Windows Analysis Report spZRMihlrkFGqYq1f.dll
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Emotet |
---|
{"C2 list": ["51.178.61.60:443", "168.197.250.14:80", "45.79.33.48:8080", "196.44.98.190:8080", "177.72.80.14:7080", "51.210.242.234:8080", "185.148.169.10:8080", "142.4.219.173:8080", "78.47.204.80:443", "78.46.73.125:443", "37.44.244.177:8080", "37.59.209.141:8080", "191.252.103.16:80", "54.38.242.185:443", "85.214.67.203:8080", "54.37.228.122:443", "207.148.81.119:8080", "195.77.239.39:8080", "66.42.57.149:443", "195.154.146.35:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 29 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 46 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Emotet RunDLL32 Process Creation | Show sources |
Source: | Author: FPT.EagleEye: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 2_2_1002592C | |
Source: | Code function: | 2_2_1002F3E9 | |
Source: | Code function: | 7_2_049E1A80 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: |
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 7_2_049F1027 |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 2_2_10014B67 | |
Source: | Code function: | 2_2_1002C51C |
E-Banking Fraud: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Source: | Static PE information: |
Source: | File deleted: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 2_2_1003F030 | |
Source: | Code function: | 2_2_1003D322 | |
Source: | Code function: | 2_2_100104FC | |
Source: | Code function: | 2_2_1003B57C | |
Source: | Code function: | 2_2_1004C668 | |
Source: | Code function: | 2_2_10040E8A | |
Source: | Code function: | 3_2_02D7CAA8 | |
Source: | Code function: | 3_2_02D6441E | |
Source: | Code function: | 3_2_02D743B3 | |
Source: | Code function: | 3_2_02D7CCD4 | |
Source: | Code function: | 3_2_02D77ED1 | |
Source: | Code function: | 3_2_02D70ADE | |
Source: | Code function: | 3_2_02D808D1 | |
Source: | Code function: | 3_2_02D7BEC9 | |
Source: | Code function: | 3_2_02D630F6 | |
Source: | Code function: | 3_2_02D7DEF4 | |
Source: | Code function: | 3_2_02D7ECE3 | |
Source: | Code function: | 3_2_02D7AEEB | |
Source: | Code function: | 3_2_02D6AC95 | |
Source: | Code function: | 3_2_02D7D091 | |
Source: | Code function: | 3_2_02D63C91 | |
Source: | Code function: | 3_2_02D7AC9B | |
Source: | Code function: | 3_2_02D67283 | |
Source: | Code function: | 3_2_02D6CC8D | |
Source: | Code function: | 3_2_02D74E8A | |
Source: | Code function: | 3_2_02D7748A | |
Source: | Code function: | 3_2_02D80687 | |
Source: | Code function: | 3_2_02D65AB2 | |
Source: | Code function: | 3_2_02D798BD | |
Source: | Code function: | 3_2_02D790BA | |
Source: | Code function: | 3_2_02D7D6A7 | |
Source: | Code function: | 3_2_02D778A5 | |
Source: | Code function: | 3_2_02D6FEA0 | |
Source: | Code function: | 3_2_02D744AA | |
Source: | Code function: | 3_2_02D69A57 | |
Source: | Code function: | 3_2_02D62654 | |
Source: | Code function: | 3_2_02D62A46 | |
Source: | Code function: | 3_2_02D63845 | |
Source: | Code function: | 3_2_02D62043 | |
Source: | Code function: | 3_2_02D7E441 | |
Source: | Code function: | 3_2_02D6A048 | |
Source: | Code function: | 3_2_02D61C76 | |
Source: | Code function: | 3_2_02D7406E | |
Source: | Code function: | 3_2_02D71C10 | |
Source: | Code function: | 3_2_02D6F41F | |
Source: | Code function: | 3_2_02D6E21C | |
Source: | Code function: | 3_2_02D64C00 | |
Source: | Code function: | 3_2_02D61A0A | |
Source: | Code function: | 3_2_02D6220A | |
Source: | Code function: | 3_2_02D68C09 | |
Source: | Code function: | 3_2_02D81A3C | |
Source: | Code function: | 3_2_02D7F83F | |
Source: | Code function: | 3_2_02D6EC27 | |
Source: | Code function: | 3_2_02D69E22 | |
Source: | Code function: | 3_2_02D6D223 | |
Source: | Code function: | 3_2_02D75220 | |
Source: | Code function: | 3_2_02D6A3DF | |
Source: | Code function: | 3_2_02D66FC4 | |
Source: | Code function: | 3_2_02D825C3 | |
Source: | Code function: | 3_2_02D6C5FE | |
Source: | Code function: | 3_2_02D803F1 | |
Source: | Code function: | 3_2_02D7BFE8 | |
Source: | Code function: | 3_2_02D7B397 | |
Source: | Code function: | 3_2_02D6FD91 | |
Source: | Code function: | 3_2_02D81193 | |
Source: | Code function: | 3_2_02D7D99A | |
Source: | Code function: | 3_2_02D69384 | |
Source: | Code function: | 3_2_02D64F8E | |
Source: | Code function: | 3_2_02D6758F | |
Source: | Code function: | 3_2_02D74D8D | |
Source: | Code function: | 3_2_02D6BFB6 | |
Source: | Code function: | 3_2_02D7B1B5 | |
Source: | Code function: | 3_2_02D77BB2 | |
Source: | Code function: | 3_2_02D72FA2 | |
Source: | Code function: | 3_2_02D79DA1 | |
Source: | Code function: | 3_2_02D74BAA | |
Source: | Code function: | 3_2_02D63F5C | |
Source: | Code function: | 3_2_02D6C158 | |
Source: | Code function: | 3_2_02D63345 | |
Source: | Code function: | 3_2_02D7F14D | |
Source: | Code function: | 3_2_02D81343 | |
Source: | Code function: | 3_2_02D7577E | |
Source: | Code function: | 3_2_02D71F6B | |
Source: | Code function: | 3_2_02D7056A | |
Source: | Code function: | 3_2_02D7FD10 | |
Source: | Code function: | 3_2_02D6251C | |
Source: | Code function: | 3_2_02D63502 | |
Source: | Code function: | 3_2_02D62309 | |
Source: | Code function: | 3_2_02D80B34 | |
Source: | Code function: | 3_2_02D8292B | |
Source: | Code function: | 3_2_02D66B25 | |
Source: | Code function: | 3_2_02D65923 | |
Source: | Code function: | 6_2_044A441E | |
Source: | Code function: | 6_2_044BCAA8 | |
Source: | Code function: | 6_2_044B43B3 | |
Source: | Code function: | 6_2_044AA048 | |
Source: | Code function: | 6_2_044A2043 | |
Source: | Code function: | 6_2_044BE441 | |
Source: | Code function: | 6_2_044A2A46 | |
Source: | Code function: | 6_2_044A3845 | |
Source: | Code function: | 6_2_044A9A57 | |
Source: | Code function: | 6_2_044A2654 | |
Source: | Code function: | 6_2_044B406E | |
Source: | Code function: | 6_2_044A1C76 | |
Source: | Code function: | 6_2_044A1A0A | |
Source: | Code function: | 6_2_044A220A | |
Source: | Code function: | 6_2_044A8C09 | |
Source: | Code function: | 6_2_044A4C00 | |
Source: | Code function: | 6_2_044AF41F | |
Source: | Code function: | 6_2_044AE21C | |
Source: | Code function: | 6_2_044B1C10 | |
Source: | Code function: | 6_2_044A9E22 | |
Source: | Code function: | 6_2_044AD223 | |
Source: | Code function: | 6_2_044B5220 | |
Source: | Code function: | 6_2_044AEC27 | |
Source: | Code function: | 6_2_044C1A3C | |
Source: | Code function: | 6_2_044BF83F | |
Source: | Code function: | 6_2_044BBEC9 | |
Source: | Code function: | 6_2_044B0ADE | |
Source: | Code function: | 6_2_044B7ED1 | |
Source: | Code function: | 6_2_044C08D1 | |
Source: | Code function: | 6_2_044BCCD4 | |
Source: | Code function: | 6_2_044BAEEB | |
Source: | Code function: | 6_2_044BECE3 | |
Source: | Code function: | 6_2_044A30F6 | |
Source: | Code function: | 6_2_044BDEF4 | |
Source: | Code function: | 6_2_044B4E8A | |
Source: | Code function: | 6_2_044B748A | |
Source: | Code function: | 6_2_044ACC8D | |
Source: | Code function: | 6_2_044A7283 | |
Source: | Code function: | 6_2_044C0687 | |
Source: | Code function: | 6_2_044BAC9B | |
Source: | Code function: | 6_2_044BD091 | |
Source: | Code function: | 6_2_044A3C91 | |
Source: | Code function: | 6_2_044AAC95 | |
Source: | Code function: | 6_2_044B44AA | |
Source: | Code function: | 6_2_044AFEA0 | |
Source: | Code function: | 6_2_044BD6A7 | |
Source: | Code function: | 6_2_044B78A5 | |
Source: | Code function: | 6_2_044B90BA | |
Source: | Code function: | 6_2_044B98BD | |
Source: | Code function: | 6_2_044A5AB2 | |
Source: | Code function: | 6_2_044BF14D | |
Source: | Code function: | 6_2_044A3345 | |
Source: | Code function: | 6_2_044C1343 | |
Source: | Code function: | 6_2_044AC158 | |
Source: | Code function: | 6_2_044A3F5C | |
Source: | Code function: | 6_2_044B1F6B | |
Source: | Code function: | 6_2_044B056A | |
Source: | Code function: | 6_2_044B577E | |
Source: | Code function: | 6_2_044A2309 | |
Source: | Code function: | 6_2_044A3502 | |
Source: | Code function: | 6_2_044A251C | |
Source: | Code function: | 6_2_044BFD10 | |
Source: | Code function: | 6_2_044C292B | |
Source: | Code function: | 6_2_044A5923 | |
Source: | Code function: | 6_2_044A6B25 | |
Source: | Code function: | 6_2_044C0B34 | |
Source: | Code function: | 6_2_044A6FC4 | |
Source: | Code function: | 6_2_044C25C3 | |
Source: | Code function: | 6_2_044AA3DF | |
Source: | Code function: | 6_2_044BBFE8 | |
Source: | Code function: | 6_2_044AC5FE | |
Source: | Code function: | 6_2_044C03F1 | |
Source: | Code function: | 6_2_044A4F8E | |
Source: | Code function: | 6_2_044A758F | |
Source: | Code function: | 6_2_044B4D8D | |
Source: | Code function: | 6_2_044A9384 | |
Source: | Code function: | 6_2_044BD99A | |
Source: | Code function: | 6_2_044AFD91 | |
Source: | Code function: | 6_2_044BB397 | |
Source: | Code function: | 6_2_044C1193 | |
Source: | Code function: | 6_2_044B4BAA | |
Source: | Code function: | 6_2_044B2FA2 | |
Source: | Code function: | 6_2_044B9DA1 | |
Source: | Code function: | 6_2_044B7BB2 | |
Source: | Code function: | 6_2_044ABFB6 | |
Source: | Code function: | 6_2_044BB1B5 | |
Source: | Code function: | 7_2_049DAC95 | |
Source: | Code function: | 7_2_049E748A | |
Source: | Code function: | 7_2_049D5AB2 | |
Source: | Code function: | 7_2_049E44AA | |
Source: | Code function: | 7_2_049E78A5 | |
Source: | Code function: | 7_2_049F08D1 | |
Source: | Code function: | 7_2_049E7ED1 | |
Source: | Code function: | 7_2_049EDEF4 | |
Source: | Code function: | 7_2_049D30F6 | |
Source: | Code function: | 7_2_049EECE3 | |
Source: | Code function: | 7_2_049D441E | |
Source: | Code function: | 7_2_049D220A | |
Source: | Code function: | 7_2_049EF83F | |
Source: | Code function: | 7_2_049DEC27 | |
Source: | Code function: | 7_2_049E5220 | |
Source: | Code function: | 7_2_049D3845 | |
Source: | Code function: | 7_2_049D2043 | |
Source: | Code function: | 7_2_049D758F | |
Source: | Code function: | 7_2_049D9384 | |
Source: | Code function: | 7_2_049DBFB6 | |
Source: | Code function: | 7_2_049E4BAA | |
Source: | Code function: | 7_2_049E2FA2 | |
Source: | Code function: | 7_2_049D6FC4 | |
Source: | Code function: | 7_2_049DC5FE | |
Source: | Code function: | 7_2_049D55E8 | |
Source: | Code function: | 7_2_049F0B34 | |
Source: | Code function: | 7_2_049EAC9B | |
Source: | Code function: | 7_2_049D3C91 | |
Source: | Code function: | 7_2_049ED091 | |
Source: | Code function: | 7_2_049DCC8D | |
Source: | Code function: | 7_2_049E4E8A | |
Source: | Code function: | 7_2_049F0687 | |
Source: | Code function: | 7_2_049D7283 | |
Source: | Code function: | 7_2_049E98BD | |
Source: | Code function: | 7_2_049E90BA | |
Source: | Code function: | 7_2_049DDAAE | |
Source: | Code function: | 7_2_049ECAA8 | |
Source: | Code function: | 7_2_049ED6A7 | |
Source: | Code function: | 7_2_049DFEA0 | |
Source: | Code function: | 7_2_049E0ADE | |
Source: | Code function: | 7_2_049ECCD4 | |
Source: | Code function: | 7_2_049EBEC9 | |
Source: | Code function: | 7_2_049EA8F0 | |
Source: | Code function: | 7_2_049EAEEB | |
Source: | Code function: | 7_2_049DE21C | |
Source: | Code function: | 7_2_049DF41F | |
Source: | Code function: | 7_2_049E1C10 | |
Source: | Code function: | 7_2_049D8C09 | |
Source: | Code function: | 7_2_049D1A0A | |
Source: | Code function: | 7_2_049D4C00 | |
Source: | Code function: | 7_2_049F1A3C | |
Source: | Code function: | 7_2_049DD223 | |
Source: | Code function: | 7_2_049D9E22 | |
Source: | Code function: | 7_2_049D2654 | |
Source: | Code function: | 7_2_049D9A57 | |
Source: | Code function: | 7_2_049DA048 | |
Source: | Code function: | 7_2_049D2A46 | |
Source: | Code function: | 7_2_049EE441 | |
Source: | Code function: | 7_2_049D1C76 | |
Source: | Code function: | 7_2_049E406E | |
Source: | Code function: | 7_2_049ED99A | |
Source: | Code function: | 7_2_049EB397 | |
Source: | Code function: | 7_2_049DFD91 | |
Source: | Code function: | 7_2_049F1193 | |
Source: | Code function: | 7_2_049E4D8D | |
Source: | Code function: | 7_2_049D4F8E | |
Source: | Code function: | 7_2_049EB1B5 | |
Source: | Code function: | 7_2_049E7BB2 | |
Source: | Code function: | 7_2_049E43B3 | |
Source: | Code function: | 7_2_049E9DA1 | |
Source: | Code function: | 7_2_049DA3DF | |
Source: | Code function: | 7_2_049F25C3 | |
Source: | Code function: | 7_2_049F03F1 | |
Source: | Code function: | 7_2_049EBFE8 | |
Source: | Code function: | 7_2_049D251C | |
Source: | Code function: | 7_2_049EFD10 | |
Source: | Code function: | 7_2_049D2309 | |
Source: | Code function: | 7_2_049D3502 | |
Source: | Code function: | 7_2_049F292B | |
Source: | Code function: | 7_2_049D6B25 | |
Source: | Code function: | 7_2_049D5923 | |
Source: | Code function: | 7_2_049D3F5C | |
Source: | Code function: | 7_2_049DC158 | |
Source: | Code function: | 7_2_049EF14D | |
Source: | Code function: | 7_2_049D3345 | |
Source: | Code function: | 7_2_049F1343 | |
Source: | Code function: | 7_2_049E577E | |
Source: | Code function: | 7_2_049E056A | |
Source: | Code function: | 7_2_049E1F6B |
Source: | Code function: | ||
Source: | Code function: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Code function: | 2_2_1003A742 |
Source: | Code function: | 7_2_049E1B54 |
Source: | Process created: |
Source: | Code function: | 2_2_1000A0F4 |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 2_2_1003F3A8 | |
Source: | Code function: | 2_2_1003EF34 | |
Source: | Code function: | 3_2_02D6129A | |
Source: | Code function: | 6_2_044A129A | |
Source: | Code function: | 7_2_049D129A |
Source: | Code function: | 2_2_1004BC7A |
Source: | Static PE information: |
Source: | PE file moved: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 2_2_1000BD3C | |
Source: | Code function: | 2_2_10022F30 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Evasive API call chain: | graph_2-20528 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | API coverage: |
Source: | Code function: | 2_2_1003A2F3 |
Source: | Code function: | 2_2_1002592C | |
Source: | Code function: | 2_2_1002F3E9 | |
Source: | Code function: | 7_2_049E1A80 |
Source: | API call chain: | graph_2-20529 | ||
Source: | API call chain: | graph_2-20068 |
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_10041482 |
Source: | Code function: | 2_2_1004BC7A |
Source: | Code function: | 2_2_1003D032 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 3_2_02D7DE10 | |
Source: | Code function: | 6_2_044BDE10 | |
Source: | Code function: | 7_2_049EDE10 |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_1004A43B | |
Source: | Code function: | 2_2_10041482 | |
Source: | Code function: | 2_2_10039F21 |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_10026ADC | |
Source: | Code function: | 2_2_1004D563 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_10048EDF |
Source: | Code function: | 2_2_10045F08 |
Source: | Code function: | 2_2_1003D032 |
Stealing of Sensitive Information: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 2_2_1000B92A |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Native API2 | Path Interception | Process Injection112 | Masquerading2 | Input Capture1 | System Time Discovery2 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion2 | LSASS Memory | Security Software Discovery31 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Virtualization/Sandbox Evasion2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol12 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information2 | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Rundll321 | DCSync | File and Directory Discovery2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | File Deletion1 | Proc Filesystem | System Information Discovery27 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
70% | Virustotal | Browse | ||
43% | Metadefender | Browse | ||
57% | ReversingLabs | Win32.Trojan.Mansabo |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
207.148.81.119 | unknown | United States | 20473 | AS-CHOOPAUS | true | |
196.44.98.190 | unknown | Ghana | 327814 | EcobandGH | true | |
78.46.73.125 | unknown | Germany | 24940 | HETZNER-ASDE | true | |
37.59.209.141 | unknown | France | 16276 | OVHFR | true | |
85.214.67.203 | unknown | Germany | 6724 | STRATOSTRATOAGDE | true | |
191.252.103.16 | unknown | Brazil | 27715 | LocawebServicosdeInternetSABR | true | |
45.79.33.48 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
54.37.228.122 | unknown | France | 16276 | OVHFR | true | |
185.148.169.10 | unknown | Germany | 44780 | EVERSCALE-ASDE | true | |
142.4.219.173 | unknown | Canada | 16276 | OVHFR | true | |
54.38.242.185 | unknown | France | 16276 | OVHFR | true | |
195.154.146.35 | unknown | France | 12876 | OnlineSASFR | true | |
195.77.239.39 | unknown | Spain | 60493 | FICOSA-ASES | true | |
78.47.204.80 | unknown | Germany | 24940 | HETZNER-ASDE | true | |
168.197.250.14 | unknown | Argentina | 264776 | OmarAnselmoRipollTDCNETAR | true | |
51.178.61.60 | unknown | France | 16276 | OVHFR | true | |
177.72.80.14 | unknown | Brazil | 262543 | NewLifeFibraBR | true | |
66.42.57.149 | unknown | United States | 20473 | AS-CHOOPAUS | true | |
37.44.244.177 | unknown | Germany | 47583 | AS-HOSTINGERLT | true | |
51.210.242.234 | unknown | France | 16276 | OVHFR | true |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 531996 |
Start date: | 01.12.2021 |
Start time: | 16:24:54 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | spZRMihlrkFGqYq1f.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 23 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.troj.evad.winDLL@17/0@0/20 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
207.148.81.119 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
196.44.98.190 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AS-CHOOPAUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
EcobandGH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
51c64c77e60f3980eea90869b68c58a8 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.7859159976425 |
TrID: |
|
File name: | spZRMihlrkFGqYq1f.dll |
File size: | 712704 |
MD5: | 9f4fa905fd685d28c4ff28f24ad224a1 |
SHA1: | e186e0869276d3af6465d7c754b22527c7ac2ced |
SHA256: | 808e8247efd685bdbae3ea0e55de1e8ed8aecd1359a213b0c6291b73f007fdaf |
SHA512: | d8c33eb38fe54e40d463f20b6091c88863f0fadc70382ad826d7c33e61d696af614e9ba8c73f84d4e13fb141289d5bd978451a5565f61e869a054a837fdef5e0 |
SSDEEP: | 12288:WKEUkuAOLka1miSmuYr1V7nAobS3qTHPR101D:TEQLka1nBVDAoS3WvR |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y.V.8...8...8..I7...8..I7...8...8...:.......8.......8......48.......8.......8.......8.......8..Rich.8..........PE..L...(..a... |
File Icon |
---|
Icon Hash: | be71f1aca0b8c0c4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1003d301 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | |
Time Stamp: | 0x61A0C528 [Fri Nov 26 11:29:44 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | d8c52655a835ecb2c6fea489c7c7674b |
Entrypoint Preview |
---|
Instruction |
---|
cmp dword ptr [esp+08h], 01h |
jne 00007F68D4C0C6E7h |
call 00007F68D4C182B7h |
push dword ptr [esp+04h] |
mov ecx, dword ptr [esp+10h] |
mov edx, dword ptr [esp+0Ch] |
call 00007F68D4C0C5D2h |
pop ecx |
retn 000Ch |
push ebp |
mov ebp, esp |
push esi |
push edi |
mov edi, dword ptr [ebp+10h] |
mov eax, edi |
sub eax, 00000000h |
je 00007F68D4C0DCCBh |
dec eax |
je 00007F68D4C0DCB3h |
dec eax |
je 00007F68D4C0DC7Eh |
dec eax |
je 00007F68D4C0DC2Fh |
dec eax |
je 00007F68D4C0DB9Fh |
mov ecx, dword ptr [ebp+0Ch] |
mov eax, dword ptr [ebp+08h] |
push ebx |
push 00000020h |
pop edx |
jmp 00007F68D4C0CB57h |
mov esi, dword ptr [eax] |
cmp esi, dword ptr [ecx] |
je 00007F68D4C0C75Eh |
movzx esi, byte ptr [eax] |
movzx ebx, byte ptr [ecx] |
sub esi, ebx |
je 00007F68D4C0C6F7h |
xor ebx, ebx |
test esi, esi |
setnle bl |
lea ebx, dword ptr [ebx+ebx-01h] |
mov esi, ebx |
test esi, esi |
jne 00007F68D4C0CB4Fh |
movzx esi, byte ptr [eax+01h] |
movzx ebx, byte ptr [ecx+01h] |
sub esi, ebx |
je 00007F68D4C0C6F7h |
xor ebx, ebx |
test esi, esi |
setnle bl |
lea ebx, dword ptr [ebx+ebx-01h] |
mov esi, ebx |
test esi, esi |
jne 00007F68D4C0CB2Eh |
movzx esi, byte ptr [eax+02h] |
movzx ebx, byte ptr [ecx+02h] |
sub esi, ebx |
je 00007F68D4C0C6F7h |
xor ebx, ebx |
test esi, esi |
setnle bl |
lea ebx, dword ptr [ebx+ebx-01h] |
mov esi, ebx |
test esi, esi |
jne 00007F68D4C0CB0Dh |
movzx eax, byte ptr [eax] |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x70890 | 0x4e | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x6dec8 | 0xf0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9c000 | 0x9af8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa6000 | 0x767c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x63558 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x58000 | 0x7d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x6de40 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x566b7 | 0x57000 | False | 0.574984846444 | data | 6.6363911364 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x58000 | 0x188de | 0x19000 | False | 0.30236328125 | data | 4.88012998463 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x71000 | 0x2a254 | 0x27000 | False | 0.931434044471 | data | 7.84888321435 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x9c000 | 0x9af8 | 0xa000 | False | 0.241723632813 | data | 3.85640321845 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa6000 | 0xbd48 | 0xc000 | False | 0.347106933594 | data | 4.87718770475 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_CURSOR | 0x9d780 | 0x134 | data | English | United States |
RT_CURSOR | 0x9d8b4 | 0xb4 | data | English | United States |
RT_CURSOR | 0x9d968 | 0x134 | data | English | United States |
RT_CURSOR | 0x9da9c | 0xb4 | data | English | United States |
RT_CURSOR | 0x9db50 | 0x134 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x9dc84 | 0xb4 | data | English | United States |
RT_CURSOR | 0x9dd38 | 0x134 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x9de6c | 0xb4 | data | English | United States |
RT_CURSOR | 0x9df20 | 0x134 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x9e054 | 0xb4 | data | English | United States |
RT_CURSOR | 0x9e108 | 0x200 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x9e308 | 0xb4 | data | English | United States |
RT_CURSOR | 0x9e3bc | 0x200 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x9e5bc | 0xb4 | data | English | United States |
RT_CURSOR | 0x9e670 | 0x200 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x9e870 | 0xb4 | data | English | United States |
RT_CURSOR | 0x9e924 | 0x200 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x9eb24 | 0xb4 | data | English | United States |
RT_CURSOR | 0x9ebd8 | 0x134 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x9ed0c | 0xb4 | data | English | United States |
RT_CURSOR | 0x9edc0 | 0x134 | data | English | United States |
RT_CURSOR | 0x9eef4 | 0xb4 | data | English | United States |
RT_CURSOR | 0x9efa8 | 0x134 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x9f0dc | 0x134 | data | English | United States |
RT_CURSOR | 0x9f210 | 0x134 | data | English | United States |
RT_CURSOR | 0x9f344 | 0x134 | data | English | United States |
RT_CURSOR | 0x9f478 | 0x134 | data | English | United States |
RT_CURSOR | 0x9f5ac | 0x134 | data | English | United States |
RT_CURSOR | 0x9f6e0 | 0x134 | data | English | United States |
RT_CURSOR | 0x9f814 | 0x134 | data | English | United States |
RT_CURSOR | 0x9f948 | 0x134 | data | English | United States |
RT_CURSOR | 0x9fa7c | 0x134 | data | English | United States |
RT_CURSOR | 0x9fbb0 | 0x134 | AmigaOS bitmap font | English | United States |
RT_CURSOR | 0x9fce4 | 0x134 | data | English | United States |
RT_CURSOR | 0x9fe18 | 0x134 | data | English | United States |
RT_CURSOR | 0x9ff4c | 0x134 | data | English | United States |
RT_CURSOR | 0xa0080 | 0x134 | data | English | United States |
RT_CURSOR | 0xa01b4 | 0xb4 | data | English | United States |
RT_BITMAP | 0xa0268 | 0x4a0 | data | English | United States |
RT_BITMAP | 0xa0708 | 0x2c0 | data | English | United States |
RT_BITMAP | 0xa09c8 | 0xb8 | data | English | United States |
RT_BITMAP | 0xa0a80 | 0x144 | data | English | United States |
RT_ICON | 0xa0bc4 | 0x2e8 | data | English | United States |
RT_ICON | 0xa0eac | 0x2e8 | data | English | United States |
RT_MENU | 0xa1194 | 0x15c | data | English | United States |
RT_MENU | 0xa12f0 | 0x42e | data | English | United States |
RT_MENU | 0xa1720 | 0x25c | data | English | United States |
RT_MENU | 0xa197c | 0x478 | data | English | United States |
RT_DIALOG | 0xa1df4 | 0x1da | data | English | United States |
RT_DIALOG | 0xa1fd0 | 0x3ea | data | English | United States |
RT_DIALOG | 0xa23bc | 0x250 | data | English | United States |
RT_DIALOG | 0xa260c | 0xd2 | data | English | United States |
RT_DIALOG | 0xa26e0 | 0xe8 | data | English | United States |
RT_DIALOG | 0xa27c8 | 0x1a2 | data | English | United States |
RT_DIALOG | 0xa296c | 0x15a | data | English | United States |
RT_DIALOG | 0xa2ac8 | 0x34 | data | English | United States |
RT_STRING | 0xa2afc | 0x102 | data | English | United States |
RT_STRING | 0xa2c00 | 0x124 | data | English | United States |
RT_STRING | 0xa2d24 | 0xd8 | data | English | United States |
RT_STRING | 0xa2dfc | 0x7c | data | English | United States |
RT_STRING | 0xa2e78 | 0xaa | data | English | United States |
RT_STRING | 0xa2f24 | 0x8c | data | English | United States |
RT_STRING | 0xa2fb0 | 0xa2 | data | English | United States |
RT_STRING | 0xa3054 | 0x1d2 | data | English | United States |
RT_STRING | 0xa3228 | 0xb0 | data | English | United States |
RT_STRING | 0xa32d8 | 0x23e | data | English | United States |
RT_STRING | 0xa3518 | 0x100 | data | English | United States |
RT_STRING | 0xa3618 | 0x220 | data | English | United States |
RT_STRING | 0xa3838 | 0x46 | data | English | United States |
RT_STRING | 0xa3880 | 0x86 | data | English | United States |
RT_STRING | 0xa3908 | 0x1ac | data | English | United States |
RT_STRING | 0xa3ab4 | 0xae | data | English | United States |
RT_STRING | 0xa3b64 | 0xca | data | English | United States |
RT_STRING | 0xa3c30 | 0x2a | data | English | United States |
RT_STRING | 0xa3c5c | 0x192 | data | English | United States |
RT_STRING | 0xa3df0 | 0x124 | data | English | United States |
RT_STRING | 0xa3f14 | 0x5e | data | English | United States |
RT_STRING | 0xa3f74 | 0x4a | data | English | United States |
RT_STRING | 0xa3fc0 | 0x4e2 | data | English | United States |
RT_STRING | 0xa44a4 | 0x31a | data | English | United States |
RT_STRING | 0xa47c0 | 0x2dc | data | English | United States |
RT_STRING | 0xa4a9c | 0x8a | data | English | United States |
RT_STRING | 0xa4b28 | 0x32e | data | English | United States |
RT_STRING | 0xa4e58 | 0xde | data | English | United States |
RT_STRING | 0xa4f38 | 0x4c4 | data | English | United States |
RT_STRING | 0xa53fc | 0x264 | data | English | United States |
RT_STRING | 0xa5660 | 0x2c | data | English | United States |
RT_STRING | 0xa568c | 0x42 | data | English | United States |
RT_ACCELERATOR | 0xa56d0 | 0x78 | data | English | United States |
RT_ACCELERATOR | 0xa5748 | 0x50 | data | English | United States |
RT_ACCELERATOR | 0xa5798 | 0x18 | data | English | United States |
RT_GROUP_CURSOR | 0xa57b0 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa57d4 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa57f8 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa581c | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa5840 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa5864 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa5888 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa58ac | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa58d0 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa58f4 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa5918 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa593c | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States |
RT_GROUP_CURSOR | 0xa5960 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa5974 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa5988 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa599c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa59b0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa59c4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa59d8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa59ec | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa5a00 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa5a14 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa5a28 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa5a3c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa5a50 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xa5a64 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_ICON | 0xa5a78 | 0x14 | data | English | United States |
RT_GROUP_ICON | 0xa5a8c | 0x14 | data | English | United States |
RT_MANIFEST | 0xa5aa0 | 0x56 | ASCII text, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | RaiseException, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapDestroy, HeapCreate, VirtualFree, Sleep, GetStdHandle, GetACP, GetTimeZoneInformation, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, RtlUnwind, GetStringTypeW, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, LCMapStringA, LCMapStringW, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, GetProcessHeap, GetCommandLineA, GetDateFormatA, GetTimeFormatA, GetSystemTimeAsFileTime, HeapReAlloc, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, HeapAlloc, HeapFree, GetCurrentDirectoryA, GetShortPathNameA, GetVolumeInformationA, GetCurrentProcess, DuplicateHandle, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, DeleteFileA, MoveFileA, GetProfileIntA, GetOEMCP, GetCPInfo, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, GetThreadLocale, GlobalFlags, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, GetFileSize, CreateFileA, CloseHandle, SystemTimeToFileTime, LocalFileTimeToFileTime, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToSystemTime, GetModuleFileNameA, GetDiskFreeSpaceA, GetFullPathNameA, GetTempFileNameA, GetFileTime, SetFileTime, GetFileAttributesA, LocalAlloc, LocalLock, LocalUnlock, GetPrivateProfileStringA, WritePrivateProfileStringA, GetPrivateProfileIntA, lstrcmpA, InterlockedIncrement, GetCurrentProcessId, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpW, GetVersionExA, CopyFileA, GlobalSize, GlobalAlloc, FormatMessageA, LocalFree, FreeLibrary, InterlockedDecrement, GlobalFree, FreeResource, GlobalLock, GlobalUnlock, GetModuleHandleA, GetProcAddress, SetLastError, GetTickCount, MulDiv, lstrcpynA, LoadLibraryA, ExitProcess, GetVersion, CompareStringA, LockResource, lstrcmpiA, GetLastError, InterlockedExchange, GetStringTypeExA, lstrlenW, MultiByteToWideChar, CompareStringW, SizeofResource, WideCharToMultiByte, LoadResource, lstrlenA, FindResourceA, GlobalMemoryStatus, GetStringTypeA |
USER32.dll | SetCapture, GetDCEx, FindWindowA, SetWindowRgn, DestroyIcon, LockWindowUpdate, ShowOwnedPopups, PostQuitMessage, LoadCursorA, DestroyCursor, GetTabbedTextExtentA, MessageBeep, IsClipboardFormatAvailable, RedrawWindow, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcA, DefFrameProcA, SetParent, WindowFromDC, InSendMessage, ClipCursor, GetCursorPos, PostThreadMessageA, CreateMenu, CopyAcceleratorTableA, UnpackDDElParam, ReuseDDElParam, LoadMenuA, DestroyMenu, GetWindowThreadProcessId, SetCursor, ReleaseCapture, InsertMenuItemA, CreatePopupMenu, SetMenu, TranslateAcceleratorA, InvalidateRect, SetRectEmpty, ShowWindow, IsDialogMessageA, SetDlgItemTextA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, IsChild, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextLengthA, GetWindowTextA, GetForegroundWindow, GetLastActivePopup, DispatchMessageA, DeleteMenu, EndDeferWindowPos, GetTopWindow, GetMessageTime, GetMessagePos, PeekMessageA, MapWindowPoints, ScrollWindow, TrackPopupMenu, GetKeyState, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, ShowScrollBar, GetMenu, PostMessageA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, EqualRect, DeferWindowPos, CopyRect, GetScrollInfo, SetScrollInfo, PtInRect, SetWindowPlacement, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindow, GetMenuStringA, AppendMenuA, GetMenuItemID, InsertMenuA, GetMenuItemCount, GetSubMenu, RemoveMenu, UnhookWindowsHookEx, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, IsWindow, GetWindowLongA, EnableWindow, GetSystemMetrics, SetRect, LoadAcceleratorsA, GetDlgItem, IsWindowEnabled, GetNextDlgTabItem, EndDialog, GetSysColor, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, ScreenToClient, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, SetMenuItemBitmaps, WindowFromPoint, GetMenuItemInfoA, UnregisterClassA, GetSysColorBrush, RegisterClipboardFormatA, GetMessageA, TranslateMessage, BeginDeferWindowPos, ValidateRect, GetClientRect, DrawIcon, wsprintfA, CharUpperA, LoadIconA, FillRect, MessageBoxA, IsZoomed, SendMessageA, IsWindowVisible, IsRectEmpty, InflateRect, UpdateWindow, SetWindowTextA, SetWindowPos, ReleaseDC, CreateWindowExA, BringWindowToTop, SetWindowLongA, GetDC, GetParent, GetFocus, KillTimer, GetWindowRect, SetTimer, DestroyWindow, IsIconic, CheckMenuItem, EnableMenuItem, GetMenuState, ModifyMenuA, LoadBitmapA, GetMenuCheckMarkDimensions |
GDI32.dll | SetWindowExtEx, ScaleWindowExtEx, GetCurrentPositionEx, DeleteDC, CreatePatternBrush, CreatePen, CreateSolidBrush, CopyMetaFileA, CreateDCA, GetCharWidthA, CreateFontA, StretchDIBits, SetBrushOrgEx, CreateMetaFileA, SetWindowOrgEx, DeleteMetaFile, GetTextExtentPoint32A, DPtoLP, CreateRectRgnIndirect, SetRectRgn, CombineRgn, GetMapMode, PatBlt, GetViewportOrgEx, GetBkColor, UnrealizeObject, GetTextAlign, GetWindowOrgEx, StartPage, EndPage, SetAbortProc, AbortDoc, EndDoc, CreateEllipticRgn, LPtoDP, Ellipse, GetNearestColor, GetBkMode, GetPolyFillMode, GetROP2, GetStretchBltMode, GetTextColor, GetTextFaceA, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, StartDocA, GetPixel, BitBlt, CloseMetaFile, GetStockObject, GetViewportExtEx, CreateRectRgn, SelectClipRgn, DeleteObject, SetTextAlign, MoveToEx, LineTo, IntersectClipRect, ExcludeClipRect, GetClipBox, SetMapMode, SetTextColor, SetStretchBltMode, SetROP2, SetPolyFillMode, SetBkMode, SetBkColor, RestoreDC, SaveDC, CreateBitmap, GetDeviceCaps, CreateFontIndirectA, GetObjectA, GetTextMetricsA, StretchBlt, CreateCompatibleDC, CreateCompatibleBitmap, Rectangle, GetWindowExtEx |
comdlg32.dll | GetFileTitleA |
WINSPOOL.DRV | GetJobA, DocumentPropertiesA, OpenPrinterA, ClosePrinter |
ADVAPI32.dll | RegQueryValueA, RegEnumKeyA, GetFileSecurityA, SetFileSecurityA, RegDeleteKeyA, RegDeleteValueA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegOpenKeyA, RegSetValueA, RegCloseKey, RegCreateKeyA |
SHELL32.dll | DragFinish, DragQueryFileA, ExtractIconA, SHGetFileInfoA, DragAcceptFiles |
SHLWAPI.dll | PathRemoveExtensionA, PathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA |
oledlg.dll | |
ole32.dll | OleIsCurrentClipboard, OleFlushClipboard, CoRegisterClassObject, CoRevokeClassObject, OleUninitialize, CoFreeUnusedLibraries, OleInitialize, OleLockRunning, CoRegisterMessageFilter, OleSetClipboard, CreateFileMoniker, StgCreateDocfile, CoDisconnectObject, CreateGenericComposite, CreateItemMoniker, CreateStreamOnHGlobal, OleSaveToStream, WriteClassStm, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, CreateDataAdviseHolder, OleRegGetMiscStatus, CreateOleAdviseHolder, OleRegEnumVerbs, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, IsAccelerator, OleTranslateAccelerator, OleDuplicateData, CoTaskMemAlloc, ReleaseStgMedium, CreateBindCtx, StringFromCLSID, OleRegGetUserType, WriteClassStg, CoTaskMemFree, CoLockObjectExternal, OleRun, GetRunningObjectTable, OleIsRunning, StgIsStorageFile, StgOpenStorage |
OLEAUT32.dll | SysStringLen, SysStringByteLen, VariantClear, VariantChangeType, VariantInit, SysAllocStringLen, SysFreeString |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Control_RunDLL | 1 | 0x10003680 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
12/01/21-16:12:03.931139 | TCP | 2404336 | ET CNC Feodo Tracker Reported CnC Server TCP group 19 | 49775 | 443 | 192.168.2.4 | 51.178.61.60 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 1, 2021 16:28:26.747145891 CET | 49750 | 443 | 192.168.2.3 | 51.178.61.60 |
Dec 1, 2021 16:28:26.747189999 CET | 443 | 49750 | 51.178.61.60 | 192.168.2.3 |
Dec 1, 2021 16:28:26.747284889 CET | 49750 | 443 | 192.168.2.3 | 51.178.61.60 |
Dec 1, 2021 16:28:26.767390013 CET | 49750 | 443 | 192.168.2.3 | 51.178.61.60 |
Dec 1, 2021 16:28:26.767416000 CET | 443 | 49750 | 51.178.61.60 | 192.168.2.3 |
Dec 1, 2021 16:28:26.879385948 CET | 443 | 49750 | 51.178.61.60 | 192.168.2.3 |
Dec 1, 2021 16:28:26.879515886 CET | 49750 | 443 | 192.168.2.3 | 51.178.61.60 |
Dec 1, 2021 16:28:27.288717031 CET | 49750 | 443 | 192.168.2.3 | 51.178.61.60 |
Dec 1, 2021 16:28:27.288773060 CET | 443 | 49750 | 51.178.61.60 | 192.168.2.3 |
Dec 1, 2021 16:28:27.289160013 CET | 443 | 49750 | 51.178.61.60 | 192.168.2.3 |
Dec 1, 2021 16:28:27.292238951 CET | 49750 | 443 | 192.168.2.3 | 51.178.61.60 |
Dec 1, 2021 16:28:27.297082901 CET | 49750 | 443 | 192.168.2.3 | 51.178.61.60 |
Dec 1, 2021 16:28:27.340898037 CET | 443 | 49750 | 51.178.61.60 | 192.168.2.3 |
Dec 1, 2021 16:28:27.545439005 CET | 443 | 49750 | 51.178.61.60 | 192.168.2.3 |
Dec 1, 2021 16:28:27.545545101 CET | 443 | 49750 | 51.178.61.60 | 192.168.2.3 |
Dec 1, 2021 16:28:27.545676947 CET | 49750 | 443 | 192.168.2.3 | 51.178.61.60 |
Dec 1, 2021 16:28:27.545705080 CET | 49750 | 443 | 192.168.2.3 | 51.178.61.60 |
Dec 1, 2021 16:28:27.549904108 CET | 49750 | 443 | 192.168.2.3 | 51.178.61.60 |
Dec 1, 2021 16:28:27.549952030 CET | 443 | 49750 | 51.178.61.60 | 192.168.2.3 |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49750 | 51.178.61.60 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-01 15:28:27 UTC | 0 | OUT | |
2021-12-01 15:28:27 UTC | 0 | IN | |
2021-12-01 15:28:27 UTC | 0 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:28:14 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x300000 |
File size: | 893440 bytes |
MD5 hash: | 72FCD8FB0ADC38ED9050569AD673650E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:28:15 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd80000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:28:15 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x840000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 16:28:15 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x840000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 16:28:15 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70d6e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:28:16 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x840000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:28:16 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x840000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 16:28:17 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x840000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 16:28:36 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70d6e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:28:54 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70d6e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 16:29:05 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70d6e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 2.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 8.5% |
Total number of Nodes: | 1300 |
Total number of Limit Nodes: | 10 |
Graph
Executed Functions |
---|
Function 10003360, Relevance: 28.2, APIs: 6, Strings: 10, Instructions: 190librarymemorywindowCOMMONLIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100028F0, Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 328memorylibraryCOMMONLIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 89% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10029DCE, Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100406D8, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 25% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10039F21, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10026ADC, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10022F30, Relevance: 4.5, APIs: 3, Instructions: 39windowCOMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BD3C, Relevance: 4.5, APIs: 3, Instructions: 37COMMON
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10026DFF, Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
Control-flow Graph |
---|
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10045C4C, Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005160, Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 222windowCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BBFB, Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000DFB9, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002D785, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 132windowCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1003521E, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 98registrystringCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10034702, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 127registrywindowCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10032282, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 58windowregistryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001F340, Relevance: 18.1, APIs: 12, Instructions: 95COMMON
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002644F, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002F197, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68registryCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002BDA5, Relevance: 15.1, APIs: 10, Instructions: 96COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10029F80, Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10035404, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123registrystringCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100348E3, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107stringCOMMON
C-Code - Quality: 71% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10032191, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43windowregistryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 56% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E713, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100341AE, Relevance: 10.6, APIs: 7, Instructions: 93COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001CC22, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001BCC2, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C776, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100388CF, Relevance: 9.3, APIs: 6, Instructions: 326COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002E9D3, Relevance: 9.1, APIs: 6, Instructions: 148COMMON
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100384B3, Relevance: 9.1, APIs: 6, Instructions: 144COMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10024F9A, Relevance: 9.1, APIs: 6, Instructions: 68COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10013303, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100342AA, Relevance: 9.1, APIs: 6, Instructions: 54COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10029945, Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100298D3, Relevance: 9.0, APIs: 6, Instructions: 45COMMON
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100059F0, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002A904, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10014454, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10008846, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10008810, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002D4AD, Relevance: 7.7, APIs: 5, Instructions: 184COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10023AD4, Relevance: 7.6, APIs: 5, Instructions: 121COMMON
C-Code - Quality: 81% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100332F3, Relevance: 7.6, APIs: 5, Instructions: 110COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F1EC, Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001CA96, Relevance: 7.6, APIs: 5, Instructions: 71COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100138E7, Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000D470, Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
C-Code - Quality: 60% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100260EB, Relevance: 7.6, APIs: 5, Instructions: 67windowCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100121B1, Relevance: 7.6, APIs: 5, Instructions: 59windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100216BF, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100296F9, Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10023E91, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002526E, Relevance: 7.5, APIs: 5, Instructions: 46COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002743F, Relevance: 7.5, APIs: 5, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10039F30, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1004B82F, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005A50, Relevance: 6.2, APIs: 4, Instructions: 175COMMON
C-Code - Quality: 70% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10025B20, Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10024866, Relevance: 6.1, APIs: 4, Instructions: 115COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100382A4, Relevance: 6.1, APIs: 4, Instructions: 105COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001F458, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002A66D, Relevance: 6.1, APIs: 4, Instructions: 88COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002DBEF, Relevance: 6.1, APIs: 4, Instructions: 87COMMON
C-Code - Quality: 76% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001B3D4, Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10025E53, Relevance: 6.1, APIs: 4, Instructions: 61COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000ADD7, Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10038403, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002E006, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10025A85, Relevance: 6.1, APIs: 4, Instructions: 52timeCOMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002F123, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10037973, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000F078, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000E914, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1001B210, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000CB1E, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100340E0, Relevance: 6.0, APIs: 4, Instructions: 39COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10038627, Relevance: 6.0, APIs: 4, Instructions: 23COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10035347, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62registryCOMMON
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1002F811, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10037E90, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10012BAD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41libraryloaderCOMMON
C-Code - Quality: 51% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 3.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0.1% |
Total number of Nodes: | 1028 |
Total number of Limit Nodes: | 5 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D64248, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02D717CB, Relevance: 1.3, APIs: 1, Instructions: 56stringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02D7DE10, Relevance: .0, Instructions: 2COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 3.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 1021 |
Total number of Limit Nodes: | 4 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044A4248, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044B17CB, Relevance: 1.3, APIs: 1, Instructions: 56stringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 049E1A80, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62fileCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D54DA, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57networkCOMMON
Control-flow Graph |
---|
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049EE9E8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50fileCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D8A5E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68networkCOMMON
C-Code - Quality: 47% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E42E4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66memoryCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 19% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049DF2CC, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57networkCOMMON
C-Code - Quality: 24% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 26% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E199D, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E38CA, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049D2985, Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049EA566, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049E17CB, Relevance: 1.3, APIs: 1, Instructions: 56stringCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|