D0227, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DB62E, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DB60F, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DB672, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D2987, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DB6F6, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D97CE, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DB738, Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D980F, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DB794, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D9853, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 022DEA2B, Relevance: 3.0, Strings: 2, Instructions: 505COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D6F34, Relevance: 2.6, Strings: 2, Instructions: 129COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D6FF3, Relevance: 2.6, Strings: 2, Instructions: 127COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D41C0, Relevance: 2.6, Strings: 2, Instructions: 113COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D41F7, Relevance: 2.6, Strings: 2, Instructions: 98COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DDF39, Relevance: 1.5, Strings: 1, Instructions: 252COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D47EF, Relevance: 1.5, Strings: 1, Instructions: 207COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D481B, Relevance: 1.5, Strings: 1, Instructions: 204COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D4967, Relevance: 1.4, Strings: 1, Instructions: 192COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D48C3, Relevance: 1.4, Strings: 1, Instructions: 188COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D495D, Relevance: 1.4, Strings: 1, Instructions: 177COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DDF44, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DDF76, Relevance: 1.4, Strings: 1, Instructions: 150COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DDFA4, Relevance: 1.4, Strings: 1, Instructions: 147COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D67AF, Relevance: 1.4, Strings: 1, Instructions: 136COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D6F0E, Relevance: 1.4, Strings: 1, Instructions: 124COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D67C6, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DF032, Relevance: 1.4, Strings: 1, Instructions: 107COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D6820, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D7093, Relevance: 1.3, Strings: 1, Instructions: 66COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D70DE, Relevance: 1.3, Strings: 1, Instructions: 63COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D7824, Relevance: .3, Instructions: 285COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D498F, Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D4933, Relevance: .2, Instructions: 171COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D8556, Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DD76D, Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D08F9, Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DB48A, Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D1E67, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D1E5C, Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D0943, Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DD108, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D4123, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022D9889, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 022DC345, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 02CF0B83, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37sleepnativeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CF0BD8, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CF0C7F, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CF0C78, Relevance: 1.6, APIs: 1, Instructions: 56nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CF0C47, Relevance: 1.6, APIs: 1, Instructions: 52nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CF0C77, Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CF0CC8, Relevance: 1.5, APIs: 1, Instructions: 45nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CF0D17, Relevance: 1.5, APIs: 1, Instructions: 42nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CF0723, Relevance: 1.6, APIs: 1, Instructions: 87threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CF07B8, Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CF0B98, Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|