Windows Analysis Report 2gyA5uNl6VPQUA.dll
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Emotet |
---|
{"C2 list": ["46.55.222.11:443", "104.245.52.73:8080", "41.76.108.46:8080", "103.8.26.103:8080", "185.184.25.237:8080", "103.8.26.102:8080", "203.114.109.124:443", "45.118.115.99:8080", "178.79.147.66:8080", "58.227.42.236:80", "45.118.135.203:7080", "103.75.201.2:443", "195.154.133.20:443", "45.142.114.231:8080", "212.237.5.209:443", "207.38.84.195:8080", "104.251.214.46:8080", "212.237.17.99:8080", "212.237.56.116:7080", "216.158.226.206:443", "110.232.117.186:8080", "158.69.222.101:443", "107.182.225.142:8080", "176.104.106.96:8080", "81.0.236.90:443", "50.116.54.215:443", "138.185.72.26:8080", "51.68.175.8:8080", "210.57.217.132:8080"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2"]}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 11 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 25 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 1_2_6EC02FE7 | |
Source: | Code function: | 4_2_6EC02FE7 |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
E-Banking Fraud: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Source: | Process created: |
Source: | File deleted: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 1_2_6EBE5EA0 | |
Source: | Code function: | 1_2_6EBEE6E0 | |
Source: | Code function: | 1_2_6EBE66E0 | |
Source: | Code function: | 1_2_6EBEA6D0 | |
Source: | Code function: | 1_2_6EBF0F10 | |
Source: | Code function: | 1_2_6EBE1C10 | |
Source: | Code function: | 1_2_6EBE75F4 | |
Source: | Code function: | 1_2_6EBE9D50 | |
Source: | Code function: | 1_2_6EC00A61 | |
Source: | Code function: | 1_2_6EBED380 | |
Source: | Code function: | 1_2_6EBE38C0 | |
Source: | Code function: | 1_2_6EBF01D0 | |
Source: | Code function: | 4_2_02F406EF | |
Source: | Code function: | 4_2_02F2AEB9 | |
Source: | Code function: | 4_2_02F356A9 | |
Source: | Code function: | 4_2_02F3604E | |
Source: | Code function: | 4_2_02F3BA18 | |
Source: | Code function: | 4_2_02F391F7 | |
Source: | Code function: | 4_2_02F3E7DA | |
Source: | Code function: | 4_2_02F389DA | |
Source: | Code function: | 4_2_02F3ED95 | |
Source: | Code function: | 4_2_02F22B7C | |
Source: | Code function: | 4_2_02F2196D | |
Source: | Code function: | 4_2_02F28D59 | |
Source: | Code function: | 4_2_02F33130 | |
Source: | Code function: | 4_2_02F28112 | |
Source: | Code function: | 4_2_02F25314 | |
Source: | Code function: | 4_2_02F2BEF5 | |
Source: | Code function: | 4_2_02F420F8 | |
Source: | Code function: | 4_2_02F2E6FD | |
Source: | Code function: | 4_2_02F2A8E8 | |
Source: | Code function: | 4_2_02F40AD3 | |
Source: | Code function: | 4_2_02F37EDD | |
Source: | Code function: | 4_2_02F254C0 | |
Source: | Code function: | 4_2_02F3B0BA | |
Source: | Code function: | 4_2_02F33ABE | |
Source: | Code function: | 4_2_02F304A4 | |
Source: | Code function: | 4_2_02F2F4A5 | |
Source: | Code function: | 4_2_02F268AD | |
Source: | Code function: | 4_2_02F2C69B | |
Source: | Code function: | 4_2_02F2F699 | |
Source: | Code function: | 4_2_02F2D899 | |
Source: | Code function: | 4_2_02F23085 | |
Source: | Code function: | 4_2_02F41C71 | |
Source: | Code function: | 4_2_02F3E478 | |
Source: | Code function: | 4_2_02F40C66 | |
Source: | Code function: | 4_2_02F3645F | |
Source: | Code function: | 4_2_02F30A37 | |
Source: | Code function: | 4_2_02F23E3B | |
Source: | Code function: | 4_2_02F3CC3F | |
Source: | Code function: | 4_2_02F30824 | |
Source: | Code function: | 4_2_02F31C12 | |
Source: | Code function: | 4_2_02F42C16 | |
Source: | Code function: | 4_2_02F2F20D | |
Source: | Code function: | 4_2_02F21DF9 | |
Source: | Code function: | 4_2_02F26BFE | |
Source: | Code function: | 4_2_02F3D5FE | |
Source: | Code function: | 4_2_02F435E3 | |
Source: | Code function: | 4_2_02F2FBEF | |
Source: | Code function: | 4_2_02F2B7EC | |
Source: | Code function: | 4_2_02F313DB | |
Source: | Code function: | 4_2_02F25DC3 | |
Source: | Code function: | 4_2_02F239C3 | |
Source: | Code function: | 4_2_02F34DC5 | |
Source: | Code function: | 4_2_02F30FC5 | |
Source: | Code function: | 4_2_02F22DC5 | |
Source: | Code function: | 4_2_02F3BFA1 | |
Source: | Code function: | 4_2_02F377A7 | |
Source: | Code function: | 4_2_02F233A9 | |
Source: | Code function: | 4_2_02F36B91 | |
Source: | Code function: | 4_2_02F41987 | |
Source: | Code function: | 4_2_02F27D87 | |
Source: | Code function: | 4_2_02F2F984 | |
Source: | Code function: | 4_2_02F2938F | |
Source: | Code function: | 4_2_02F3C772 | |
Source: | Code function: | 4_2_02F22176 | |
Source: | Code function: | 4_2_02F22575 | |
Source: | Code function: | 4_2_02F35B7C | |
Source: | Code function: | 4_2_02F2597D | |
Source: | Code function: | 4_2_02F3F561 | |
Source: | Code function: | 4_2_02F25166 | |
Source: | Code function: | 4_2_02F2DD66 | |
Source: | Code function: | 4_2_02F42560 | |
Source: | Code function: | 4_2_02F29565 | |
Source: | Code function: | 4_2_02F2996C | |
Source: | Code function: | 4_2_02F2635F | |
Source: | Code function: | 4_2_02F24F42 | |
Source: | Code function: | 4_2_02F3C145 | |
Source: | Code function: | 4_2_02F42D4F | |
Source: | Code function: | 4_2_02F4314A | |
Source: | Code function: | 4_2_02F2E336 | |
Source: | Code function: | 4_2_02F3473A | |
Source: | Code function: | 4_2_02F27739 | |
Source: | Code function: | 4_2_02F26125 | |
Source: | Code function: | 4_2_02F2B12E | |
Source: | Code function: | 4_2_02F3CF2C | |
Source: | Code function: | 4_2_02F24716 | |
Source: | Code function: | 4_2_02F38518 | |
Source: | Code function: | 4_2_02F43306 | |
Source: | Code function: | 4_2_02F3D10B | |
Source: | Code function: | 4_2_02F3710D | |
Source: | Code function: | 4_2_6EBE5EA0 | |
Source: | Code function: | 4_2_6EBEE6E0 | |
Source: | Code function: | 4_2_6EBE66E0 | |
Source: | Code function: | 4_2_6EBEA6D0 | |
Source: | Code function: | 4_2_6EBF0F10 | |
Source: | Code function: | 4_2_6EBE1C10 | |
Source: | Code function: | 4_2_6EBE75F4 | |
Source: | Code function: | 4_2_6EBE9D50 | |
Source: | Code function: | 4_2_6EC00A61 | |
Source: | Code function: | 4_2_6EBED380 | |
Source: | Code function: | 4_2_6EBE38C0 | |
Source: | Code function: | 4_2_6EBF01D0 | |
Source: | Code function: | 8_2_02C506EF | |
Source: | Code function: | 8_2_02C4ED95 | |
Source: | Code function: | 8_2_02C354C0 | |
Source: | Code function: | 8_2_02C50AD3 | |
Source: | Code function: | 8_2_02C47EDD | |
Source: | Code function: | 8_2_02C3A8E8 | |
Source: | Code function: | 8_2_02C3BEF5 | |
Source: | Code function: | 8_2_02C520F8 | |
Source: | Code function: | 8_2_02C3E6FD | |
Source: | Code function: | 8_2_02C33085 | |
Source: | Code function: | 8_2_02C3C69B | |
Source: | Code function: | 8_2_02C3F699 | |
Source: | Code function: | 8_2_02C3D899 | |
Source: | Code function: | 8_2_02C404A4 | |
Source: | Code function: | 8_2_02C3F4A5 | |
Source: | Code function: | 8_2_02C456A9 | |
Source: | Code function: | 8_2_02C368AD | |
Source: | Code function: | 8_2_02C43ABE | |
Source: | Code function: | 8_2_02C3AEB9 | |
Source: | Code function: | 8_2_02C4B0BA | |
Source: | Code function: | 8_2_02C4604E | |
Source: | Code function: | 8_2_02C4645F | |
Source: | Code function: | 8_2_02C50C66 | |
Source: | Code function: | 8_2_02C51C71 | |
Source: | Code function: | 8_2_02C4E478 | |
Source: | Code function: | 8_2_02C3F20D | |
Source: | Code function: | 8_2_02C52C16 | |
Source: | Code function: | 8_2_02C41C12 | |
Source: | Code function: | 8_2_02C4BA18 | |
Source: | Code function: | 8_2_02C40824 | |
Source: | Code function: | 8_2_02C40A37 | |
Source: | Code function: | 8_2_02C33E3B | |
Source: | Code function: | 8_2_02C4CC3F | |
Source: | Code function: | 8_2_02C35DC3 | |
Source: | Code function: | 8_2_02C339C3 | |
Source: | Code function: | 8_2_02C44DC5 | |
Source: | Code function: | 8_2_02C40FC5 | |
Source: | Code function: | 8_2_02C32DC5 | |
Source: | Code function: | 8_2_02C4E7DA | |
Source: | Code function: | 8_2_02C489DA | |
Source: | Code function: | 8_2_02C413DB | |
Source: | Code function: | 8_2_02C535E3 | |
Source: | Code function: | 8_2_02C3FBEF | |
Source: | Code function: | 8_2_02C3B7EC | |
Source: | Code function: | 8_2_02C491F7 | |
Source: | Code function: | 8_2_02C31DF9 | |
Source: | Code function: | 8_2_02C4D5FE | |
Source: | Code function: | 8_2_02C36BFE | |
Source: | Code function: | 8_2_02C51987 | |
Source: | Code function: | 8_2_02C37D87 | |
Source: | Code function: | 8_2_02C3F984 | |
Source: | Code function: | 8_2_02C3938F | |
Source: | Code function: | 8_2_02C477A7 | |
Source: | Code function: | 8_2_02C4BFA1 | |
Source: | Code function: | 8_2_02C333A9 | |
Source: | Code function: | 8_2_02C34F42 | |
Source: | Code function: | 8_2_02C4C145 | |
Source: | Code function: | 8_2_02C52D4F | |
Source: | Code function: | 8_2_02C5314A | |
Source: | Code function: | 8_2_02C38D59 | |
Source: | Code function: | 8_2_02C3635F | |
Source: | Code function: | 8_2_02C4F561 | |
Source: | Code function: | 8_2_02C35166 | |
Source: | Code function: | 8_2_02C3DD66 | |
Source: | Code function: | 8_2_02C52560 | |
Source: | Code function: | 8_2_02C39565 | |
Source: | Code function: | 8_2_02C3196D | |
Source: | Code function: | 8_2_02C3996C | |
Source: | Code function: | 8_2_02C32176 | |
Source: | Code function: | 8_2_02C4C772 | |
Source: | Code function: | 8_2_02C32575 | |
Source: | Code function: | 8_2_02C45B7C | |
Source: | Code function: | 8_2_02C3597D | |
Source: | Code function: | 8_2_02C32B7C | |
Source: | Code function: | 8_2_02C53306 | |
Source: | Code function: | 8_2_02C4710D | |
Source: | Code function: | 8_2_02C4D10B | |
Source: | Code function: | 8_2_02C38112 | |
Source: | Code function: | 8_2_02C34716 | |
Source: | Code function: | 8_2_02C35314 | |
Source: | Code function: | 8_2_02C48518 | |
Source: | Code function: | 8_2_02C36125 | |
Source: | Code function: | 8_2_02C4CF2C | |
Source: | Code function: | 8_2_02C3B12E | |
Source: | Code function: | 8_2_02C43130 | |
Source: | Code function: | 8_2_02C3E336 | |
Source: | Code function: | 8_2_02C37739 | |
Source: | Code function: | 8_2_02C4473A | |
Source: | Code function: | 9_2_006C06EF | |
Source: | Code function: | 9_2_006BED95 | |
Source: | Code function: | 9_2_006C0C66 | |
Source: | Code function: | 9_2_006BE478 | |
Source: | Code function: | 9_2_006C1C71 | |
Source: | Code function: | 9_2_006B604E | |
Source: | Code function: | 9_2_006B645F | |
Source: | Code function: | 9_2_006B0824 | |
Source: | Code function: | 9_2_006A3E3B | |
Source: | Code function: | 9_2_006BCC3F | |
Source: | Code function: | 9_2_006B0A37 | |
Source: | Code function: | 9_2_006AF20D | |
Source: | Code function: | 9_2_006BBA18 | |
Source: | Code function: | 9_2_006B1C12 | |
Source: | Code function: | 9_2_006C2C16 | |
Source: | Code function: | 9_2_006AA8E8 | |
Source: | Code function: | 9_2_006C20F8 | |
Source: | Code function: | 9_2_006AE6FD | |
Source: | Code function: | 9_2_006ABEF5 | |
Source: | Code function: | 9_2_006A54C0 | |
Source: | Code function: | 9_2_006B7EDD | |
Source: | Code function: | 9_2_006C0AD3 | |
Source: | Code function: | 9_2_006B56A9 | |
Source: | Code function: | 9_2_006A68AD | |
Source: | Code function: | 9_2_006B04A4 | |
Source: | Code function: | 9_2_006AF4A5 | |
Source: | Code function: | 9_2_006BB0BA | |
Source: | Code function: | 9_2_006AAEB9 | |
Source: | Code function: | 9_2_006B3ABE | |
Source: | Code function: | 9_2_006A3085 | |
Source: | Code function: | 9_2_006AC69B | |
Source: | Code function: | 9_2_006AF699 | |
Source: | Code function: | 9_2_006AD899 | |
Source: | Code function: | 9_2_006A996C | |
Source: | Code function: | 9_2_006A196D | |
Source: | Code function: | 9_2_006BF561 | |
Source: | Code function: | 9_2_006A5166 | |
Source: | Code function: | 9_2_006ADD66 | |
Source: | Code function: | 9_2_006C2560 | |
Source: | Code function: | 9_2_006A9565 | |
Source: | Code function: | 9_2_006A2B7C | |
Source: | Code function: | 9_2_006B5B7C | |
Source: | Code function: | 9_2_006A597D | |
Source: | Code function: | 9_2_006BC772 | |
Source: | Code function: | 9_2_006A2176 | |
Source: | Code function: | 9_2_006A2575 | |
Source: | Code function: | 9_2_006C2D4F | |
Source: | Code function: | 9_2_006C314A | |
Source: | Code function: | 9_2_006A4F42 | |
Source: | Code function: | 9_2_006BC145 | |
Source: | Code function: | 9_2_006A8D59 | |
Source: | Code function: | 9_2_006A635F | |
Source: | Code function: | 9_2_006AB12E | |
Source: | Code function: | 9_2_006BCF2C | |
Source: | Code function: | 9_2_006A6125 | |
Source: | Code function: | 9_2_006B473A | |
Source: | Code function: | 9_2_006A7739 | |
Source: | Code function: | 9_2_006B3130 | |
Source: | Code function: | 9_2_006AE336 | |
Source: | Code function: | 9_2_006BD10B | |
Source: | Code function: | 9_2_006B710D | |
Source: | Code function: | 9_2_006C3306 | |
Source: | Code function: | 9_2_006B8518 | |
Source: | Code function: | 9_2_006A8112 | |
Source: | Code function: | 9_2_006A4716 | |
Source: | Code function: | 9_2_006A5314 | |
Source: | Code function: | 9_2_006AFBEF | |
Source: | Code function: | 9_2_006AB7EC | |
Source: | Code function: | 9_2_006C35E3 | |
Source: | Code function: | 9_2_006A1DF9 | |
Source: | Code function: | 9_2_006A6BFE | |
Source: | Code function: | 9_2_006BD5FE | |
Source: | Code function: | 9_2_006B91F7 | |
Source: | Code function: | 9_2_006A5DC3 | |
Source: | Code function: | 9_2_006A39C3 | |
Source: | Code function: | 9_2_006B4DC5 | |
Source: | Code function: | 9_2_006B0FC5 | |
Source: | Code function: | 9_2_006A2DC5 | |
Source: | Code function: | 9_2_006B13DB | |
Source: | Code function: | 9_2_006BE7DA | |
Source: | Code function: | 9_2_006B89DA | |
Source: | Code function: | 9_2_006A33A9 | |
Source: | Code function: | 9_2_006BBFA1 | |
Source: | Code function: | 9_2_006B77A7 | |
Source: | Code function: | 9_2_006A938F | |
Source: | Code function: | 9_2_006C1987 | |
Source: | Code function: | 9_2_006A7D87 | |
Source: | Code function: | 9_2_006AF984 |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 1_2_6EC09166 | |
Source: | Code function: | 4_2_02F21527 | |
Source: | Code function: | 4_2_02F21527 | |
Source: | Code function: | 4_2_6EC09166 | |
Source: | Code function: | 8_2_02C31527 | |
Source: | Code function: | 8_2_02C31527 | |
Source: | Code function: | 9_2_006A1527 | |
Source: | Code function: | 9_2_006A1527 |
Source: | Code function: | 1_2_6EBEE4E0 |
Source: | PE file moved: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 1_2_6EC02FE7 | |
Source: | Code function: | 4_2_6EC02FE7 |
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 1_2_6EC029E6 |
Source: | Code function: | 1_2_6EBEE4E0 |
Source: | Code function: | 1_2_6EBE1290 |
Source: | Code function: | 1_2_6EBFC050 | |
Source: | Code function: | 1_2_6EBFBFE0 | |
Source: | Code function: | 1_2_6EBFBFE0 | |
Source: | Code function: | 1_2_6EC012CB | |
Source: | Code function: | 1_2_6EC0298C | |
Source: | Code function: | 4_2_02F34315 | |
Source: | Code function: | 4_2_6EBFC050 | |
Source: | Code function: | 4_2_6EBFBFE0 | |
Source: | Code function: | 4_2_6EBFBFE0 | |
Source: | Code function: | 4_2_6EC012CB | |
Source: | Code function: | 4_2_6EC0298C | |
Source: | Code function: | 8_2_02C44315 | |
Source: | Code function: | 9_2_006B4315 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 1_2_6EBFCB22 | |
Source: | Code function: | 1_2_6EC029E6 | |
Source: | Code function: | 1_2_6EBFD1CC | |
Source: | Code function: | 4_2_6EBFCB22 | |
Source: | Code function: | 4_2_6EC029E6 | |
Source: | Code function: | 4_2_6EBFD1CC |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_6EBFCC44 |
Source: | Code function: | 1_2_6EBFCE15 |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Changes security center settings (notifications, updates, antivirus, firewall) | Show sources |
Source: | Key value created or modified: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation1 | Path Interception | Process Injection12 | Masquerading21 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Query Registry1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion1 | Security Account Manager | Security Software Discovery51 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection12 | NTDS | Virtualization/Sandbox Evasion1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Deobfuscate/Decode Files or Information1 | LSA Secrets | Process Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Hidden Files and Directories1 | Cached Domain Credentials | File and Directory Discovery2 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Obfuscated Files or Information2 | DCSync | System Information Discovery13 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Rundll321 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | File Deletion1 | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | Virustotal | Browse | ||
26% | ReversingLabs | Win32.Trojan.Midie |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
195.154.133.20 | unknown | France | 12876 | OnlineSASFR | true | |
212.237.17.99 | unknown | Italy | 31034 | ARUBA-ASNIT | true | |
110.232.117.186 | unknown | Australia | 56038 | RACKCORP-APRackCorpAU | true | |
104.245.52.73 | unknown | United States | 63251 | METRO-WIRELESSUS | true | |
138.185.72.26 | unknown | Brazil | 264343 | EmpasoftLtdaMeBR | true | |
81.0.236.90 | unknown | Czech Republic | 15685 | CASABLANCA-ASInternetCollocationProviderCZ | true | |
45.118.115.99 | unknown | Indonesia | 131717 | IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaID | true | |
103.75.201.2 | unknown | Thailand | 133496 | CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTH | true | |
216.158.226.206 | unknown | United States | 19318 | IS-AS-1US | true | |
107.182.225.142 | unknown | United States | 32780 | HOSTINGSERVICES-INCUS | true | |
45.118.135.203 | unknown | Japan | 63949 | LINODE-APLinodeLLCUS | true | |
50.116.54.215 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
51.68.175.8 | unknown | France | 16276 | OVHFR | true | |
103.8.26.102 | unknown | Malaysia | 132241 | SKSATECH1-MYSKSATECHNOLOGYSDNBHDMY | true | |
46.55.222.11 | unknown | Bulgaria | 34841 | BALCHIKNETBG | true | |
41.76.108.46 | unknown | South Africa | 327979 | DIAMATRIXZA | true | |
103.8.26.103 | unknown | Malaysia | 132241 | SKSATECH1-MYSKSATECHNOLOGYSDNBHDMY | true | |
178.79.147.66 | unknown | United Kingdom | 63949 | LINODE-APLinodeLLCUS | true | |
212.237.5.209 | unknown | Italy | 31034 | ARUBA-ASNIT | true | |
176.104.106.96 | unknown | Serbia | 198371 | NINETRS | true | |
207.38.84.195 | unknown | United States | 30083 | AS-30083-GO-DADDY-COM-LLCUS | true | |
212.237.56.116 | unknown | Italy | 31034 | ARUBA-ASNIT | true | |
45.142.114.231 | unknown | Germany | 44066 | DE-FIRSTCOLOwwwfirst-colonetDE | true | |
203.114.109.124 | unknown | Thailand | 131293 | TOT-LLI-AS-APTOTPublicCompanyLimitedTH | true | |
210.57.217.132 | unknown | Indonesia | 38142 | UNAIR-AS-IDUniversitasAirlanggaID | true | |
58.227.42.236 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true | |
185.184.25.237 | unknown | Turkey | 209711 | MUVHOSTTR | true | |
158.69.222.101 | unknown | Canada | 16276 | OVHFR | true | |
104.251.214.46 | unknown | United States | 54540 | INCERO-HVVCUS | true |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 532048 |
Start date: | 01.12.2021 |
Start time: | 17:28:01 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 2gyA5uNl6VPQUA.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal76.troj.evad.winDLL@35/8@0/30 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
17:30:29 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
195.154.133.20 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
212.237.17.99 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ARUBA-ASNIT | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
OnlineSASFR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.11007315410389254 |
Encrypted: | false |
SSDEEP: | 12:261PjXm/Ey6q9995GNq3qQ10nMCldimE8eawHjcScrf:261Cl68sgLyMCldzE9BHjcd |
MD5: | F509464584BDE228AC6200E4AAF46791 |
SHA1: | 910529F0944A946D8A04101F68A7974FFC21AA2C |
SHA-256: | 1EF2E59D09B4C131FA935931AEDF926EABA1A22C4BE340B643697D690FB22982 |
SHA-512: | 2BC237F4E2FDB86A44478B6D9311150E7685E60BEA2620743E8E6C4A004ED20B38544D1676354EC7280B77BB20F69B66DD31F2EB2B7DFC4C3F93BA45BF7F6201 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.1127203686131934 |
Encrypted: | false |
SSDEEP: | 12:80jXm/Ey6q9995c1miM3qQ10nMCldimE8eawHza1miINtCP:8xl68K1tMLyMCldzE9BHza1tIri |
MD5: | 3E1816AC72E02624CA0A277C24E5AFCD |
SHA1: | 0BC7E702D5E870AE4365D3BFAD3F28B107F0F1AE |
SHA-256: | C8CF94490DF4D5F9310AAFFF0D788A63DD6FD1E56A8EF5990057A8041FB283AD |
SHA-512: | 91AD8BC73D1B764707229A5FFF5CECABBBB915632CF65402E68147F58ADECEADEB030B10407419A8875AB7039AED56F395F5923739F5CC7B00979C265CD0E6E9 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.11264702181093222 |
Encrypted: | false |
SSDEEP: | 12:8YjXm/Ey6q9995c1mK2P3qQ10nMCldimE8eawHza1mK0ssP:8Nl68K1iPLyMCldzE9BHza18 |
MD5: | 0BD3A781A3DED6D0FDFBD5E332077DDE |
SHA1: | 0D810BF920322816C05D5C666A777928490EC26B |
SHA-256: | CA36BDFD0B937952C0839CC0EB8D030628EFA7D59F5E48C731B9B0B20D5923F6 |
SHA-512: | 0B76F7304E044501254180F259C23B5E9F410150F6468574029D757FB2E845F1E98C8FA25D3B991CD4276718BDC010BA1AB60FB6603DC1FA051B048DB90F3D94 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.11007315410389254 |
Encrypted: | false |
SSDEEP: | 12:261PjXm/Ey6q9995GNq3qQ10nMCldimE8eawHjcScrf:261Cl68sgLyMCldzE9BHjcd |
MD5: | F509464584BDE228AC6200E4AAF46791 |
SHA1: | 910529F0944A946D8A04101F68A7974FFC21AA2C |
SHA-256: | 1EF2E59D09B4C131FA935931AEDF926EABA1A22C4BE340B643697D690FB22982 |
SHA-512: | 2BC237F4E2FDB86A44478B6D9311150E7685E60BEA2620743E8E6C4A004ED20B38544D1676354EC7280B77BB20F69B66DD31F2EB2B7DFC4C3F93BA45BF7F6201 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.1127203686131934 |
Encrypted: | false |
SSDEEP: | 12:80jXm/Ey6q9995c1miM3qQ10nMCldimE8eawHza1miINtCP:8xl68K1tMLyMCldzE9BHza1tIri |
MD5: | 3E1816AC72E02624CA0A277C24E5AFCD |
SHA1: | 0BC7E702D5E870AE4365D3BFAD3F28B107F0F1AE |
SHA-256: | C8CF94490DF4D5F9310AAFFF0D788A63DD6FD1E56A8EF5990057A8041FB283AD |
SHA-512: | 91AD8BC73D1B764707229A5FFF5CECABBBB915632CF65402E68147F58ADECEADEB030B10407419A8875AB7039AED56F395F5923739F5CC7B00979C265CD0E6E9 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.11264702181093222 |
Encrypted: | false |
SSDEEP: | 12:8YjXm/Ey6q9995c1mK2P3qQ10nMCldimE8eawHza1mK0ssP:8Nl68K1iPLyMCldzE9BHza18 |
MD5: | 0BD3A781A3DED6D0FDFBD5E332077DDE |
SHA1: | 0D810BF920322816C05D5C666A777928490EC26B |
SHA-256: | CA36BDFD0B937952C0839CC0EB8D030628EFA7D59F5E48C731B9B0B20D5923F6 |
SHA-512: | 0B76F7304E044501254180F259C23B5E9F410150F6468574029D757FB2E845F1E98C8FA25D3B991CD4276718BDC010BA1AB60FB6603DC1FA051B048DB90F3D94 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Windows Defender\MpCmdRun.exe |
File Type: | |
Category: | modified |
Size (bytes): | 9062 |
Entropy (8bit): | 3.1617821983611605 |
Encrypted: | false |
SSDEEP: | 192:cY+38+DJl+ibJ6+ioJJ+i3N+WtT+E9tD+Ett3d+E3zk+R:j+s+v+b+P+m+0+Q+q+T+R |
MD5: | 1F848228A9E566D1A67D38C8FE9B378F |
SHA1: | E75E77DD3FFD300A3379CF5EADEA0262D9E49DDD |
SHA-256: | A9A59EC953B5242D3AC70E1336D94242065298DA0DB24DDF043F866FE0D12DAE |
SHA-512: | D0DAA3E313E3C56C1F349B68859881E2BA15DBCA942BEE8CF919C2C02714128CF20689EF5A31045CC0AC5FF1E1603A419EED16BFC5912750B7A046C91BCA33FB |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 3.7907703522626073 |
Encrypted: | false |
SSDEEP: | 96:4CAMbAwo+lE5uI9c2YkUCp0I2lShhk/S4ZAT2BYFzOUMC0rJReC8l5hbMCWl5IbZ:Lxe7/p2wvn2COkaCiC1CYC9MCo |
MD5: | 5621673E95B1159150EC48C66E1CE423 |
SHA1: | D345CDE13248322172A7B2D4C5A3E79E25C801A3 |
SHA-256: | A1F0EA666036D07976C3C831D6B406CBCE55E944C2C04A13ABB11A75FE1BFC7C |
SHA-512: | 81471CDDFFC812FFA0EFB6F96ADF1433865B50E522D8771F0FB837998AF00A1AC2F0356E83FCD3F3C29DF30A6457D5EBF9F91471A6B3CC99B33A616947963913 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.970960867517191 |
TrID: |
|
File name: | 2gyA5uNl6VPQUA.dll |
File size: | 387072 |
MD5: | 5e20cb3466b66a9cdeac1ac74d9862e4 |
SHA1: | 28ef4facb366de1fc7da62b975c8967997527c36 |
SHA256: | 208939e34f46846c7c95383c6fea7813038b4dea87ea3819c157ccfbbf8aa09a |
SHA512: | 594039a003ac0c22a0a91c219c5cf50520994ead32f02efcfd8d79e57313c8ae041376fd0c3dcdfadf0472bee87363b28242a1d677e29cecb69127411fc6e722 |
SSDEEP: | 6144:zBYrPMTsY8GR3j4fubnY6Zs/Bv6yM6aSTsfA2qL6jpXNcc6CEteuQJPIgtlpZ5L:yhmT4GbnYks/BJNWo2LjpScDEteuOIoZ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...Q...Q...Q..E#...Q..E#...Q..E#...Q../$...Q...$...Q...$...Q...$...Q..E#...Q...Q...Q...Q...Q../$...Q../$...Q..Rich.Q......... |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1001cac1 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x61A73B52 [Wed Dec 1 09:07:30 2021 UTC] |
TLS Callbacks: | 0x1000c340 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 609402ef170a35cc0e660d7d95ac10ce |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007F7858DE2667h |
call 00007F7858DE29F8h |
push dword ptr [ebp+10h] |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp+08h] |
call 00007F7858DE2513h |
add esp, 0Ch |
pop ebp |
retn 000Ch |
push ebp |
mov ebp, esp |
push dword ptr [ebp+08h] |
call 00007F7858DE2F0Eh |
pop ecx |
pop ebp |
ret |
push ebp |
mov ebp, esp |
jmp 00007F7858DE266Fh |
push dword ptr [ebp+08h] |
call 00007F7858DE69F4h |
pop ecx |
test eax, eax |
je 00007F7858DE2671h |
push dword ptr [ebp+08h] |
call 00007F7858DE6A70h |
pop ecx |
test eax, eax |
je 00007F7858DE2648h |
pop ebp |
ret |
cmp dword ptr [ebp+08h], FFFFFFFFh |
je 00007F7858DE2FD3h |
jmp 00007F7858DE2FB0h |
push ebp |
mov ebp, esp |
push 00000000h |
call dword ptr [1002A08Ch] |
push dword ptr [ebp+08h] |
call dword ptr [1002A088h] |
push C0000409h |
call dword ptr [1002A040h] |
push eax |
call dword ptr [1002A090h] |
pop ebp |
ret |
push ebp |
mov ebp, esp |
sub esp, 00000324h |
push 00000017h |
call dword ptr [1002A094h] |
test eax, eax |
je 00007F7858DE2667h |
push 00000002h |
pop ecx |
int 29h |
mov dword ptr [1005E278h], eax |
mov dword ptr [1005E274h], ecx |
mov dword ptr [1005E270h], edx |
mov dword ptr [1005E26Ch], ebx |
mov dword ptr [1005E268h], esi |
mov dword ptr [1005E264h], edi |
mov word ptr [eax], es |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x5b590 | 0x614 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5bba4 | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x60000 | 0x1bc0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x5a1dc | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x5a300 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x5a230 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2a000 | 0x154 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x28bb4 | 0x28c00 | False | 0.53924822661 | data | 6.1540438823 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x2a000 | 0x32362 | 0x32400 | False | 0.817805503731 | data | 7.40645381596 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x5d000 | 0x1ba4 | 0x1200 | False | 0.287109375 | data | 2.60484752417 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0x5f000 | 0x4c4 | 0x600 | False | 0.360677083333 | AmigaOS bitmap font | 2.17228109861 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.reloc | 0x60000 | 0x1bc0 | 0x1c00 | False | 0.7880859375 | data | 6.62631718459 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetModuleHandleA, GetProcAddress, TlsGetValue, TlsSetValue, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, SetLastError, GetEnvironmentVariableW, GetLastError, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentThread, RtlCaptureContext, ReleaseMutex, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, CloseHandle, GetStdHandle, GetConsoleMode, WriteFile, WriteConsoleW, TlsAlloc, GetCommandLineW, CreateFileA, GetTickCount64, CreateFileW, SetFilePointerEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RaiseException, RtlUnwind, InterlockedFlushSList, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, GetFileType, GetStringTypeW, HeapSize, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, DecodePointer |
USER32.dll | GetDC, ReleaseDC, GetWindowRect |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Control_RunDLL | 1 | 0x100010a0 |
axamexdrqyrgb | 2 | 0x100017b0 |
bhramccfbdd | 3 | 0x10001690 |
bptyjtyr | 4 | 0x10001640 |
bxoqrnuua | 5 | 0x100016c0 |
cegjceivzmgdcffk | 6 | 0x100014e0 |
cgxpyqfkocm | 7 | 0x10001480 |
chjbtsnqmvl | 8 | 0x10001540 |
crfsijq | 9 | 0x10001730 |
empxfws | 10 | 0x10001590 |
fbgcvvbrlowsjsj | 11 | 0x10001550 |
fjhmprw | 12 | 0x10001660 |
gfqdajfucnxrv | 13 | 0x10001850 |
hcloldazhuvj | 14 | 0x10001790 |
idcumrbybo | 15 | 0x10001500 |
ihvpwdsfllpvrzy | 16 | 0x10001750 |
iuzqizpdhxqkmf | 17 | 0x100014c0 |
jaarlqsruhrwpipt | 18 | 0x100016e0 |
jndshbhgxdkvvtj | 19 | 0x10001600 |
jniijdleqsyajeis | 20 | 0x10001650 |
jtjqgma | 21 | 0x100016f0 |
kffxtbzhfgbqlu | 22 | 0x10001630 |
kwxkzdhqe | 23 | 0x100016d0 |
lidhnvsukgiuabh | 24 | 0x100016b0 |
ltcrkednwfkup | 25 | 0x10001820 |
lvrmqgtvhsegpbvmq | 26 | 0x10001770 |
mxvwvnerswyylp | 27 | 0x10001520 |
ndlmbjceavqdintmv | 28 | 0x100017d0 |
nvnriipkwrmxwsu | 29 | 0x10001510 |
oafxfavxmi | 30 | 0x10001570 |
ocwutlohg | 31 | 0x100014b0 |
olcklbdvo | 32 | 0x10001680 |
pawvqfmiz | 33 | 0x100015e0 |
pdmomnjmmryopqza | 34 | 0x10001560 |
plzkvjcbz | 35 | 0x10001710 |
poasqvltrkgvepng | 36 | 0x10001840 |
psjoyjhsrkg | 37 | 0x100015b0 |
qdimtzieldbl | 38 | 0x10001620 |
qzvngjfyuxpjag | 39 | 0x10001580 |
relsounb | 40 | 0x100016a0 |
rykebhcisi | 41 | 0x10001670 |
snrvgvzpjh | 42 | 0x100017c0 |
sqnfcfmocgbg | 43 | 0x10001740 |
sxgllzweihxqxi | 44 | 0x10001760 |
tgagxhhcfj | 45 | 0x10001780 |
thjyvtvttwpah | 46 | 0x10001830 |
uvypobslemtipv | 47 | 0x10001640 |
vgidwtjsbwpxkdxj | 48 | 0x100017a0 |
wahhdker | 49 | 0x100014a0 |
wamqmispvbxt | 50 | 0x100015f0 |
witvsjavqyw | 51 | 0x10001720 |
wopabadcwdizvwlgk | 52 | 0x10001490 |
wpzyecljz | 53 | 0x10001800 |
wukgfirfwilhu | 54 | 0x100015d0 |
xntbmrrxs | 55 | 0x100017f0 |
xsxwxreryufxwuhh | 56 | 0x10001700 |
xvgdevijtw | 57 | 0x10001610 |
ydvqidso | 58 | 0x100015c0 |
yggdjrsewuw | 59 | 0x100015a0 |
zaeqdmhaky | 60 | 0x100017e0 |
zakvwkjnk | 61 | 0x10001700 |
zqbggkzy | 62 | 0x100014f0 |
zqtdpertk | 63 | 0x100014d0 |
zshfybkvzv | 64 | 0x10001810 |
zxxopqyvfoesyhmup | 65 | 0x10001530 |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 17:28:54 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70d6e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:28:55 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcf0000 |
File size: | 893440 bytes |
MD5 hash: | 72FCD8FB0ADC38ED9050569AD673650E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 17:28:55 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70d6e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:28:55 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd80000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:28:55 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 17:28:55 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 17:28:55 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\SgrmBroker.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e4d60000 |
File size: | 163336 bytes |
MD5 hash: | D3170A3F3A9626597EEE1888686E3EA6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:28:56 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70d6e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 17:29:00 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 17:29:07 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 17:29:09 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70d6e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 17:30:23 |
Start date: | 01/12/2021 |
Path: | C:\Program Files\Windows Defender\MpCmdRun.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7702f0000 |
File size: | 455656 bytes |
MD5 hash: | A267555174BFA53844371226F482B86B |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 17:30:26 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 17:31:00 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 17:31:11 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 17:31:16 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 17:31:20 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 17:31:20 |
Start date: | 01/12/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70d6e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 17:31:21 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x270000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 17:31:33 |
Start date: | 01/12/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x270000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 6EBFC050, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 394filememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFC8DB, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFC98B, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC2A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC320, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC04161, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFC7D4, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC0475C, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFF3B1, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC01C23, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC02C26, Relevance: 1.3, APIs: 1, Instructions: 39memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC022E9, Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC0228A, Relevance: 1.3, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6EBED380, Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 445memoryCOMMONCrypto
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEE4E0, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 135libraryloadersynchronizationCOMMON
C-Code - Quality: 52% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEE6E0, Relevance: 25.1, APIs: 9, Strings: 5, Instructions: 588libraryloaderCOMMONCrypto
C-Code - Quality: 52% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBE5EA0, Relevance: 10.9, Strings: 8, Instructions: 927COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFD1CC, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC029E6, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBE9D50, Relevance: 4.0, Strings: 3, Instructions: 233COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBE1C10, Relevance: 2.8, Strings: 2, Instructions: 317COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBE66E0, Relevance: 2.8, Strings: 2, Instructions: 252COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC00A61, Relevance: 1.8, APIs: 1, Instructions: 274COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFCC44, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC02FE7, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBF0F10, Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBE38C0, Relevance: .5, Instructions: 489COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFBFE0, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC0298C, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC012CB, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEDD30, Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 451memorylibraryloaderCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC700, Relevance: 32.0, APIs: 14, Strings: 4, Instructions: 477memoryCOMMON
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC6D0, Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 409memoryCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC340, Relevance: 12.6, APIs: 10, Instructions: 125COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBF1BF0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212fileCOMMON
C-Code - Quality: 59% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC4D0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95memoryCOMMON
C-Code - Quality: 45% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBE10A0, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 141memoryCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBF2960, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFF3BF, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFBE60, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBED000, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC012ED, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC280, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC2E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC2C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC260, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC300, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC06749, Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBF2470, Relevance: 6.2, APIs: 4, Instructions: 215COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFF49F, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC02D87, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC07EA6, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 6EBFC050, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 394filememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFC8DB, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFC98B, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC2A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC320, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC04161, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F39100, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74processCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F2C38F, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56serviceCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F34CFD, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55memoryCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F255C0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54fileCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F27C11, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44libraryCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFC7D4, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F30207, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70stringCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F32D06, Relevance: 1.6, APIs: 1, Instructions: 74fileCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F43231, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F39038, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F2F3F7, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC02C26, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC022E9, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6EBED380, Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 445memoryCOMMONCrypto
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBE75F4, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 423COMMONCrypto
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFD1CC, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEDD30, Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 451memorylibraryloaderCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC700, Relevance: 32.0, APIs: 14, Strings: 4, Instructions: 477memoryCOMMON
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEE4E0, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 135libraryloadersynchronizationCOMMON
C-Code - Quality: 52% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC6D0, Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 409memoryCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC340, Relevance: 12.6, APIs: 10, Instructions: 125COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBF1BF0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212fileCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC4D0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95memoryCOMMON
C-Code - Quality: 45% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBE10A0, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 141memoryCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBF2960, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111memoryCOMMON
C-Code - Quality: 56% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFF3BF, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFBE60, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBED000, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC012ED, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC280, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC2E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC2C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC260, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBEC300, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC06749, Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EBFF49F, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC02D87, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6EC07EA6, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 02C49100, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74processCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C40207, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70stringCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C3F3F7, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 006B9100, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74processCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006B0207, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70stringCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006AF3F7, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|