Windows Analysis Report nhlHEF5IVY.dll
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 26 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
Click to see the 71 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Emotet RunDLL32 Process Creation | Show sources |
Source: | Author: FPT.EagleEye: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_6E4C0927 | |
Source: | Code function: | 2_2_6E4C0927 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
E-Banking Fraud: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Source: | Static PE information: |
Source: | Process created: |
Source: | File deleted: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_001E1291 | |
Source: | Code function: | 0_2_001E261E | |
Source: | Code function: | 0_2_001C800A | |
Source: | Code function: | 0_2_001DC205 | |
Source: | Code function: | 0_2_001C243F | |
Source: | Code function: | 0_2_001C3432 | |
Source: | Code function: | 0_2_001D282D | |
Source: | Code function: | 0_2_001C3228 | |
Source: | Code function: | 0_2_001C9824 | |
Source: | Code function: | 0_2_001CCE5A | |
Source: | Code function: | 0_2_001DEA55 | |
Source: | Code function: | 0_2_001C6453 | |
Source: | Code function: | 0_2_001C544C | |
Source: | Code function: | 0_2_001CAA4E | |
Source: | Code function: | 0_2_001D7445 | |
Source: | Code function: | 0_2_001D3043 | |
Source: | Code function: | 0_2_001CAE43 | |
Source: | Code function: | 0_2_001C387F | |
Source: | Code function: | 0_2_001CFA78 | |
Source: | Code function: | 0_2_001DB677 | |
Source: | Code function: | 0_2_001C3A6C | |
Source: | Code function: | 0_2_001C6869 | |
Source: | Code function: | 0_2_001CB464 | |
Source: | Code function: | 0_2_001CEE60 | |
Source: | Code function: | 0_2_001CFE9D | |
Source: | Code function: | 0_2_001DE899 | |
Source: | Code function: | 0_2_001DA29B | |
Source: | Code function: | 0_2_001D009A | |
Source: | Code function: | 0_2_001D0E97 | |
Source: | Code function: | 0_2_001DCE90 | |
Source: | Code function: | 0_2_001D0A93 | |
Source: | Code function: | 0_2_001CF48A | |
Source: | Code function: | 0_2_001CA083 | |
Source: | Code function: | 0_2_001E1CDB | |
Source: | Code function: | 0_2_001C90D4 | |
Source: | Code function: | 0_2_001D28D5 | |
Source: | Code function: | 0_2_001D52D1 | |
Source: | Code function: | 0_2_001E20CE | |
Source: | Code function: | 0_2_001D10CD | |
Source: | Code function: | 0_2_001C92C1 | |
Source: | Code function: | 0_2_001C2CC2 | |
Source: | Code function: | 0_2_001D40FE | |
Source: | Code function: | 0_2_001C46FA | |
Source: | Code function: | 0_2_001C1EFB | |
Source: | Code function: | 0_2_001D62F5 | |
Source: | Code function: | 0_2_001D4CF5 | |
Source: | Code function: | 0_2_001C84F0 | |
Source: | Code function: | 0_2_001D56E9 | |
Source: | Code function: | 0_2_001CC0EA | |
Source: | Code function: | 0_2_001C4D1E | |
Source: | Code function: | 0_2_001CCB13 | |
Source: | Code function: | 0_2_001D3D0C | |
Source: | Code function: | 0_2_001DBF0C | |
Source: | Code function: | 0_2_001D590E | |
Source: | Code function: | 0_2_001D970A | |
Source: | Code function: | 0_2_001DE10A | |
Source: | Code function: | 0_2_001CF73B | |
Source: | Code function: | 0_2_001DCD35 | |
Source: | Code function: | 0_2_001CA92F | |
Source: | Code function: | 0_2_001D9124 | |
Source: | Code function: | 0_2_001D6540 | |
Source: | Code function: | 0_2_001E0370 | |
Source: | Code function: | 0_2_001CCF6E | |
Source: | Code function: | 0_2_001CBD61 | |
Source: | Code function: | 0_2_001C7795 | |
Source: | Code function: | 0_2_001D1591 | |
Source: | Code function: | 0_2_001CB191 | |
Source: | Code function: | 0_2_001C358B | |
Source: | Code function: | 0_2_001DDB87 | |
Source: | Code function: | 0_2_001C8D80 | |
Source: | Code function: | 0_2_001C4B81 | |
Source: | Code function: | 0_2_001D3782 | |
Source: | Code function: | 0_2_001C43BE | |
Source: | Code function: | 0_2_001C59BF | |
Source: | Code function: | 0_2_001DD7BE | |
Source: | Code function: | 0_2_001D85B8 | |
Source: | Code function: | 0_2_001DE3B5 | |
Source: | Code function: | 0_2_001DDDA5 | |
Source: | Code function: | 0_2_001D0BA4 | |
Source: | Code function: | 0_2_001DE5A7 | |
Source: | Code function: | 0_2_001D89A2 | |
Source: | Code function: | 0_2_001C75D2 | |
Source: | Code function: | 0_2_001C19C0 | |
Source: | Code function: | 0_2_001DEDED | |
Source: | Code function: | 0_2_001C51EC | |
Source: | Code function: | 0_2_001CA3E7 | |
Source: | Code function: | 0_2_6E4A9F10 | |
Source: | Code function: | 0_2_6E4A77B4 | |
Source: | Code function: | 0_2_6E4AD530 | |
Source: | Code function: | 0_2_6E4A1DE0 | |
Source: | Code function: | 0_2_6E4A3A90 | |
Source: | Code function: | 0_2_6E4B0380 | |
Source: | Code function: | 0_2_6E4BE3A1 | |
Source: | Code function: | 0_2_6E4A6070 | |
Source: | Code function: | 0_2_6E4B10C0 | |
Source: | Code function: | 0_2_6E4AA890 | |
Source: | Code function: | 0_2_6E4AE890 | |
Source: | Code function: | 0_2_6E4A68B0 | |
Source: | Code function: | 2_2_6E4A9F10 | |
Source: | Code function: | 2_2_6E4A77B4 | |
Source: | Code function: | 2_2_6E4AD530 | |
Source: | Code function: | 2_2_6E4A1DE0 | |
Source: | Code function: | 2_2_6E4A3A90 | |
Source: | Code function: | 2_2_6E4B0380 | |
Source: | Code function: | 2_2_6E4BE3A1 | |
Source: | Code function: | 2_2_6E4A6070 | |
Source: | Code function: | 2_2_6E4B10C0 | |
Source: | Code function: | 2_2_6E4AA890 | |
Source: | Code function: | 2_2_6E4AE890 | |
Source: | Code function: | 2_2_6E4A68B0 | |
Source: | Code function: | 4_2_031BEA55 | |
Source: | Code function: | 4_2_031C1291 | |
Source: | Code function: | 4_2_031A4D1E | |
Source: | Code function: | 4_2_031ACB13 | |
Source: | Code function: | 4_2_031B970A | |
Source: | Code function: | 4_2_031BE10A | |
Source: | Code function: | 4_2_031B590E | |
Source: | Code function: | 4_2_031B3D0C | |
Source: | Code function: | 4_2_031BBF0C | |
Source: | Code function: | 4_2_031AF73B | |
Source: | Code function: | 4_2_031BCD35 | |
Source: | Code function: | 4_2_031AA92F | |
Source: | Code function: | 4_2_031B9124 | |
Source: | Code function: | 4_2_031B6540 | |
Source: | Code function: | 4_2_031C0370 | |
Source: | Code function: | 4_2_031ACF6E | |
Source: | Code function: | 4_2_031ABD61 | |
Source: | Code function: | 4_2_031B1591 | |
Source: | Code function: | 4_2_031AB191 | |
Source: | Code function: | 4_2_031A7795 | |
Source: | Code function: | 4_2_031A358B | |
Source: | Code function: | 4_2_031B3782 | |
Source: | Code function: | 4_2_031A8D80 | |
Source: | Code function: | 4_2_031A4B81 | |
Source: | Code function: | 4_2_031BDB87 | |
Source: | Code function: | 4_2_031B85B8 | |
Source: | Code function: | 4_2_031A43BE | |
Source: | Code function: | 4_2_031A59BF | |
Source: | Code function: | 4_2_031BD7BE | |
Source: | Code function: | 4_2_031BE3B5 | |
Source: | Code function: | 4_2_031B89A2 | |
Source: | Code function: | 4_2_031BE5A7 | |
Source: | Code function: | 4_2_031BDDA5 | |
Source: | Code function: | 4_2_031B0BA4 | |
Source: | Code function: | 4_2_031A75D2 | |
Source: | Code function: | 4_2_031A19C0 | |
Source: | Code function: | 4_2_031BEDED | |
Source: | Code function: | 4_2_031A51EC | |
Source: | Code function: | 4_2_031AA3E7 | |
Source: | Code function: | 4_2_031C261E | |
Source: | Code function: | 4_2_031A800A | |
Source: | Code function: | 4_2_031BC205 | |
Source: | Code function: | 4_2_031A243F | |
Source: | Code function: | 4_2_031A3432 | |
Source: | Code function: | 4_2_031A3228 | |
Source: | Code function: | 4_2_031B282D | |
Source: | Code function: | 4_2_031A9824 | |
Source: | Code function: | 4_2_031ACE5A | |
Source: | Code function: | 4_2_031A6453 | |
Source: | Code function: | 4_2_031AAA4E | |
Source: | Code function: | 4_2_031A544C | |
Source: | Code function: | 4_2_031B3043 | |
Source: | Code function: | 4_2_031AAE43 | |
Source: | Code function: | 4_2_031B7445 | |
Source: | Code function: | 4_2_031AFA78 | |
Source: | Code function: | 4_2_031A387F | |
Source: | Code function: | 4_2_031BB677 | |
Source: | Code function: | 4_2_031A6869 | |
Source: | Code function: | 4_2_031A3A6C | |
Source: | Code function: | 4_2_031AEE60 | |
Source: | Code function: | 4_2_031AB464 | |
Source: | Code function: | 4_2_031BA29B | |
Source: | Code function: | 4_2_031B009A | |
Source: | Code function: | 4_2_031BE899 | |
Source: | Code function: | 4_2_031AFE9D | |
Source: | Code function: | 4_2_031B0A93 | |
Source: | Code function: | 4_2_031BCE90 | |
Source: | Code function: | 4_2_031B0E97 | |
Source: | Code function: | 4_2_031AF48A | |
Source: | Code function: | 4_2_031AA083 | |
Source: | Code function: | 4_2_031C1CDB | |
Source: | Code function: | 4_2_031B52D1 | |
Source: | Code function: | 4_2_031A90D4 | |
Source: | Code function: | 4_2_031B28D5 | |
Source: | Code function: | 4_2_031C20CE | |
Source: | Code function: | 4_2_031B10CD | |
Source: | Code function: | 4_2_031A2CC2 | |
Source: | Code function: | 4_2_031A92C1 | |
Source: | Code function: | 4_2_031A46FA | |
Source: | Code function: | 4_2_031A1EFB | |
Source: | Code function: | 4_2_031B40FE | |
Source: | Code function: | 4_2_031A84F0 | |
Source: | Code function: | 4_2_031B62F5 | |
Source: | Code function: | 4_2_031B4CF5 | |
Source: | Code function: | 4_2_031AC0EA | |
Source: | Code function: | 4_2_031B56E9 | |
Source: | Code function: | 6_2_0341EA55 | |
Source: | Code function: | 6_2_03421291 | |
Source: | Code function: | 6_2_03416540 | |
Source: | Code function: | 6_2_0340BD61 | |
Source: | Code function: | 6_2_0340CF6E | |
Source: | Code function: | 6_2_03420370 | |
Source: | Code function: | 6_2_0341970A | |
Source: | Code function: | 6_2_0341E10A | |
Source: | Code function: | 6_2_03413D0C | |
Source: | Code function: | 6_2_0341BF0C | |
Source: | Code function: | 6_2_0341590E | |
Source: | Code function: | 6_2_0340CB13 | |
Source: | Code function: | 6_2_03404D1E | |
Source: | Code function: | 6_2_03419124 | |
Source: | Code function: | 6_2_0340A92F | |
Source: | Code function: | 6_2_0341CD35 | |
Source: | Code function: | 6_2_0340F73B | |
Source: | Code function: | 6_2_034019C0 | |
Source: | Code function: | 6_2_034075D2 | |
Source: | Code function: | 6_2_0340A3E7 | |
Source: | Code function: | 6_2_0341EDED | |
Source: | Code function: | 6_2_034051EC | |
Source: | Code function: | 6_2_03408D80 | |
Source: | Code function: | 6_2_03404B81 | |
Source: | Code function: | 6_2_03413782 | |
Source: | Code function: | 6_2_0341DB87 | |
Source: | Code function: | 6_2_0340358B | |
Source: | Code function: | 6_2_03411591 | |
Source: | Code function: | 6_2_0340B191 | |
Source: | Code function: | 6_2_03407795 | |
Source: | Code function: | 6_2_034189A2 | |
Source: | Code function: | 6_2_0341DDA5 | |
Source: | Code function: | 6_2_03410BA4 | |
Source: | Code function: | 6_2_0341E5A7 | |
Source: | Code function: | 6_2_0341E3B5 | |
Source: | Code function: | 6_2_034185B8 | |
Source: | Code function: | 6_2_034043BE | |
Source: | Code function: | 6_2_034059BF | |
Source: | Code function: | 6_2_0341D7BE | |
Source: | Code function: | 6_2_03413043 | |
Source: | Code function: | 6_2_0340AE43 | |
Source: | Code function: | 6_2_03417445 | |
Source: | Code function: | 6_2_0340544C | |
Source: | Code function: | 6_2_0340AA4E | |
Source: | Code function: | 6_2_03406453 | |
Source: | Code function: | 6_2_0340CE5A | |
Source: | Code function: | 6_2_0340EE60 | |
Source: | Code function: | 6_2_0340B464 | |
Source: | Code function: | 6_2_03406869 | |
Source: | Code function: | 6_2_03403A6C | |
Source: | Code function: | 6_2_0341B677 | |
Source: | Code function: | 6_2_0340FA78 | |
Source: | Code function: | 6_2_0340387F | |
Source: | Code function: | 6_2_0341C205 | |
Source: | Code function: | 6_2_0340800A | |
Source: | Code function: | 6_2_0342261E | |
Source: | Code function: | 6_2_03409824 | |
Source: | Code function: | 6_2_03403228 | |
Source: | Code function: | 6_2_0341282D | |
Source: | Code function: | 6_2_03403432 | |
Source: | Code function: | 6_2_0340243F | |
Source: | Code function: | 6_2_034092C1 | |
Source: | Code function: | 6_2_03402CC2 | |
Source: | Code function: | 6_2_034220CE | |
Source: | Code function: | 6_2_034110CD | |
Source: | Code function: | 6_2_034152D1 | |
Source: | Code function: | 6_2_034090D4 | |
Source: | Code function: | 6_2_034128D5 | |
Source: | Code function: | 6_2_03421CDB | |
Source: | Code function: | 6_2_034156E9 | |
Source: | Code function: | 6_2_0340C0EA | |
Source: | Code function: | 6_2_034084F0 | |
Source: | Code function: | 6_2_034162F5 | |
Source: | Code function: | 6_2_03414CF5 | |
Source: | Code function: | 6_2_034046FA | |
Source: | Code function: | 6_2_03401EFB | |
Source: | Code function: | 6_2_034140FE | |
Source: | Code function: | 6_2_0340A083 | |
Source: | Code function: | 6_2_0340F48A | |
Source: | Code function: | 6_2_0341CE90 | |
Source: | Code function: | 6_2_03410A93 | |
Source: | Code function: | 6_2_03410E97 | |
Source: | Code function: | 6_2_0341E899 | |
Source: | Code function: | 6_2_0341A29B | |
Source: | Code function: | 6_2_0341009A | |
Source: | Code function: | 6_2_0340FE9D |
Source: | Process Stats: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_001C13F0 | |
Source: | Code function: | 0_2_6E4C6AA6 | |
Source: | Code function: | 2_2_6E4C6AA6 | |
Source: | Code function: | 4_2_031A13F0 | |
Source: | Code function: | 6_2_034013F0 |
Source: | Code function: | 0_2_6E4AE690 |
Source: | PE file moved: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_6E4C0927 | |
Source: | Code function: | 2_2_6E4C0927 |
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_6E4BAB0C |
Source: | Code function: | 0_2_001D07D2 | |
Source: | Code function: | 0_2_6E4B9990 | |
Source: | Code function: | 0_2_6E4BEC0B | |
Source: | Code function: | 0_2_6E4C02CC | |
Source: | Code function: | 0_2_6E4B9920 | |
Source: | Code function: | 0_2_6E4B9920 | |
Source: | Code function: | 2_2_6E4B9990 | |
Source: | Code function: | 2_2_6E4BEC0B | |
Source: | Code function: | 2_2_6E4C02CC | |
Source: | Code function: | 2_2_6E4B9920 | |
Source: | Code function: | 2_2_6E4B9920 | |
Source: | Code function: | 4_2_031B07D2 | |
Source: | Code function: | 6_2_034107D2 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_6E4AE690 |
Source: | Code function: | 0_2_6E4A1290 |
Source: | Code function: | 0_2_001CFA78 |
Source: | Code function: | 0_2_6E4BA462 | |
Source: | Code function: | 0_2_6E4BAB0C | |
Source: | Code function: | 0_2_6E4C0326 | |
Source: | Code function: | 2_2_6E4BA462 | |
Source: | Code function: | 2_2_6E4BAB0C | |
Source: | Code function: | 2_2_6E4C0326 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_6E4BA584 |
Source: | Code function: | 0_2_6E4BA755 |
Source: | Binary or memory string: |
Stealing of Sensitive Information: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Native API1 | Path Interception | Process Injection12 | Masquerading2 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion1 | LSASS Memory | Security Software Discovery41 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection12 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information2 | Cached Domain Credentials | File and Directory Discovery2 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Rundll321 | DCSync | System Information Discovery13 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | File Deletion1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
21% | Virustotal | Browse | ||
18% | ReversingLabs | Win32.Trojan.Phonzy |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File | ||
100% | Avira | HEUR/AGEN.1110387 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 532437 |
Start date: | 02.12.2021 |
Start time: | 09:45:16 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | nhlHEF5IVY.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal76.troj.evad.winDLL@32/14@0/0 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.6756145565292645 |
Encrypted: | false |
SSDEEP: | 96:02kzeRZqyUy9hkoyt7Jf0pXIQcQ5c6A2cE2cw33+a+z+HbHg0VG4rmMOyWZAXGn/:KCBDHnM28jjAq/u7szS274ItW |
MD5: | 7D72F4ABE55A3CF1934F6D538B8C2D86 |
SHA1: | D07087BD4AF3A72904384DF44EADEA44311991AE |
SHA-256: | E78FAB3561446DCE38A125DCD8E916623245DD1BDF82AFB547FBF8896C410F10 |
SHA-512: | E26E509FB3D56DB5D83D6232AE74451605195FE55CE64678436DB53F51A90F83E4A4D0D7AE6F4FC618C71E84C145DB15AFF0439071C2824F602430B05EEE1467 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.6822455764004985 |
Encrypted: | false |
SSDEEP: | 96:OvFyRieRZqyHy9hko47JAbpXIQcQfc6XOCecEccw3VF+a+z+HbHg0VG4rmMOyWZy:ModB2HROmTjAq/u7szS274ItWE |
MD5: | 964828FF6CE3A40D461A1AA086233179 |
SHA1: | 767AA570C480EFC59C130DB76905A7EFDBB1FFFE |
SHA-256: | A5DCE1E7509202FEED638DBBF2812B4A21817B2A7A413D7A30F61DC876C0CA55 |
SHA-512: | CE3DFFC6F8A60AE0C60C92A57A7565B0917CDBA8E7CDC72FAE3A96FA776611BD09666B8BC8B7FCE2E2B5DA80A0E5D373D5D59EC495C28E820B85161D7737FBC7 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48284 |
Entropy (8bit): | 3.064575500594621 |
Encrypted: | false |
SSDEEP: | 768:faHAH2EE06gO/xN0Cc+fvx+o2kXN0Tt1UvCWKex:faHAH27z/xN0Cc+fZ+LkXN0TsvCw |
MD5: | 24DB966EEB0FC1CDAD34E833BC86926B |
SHA1: | 5A1F93E8E1BF7A7EEBFE42D60E9AA535F0427222 |
SHA-256: | DC67B0470D68EE39441441DFF45DC3188E7668BD9BDCEDF8E7D2220FD0F13261 |
SHA-512: | BD4E45874F8AB77602CB2A08DA9217DE5F74DEF1BD8C00B73DB3C273DF04EDEE51DE2F2B28ED5D90153B005DB74A05027311B06A3A4CAF9C4690817E05B0941E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13340 |
Entropy (8bit): | 2.6947025218296834 |
Encrypted: | false |
SSDEEP: | 96:9GiZYWJiMCpY+YjWQf4Hv3YEZZ3t2i+qiDYwbwsDuaf+Nkit8yIrF7E3:9jZDaZKf0W/uaf+Nkit0xg3 |
MD5: | D7560271D5696DFF7E89E6D468B6566A |
SHA1: | A176CE8E971A6B6F8FEFD4094FB014A1D3E40FBC |
SHA-256: | 6A69C27C6D833221AFDC1D68516B794DC20D7F0F32DC7F43F7C638B5E8DF20F8 |
SHA-512: | 3C0F727637717489FCF8B812FBE8434814D91FE644818CE7778983C430D11FFEEF7A7DCFEFACFBE93E92DF652609EE4DD27BF2E879D3ABE62C13CE027885D7AA |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 47916 |
Entropy (8bit): | 3.0657592141709396 |
Encrypted: | false |
SSDEEP: | 768:zJH4H+q3EHAif/xA0CfRf1x+R2gXNsH9NvhBQ:zJH4H+qxk/xA0CfRfr+wgXNsdNvQ |
MD5: | 6665D9878FAF494911E6B7C62A58D2D7 |
SHA1: | 1C01EA5588275E6120F02CB8D57FE7A861F3149C |
SHA-256: | 0EDD787812D978427BDAC58FB37EE3F9E5F0A123939834FA4506BA601F2F99EF |
SHA-512: | AB04293F8C9C004785769819860150E8760FDB82000D0FCB82C1CB3FC9B448A6390C024978C6A44ED0CEE5ADAAC6CC44B2218EE2BD21BFF3AF46795D73B9A4C4 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13340 |
Entropy (8bit): | 2.6943260976058023 |
Encrypted: | false |
SSDEEP: | 96:9GiZYWDlO34G+YAYTWQ5BfHv3YEZ6wt2irqsD1wkFHnaPDJB2aHIrC3:9jZDDdXakStaPDJB2aorC3 |
MD5: | F30AEAC73E31C150884479821895BC15 |
SHA1: | EEA9561078BCC7EA363674F656C41E4F3B07B649 |
SHA-256: | 83647C24100343C5B10599031E032289A7D3446DF303F5A792396D9D0433548A |
SHA-512: | CC6FC62F703A469A574A87DDA8AD9FF2E475185484E04631AF59381BF0DFD6A2296E738E9A9C8E5AB6ED2381B7AAB2A1218291DB3AA5596DA43C1B6DA10C5F28 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26720 |
Entropy (8bit): | 2.4946307191848325 |
Encrypted: | false |
SSDEEP: | 192:OjP2djECpOcLy8kKfLvPe59JHtF2gKMKgESIWYQ0lwu:/dScLQKf7ePJHtFPKgESIWWd |
MD5: | 668299165E581DFB4EC56AF4DA29CC9A |
SHA1: | 9BC4E162C5CBFBA7F2B32A9A068801B6AD69DBC5 |
SHA-256: | 8BBFDC90586F63AF686348E8F4253FB633BFF1B4719376B35D7CA2AC92AA3C35 |
SHA-512: | BD7E95E74D859B50D61BFDDE331841C0B26643FF24707583B22EE4D62019749071FB0D666B712CFF653E4FC844E00FE93BEA4836D1A4E37588699DEC33AFFC30 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8344 |
Entropy (8bit): | 3.7012749138332923 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNij/616YrwSUAOS5gmfOSzC+pBO89bagsfiem:RrlsNi7616Y8SUAOS5gmfOSz7azfC |
MD5: | 9855971D4F8C6755C81CB40782196D2D |
SHA1: | 48B98CDE291834C7596C66B818023FA93BE6CD65 |
SHA-256: | A9A13C4F03943D81FE2068A2E68503982D0A8B0AD5FCC3FB6E0B284F3A7BD149 |
SHA-512: | A2DF6C7AB6DE0128939EF00E276A47E4A24A42D74C1346BC6B221D987432EC5FCF95C6114A50918AC5AD7C179D79820137E854909C28E33CA73A67416659B55F |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4598 |
Entropy (8bit): | 4.479031705373616 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsUJgtWI9ZXVWSC8BaT8fm8M4J2yvZFy+q84WzAAKcQIcQwQjd:uITfS6XkSNRJBmw3KkwQjd |
MD5: | B4A9DA433AC1D9E362A5DAD1943FE0D0 |
SHA1: | A5FA84A7B491F4F779C846441241683E7986F6C5 |
SHA-256: | 095D6CC0CEDF6669C71FD8A4C722AE3776075F657E587FE6798C7E40B2891645 |
SHA-512: | ACBF62F688B398009A6D0ACD46C621FBA4BDD35BEA601E5561785662B88AC6CA9D5EAEF31351B4B997700697AA48652E94C32421DE14528ECEAED583778A0E70 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1049284 |
Entropy (8bit): | 1.3618305077272557 |
Encrypted: | false |
SSDEEP: | 6144:sZC+yOyIFsYRY5wv2idk9dIO9X4IfmF0Y:sZC+3yIFsYRY5wv2idk9dIO9X4Ifmf |
MD5: | 182EE711EFBB48A000D21A4025050EBA |
SHA1: | F56E4490ED399160E4F462AC77833CD60E9D508D |
SHA-256: | 65D78BEF20AC7E6E685598076A3A2F0F16FC84F1CD2D525359824BFA8AD60D2B |
SHA-512: | BA75A3F3575D3F97F3A81910B399A5FBDB42684A47B738C1023EB6C3D141017E03A6FF1EF1158835FFEF16D7AF094D61F4C8C07EA4F5E98BC4AE7E02F1B59AF1 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8344 |
Entropy (8bit): | 3.697976825375663 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNij86e6YrWSUaQMigmfMSr+pDE89b6gsfBrvem:RrlsNi46e6YaSUaQMigmfMSm6zfBT |
MD5: | 8FD8DB7F9A53E91CA59833375EFE8F0A |
SHA1: | 292DD396ADD6F4F9B2A932294BDA3BBEA729C6DD |
SHA-256: | 112BE52F4BA19CE115CD3B7A9DED401B89B60B1335C2F4CA8208A9A4D421B822 |
SHA-512: | 6D843C1BD91F06744967550479F6F3791D317997CC0E0AB0BC0224A1EE62B0270262E5FC6BF7C4A06097B8FABACF1DBF4278A2EA598FF7D05F3EDBC7DC18549D |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4598 |
Entropy (8bit): | 4.471993005702466 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsUJgtWI9ZXVWSC8BG8fm8M4J2yYSFs+q84tXTAKcQIcQwQjd:uITfS6XkSNlJKzBkKkwQjd |
MD5: | 29B3B0F36F70D8DCC36137B0E55629ED |
SHA1: | 36790ADAF12BB3533040208BB690B44DFBF4B565 |
SHA-256: | 274E5FD94681AB1922D722D0CE3DFB8031667A71ADAE9108FB3A54221277F59E |
SHA-512: | 8CFF0507791544D2D10C805A866E312EBB8236C2FF8AE28B2311D960E9A5A27999F28B7580E7647A4E184E93EF789FF99FD84F488EF289A3019B29D25BDA727C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1572864 |
Entropy (8bit): | 4.239475479455116 |
Encrypted: | false |
SSDEEP: | 12288:WpTzoGkFsGCGs0BWF49FpiyRcoUlSDJrN/3Nih3JwAFBRZ66:kTzoGkFsGCx0BW+Lc |
MD5: | 5942A5349380C9C3CFAAFE1AB1AA7BF6 |
SHA1: | 491E397ACAD84B01D2426760063F069A6297B40A |
SHA-256: | D7D875CC7C0AD81C7119175FE75C9D5020633B565DA3D66463BAF70376C4DB1B |
SHA-512: | 096BE1DF130697E6DF60D63DB9252C85B606308422423A38EC1479416C9EA144817443DA7AA19F2ED483BE92566608D464D288C6687B3E40E1972D7E4748F9AD |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 3.7210167206825284 |
Encrypted: | false |
SSDEEP: | 384:IM85K5ycv4KgnVVeeDzeh1NKZtjZT8GRFw5nZ:/KKpg/eeDzezNYtjeGRFw5 |
MD5: | 88C16E7CDB64AF7249CD901E896336CD |
SHA1: | D765FD096A3F68B62960E7ACC226D37B33EB386B |
SHA-256: | F1AA2A23F3D3AD22B309C19A41AEA2602508D2DF0FC03E6C55BFA24B5E152807 |
SHA-512: | 4F203C32CB0E6249BEE2D8E077349F88DA9004E52901DB00D1D28BB06174DE2C07C2E343A07CC1CCA6E6BA414F114ADDD3AB132A63FBC4E51798EC8700BF8C15 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.0673340607178154 |
TrID: |
|
File name: | nhlHEF5IVY.dll |
File size: | 372736 |
MD5: | 222719bd9555a8f48428737ab34a6fa6 |
SHA1: | b56136e6d1460055917dcb74ed849c59b35300c0 |
SHA256: | 81823e821dae4e623a5f11ccbed6e628443301afd92c0ab25e19d847927f5318 |
SHA512: | 170c8e8ab85e18b97c6fe31d9ffb811fe2b67f92ca843d684ecaef75d3454bcf9584035746015305955e7f1b51281c8dcf1b5476c1c55244c8205dfdf4d0dd82 |
SSDEEP: | 6144:qRsMh9YQWtcgA70wgF7nJy46CQK+kIVDRjudJMrt32fFcRmXIeJXjWMmAD:cvm9Y0HFLNRQKqV4epRmxAvAD |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...Q...Q...Q..E#...Q..E#...Q..E#...Q../$...Q...$...Q...$...Q...$...Q..E#...Q...Q...Q...Q...Q../$...Q../$...Q..Rich.Q......... |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1001a401 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x61A7100E [Wed Dec 1 06:02:54 2021 UTC] |
TLS Callbacks: | 0x1000c500 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 609402ef170a35cc0e660d7d95ac10ce |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007F991C889557h |
call 00007F991C8898E8h |
push dword ptr [ebp+10h] |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp+08h] |
call 00007F991C889403h |
add esp, 0Ch |
pop ebp |
retn 000Ch |
push ebp |
mov ebp, esp |
push dword ptr [ebp+08h] |
call 00007F991C889DFEh |
pop ecx |
pop ebp |
ret |
push ebp |
mov ebp, esp |
jmp 00007F991C88955Fh |
push dword ptr [ebp+08h] |
call 00007F991C88D8E4h |
pop ecx |
test eax, eax |
je 00007F991C889561h |
push dword ptr [ebp+08h] |
call 00007F991C88D960h |
pop ecx |
test eax, eax |
je 00007F991C889538h |
pop ebp |
ret |
cmp dword ptr [ebp+08h], FFFFFFFFh |
je 00007F991C889EC3h |
jmp 00007F991C889EA0h |
push ebp |
mov ebp, esp |
push 00000000h |
call dword ptr [1002808Ch] |
push dword ptr [ebp+08h] |
call dword ptr [10028088h] |
push C0000409h |
call dword ptr [10028040h] |
push eax |
call dword ptr [10028090h] |
pop ebp |
ret |
push ebp |
mov ebp, esp |
sub esp, 00000324h |
push 00000017h |
call dword ptr [10028094h] |
test eax, eax |
je 00007F991C889557h |
push 00000002h |
pop ecx |
int 29h |
mov dword ptr [1005AF18h], eax |
mov dword ptr [1005AF14h], ecx |
mov dword ptr [1005AF10h], edx |
mov dword ptr [1005AF0Ch], ebx |
mov dword ptr [1005AF08h], esi |
mov dword ptr [1005AF04h], edi |
mov word ptr [eax], es |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x58390 | 0x8ac | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x58c3c | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5d000 | 0x1bb0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x56fdc | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x57100 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x57030 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x28000 | 0x154 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x264f4 | 0x26600 | False | 0.546620521173 | data | 6.29652715831 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x28000 | 0x313fa | 0x31400 | False | 0.822468868972 | data | 7.43226452981 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x5a000 | 0x1844 | 0xe00 | False | 0.270647321429 | data | 2.60881097454 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0x5c000 | 0x66c | 0x800 | False | 0.3583984375 | data | 2.21689595795 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.reloc | 0x5d000 | 0x1bb0 | 0x1c00 | False | 0.784598214286 | data | 6.62358237634 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetModuleHandleA, GetProcAddress, TlsGetValue, TlsSetValue, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, SetLastError, GetEnvironmentVariableW, GetLastError, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentThread, RtlCaptureContext, ReleaseMutex, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, CloseHandle, GetStdHandle, GetConsoleMode, WriteFile, WriteConsoleW, TlsAlloc, GetCommandLineW, CreateFileA, GetTickCount64, CreateFileW, SetFilePointerEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RaiseException, RtlUnwind, InterlockedFlushSList, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, GetFileType, GetStringTypeW, HeapSize, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, DecodePointer |
USER32.dll | GetDC, ReleaseDC, GetWindowRect |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Control_RunDLL | 1 | 0x100010a0 |
ajkaibu | 2 | 0x100016c0 |
akyncbgollmj | 3 | 0x10001480 |
alrcidxljxybdggs | 4 | 0x10001860 |
bgmotrriehds | 5 | 0x10001820 |
bojkfvynhhupnooyb | 6 | 0x100019f0 |
bujuoqldqlzaod | 7 | 0x10001800 |
bunsahctogxzts | 8 | 0x100019e0 |
cjogbtafwukesw | 9 | 0x10001830 |
csbbcaopuok | 10 | 0x100016a0 |
cyqrjpaeorjur | 11 | 0x100015f0 |
dlrzuyaeqj | 12 | 0x10001840 |
egiimrq | 13 | 0x10001850 |
evhgyts | 14 | 0x100014f0 |
fdqpjjjyuw | 15 | 0x100017e0 |
finabzjyxhxnnuuv | 16 | 0x10001510 |
fkeacqpbbfw | 17 | 0x10001910 |
fuwsgzf | 18 | 0x10001790 |
fzbmpailk | 19 | 0x10001980 |
gamsrhauvgl | 20 | 0x10001810 |
gjfqgtgk | 21 | 0x10001a10 |
gwsmfxfmekkyr | 22 | 0x100018b0 |
haymuvtatadeydqmk | 23 | 0x10001530 |
hqruohhkvpdalhq | 24 | 0x10001620 |
htdaydfvtjlujwcaj | 25 | 0x10001660 |
hzyrvjtx | 26 | 0x100017c0 |
ifnsupqhxkwj | 27 | 0x10001870 |
ijhgowlpmypocg | 28 | 0x10001720 |
ispjhrqaxnyflnn | 29 | 0x100015a0 |
iszvcqv | 30 | 0x100017a0 |
ixgucop | 31 | 0x100018d0 |
jcdvrhrguqtjpkc | 32 | 0x100016b0 |
jkfyadsdpoks | 33 | 0x100019c0 |
kfzgxmljkwaqy | 34 | 0x10001730 |
kzfvroxozxufciczm | 35 | 0x10001740 |
lpstjqa | 36 | 0x10001900 |
ltkoyvzovzkqemyw | 37 | 0x10001630 |
mdigcwjymnzvgaql | 38 | 0x100014d0 |
mefathlzguuhqodfx | 39 | 0x10001950 |
mgsrmfbja | 40 | 0x10001500 |
mrxhcceopg | 41 | 0x100014a0 |
nafhmuoq | 42 | 0x100018f0 |
nefxgpc | 43 | 0x100018a0 |
nrehxpiznrppeu | 44 | 0x10001690 |
nucocnvjyqp | 45 | 0x100018e0 |
obxoxtcbntaxofr | 46 | 0x10001890 |
ofrzojd | 47 | 0x100016e0 |
oofbctfc | 48 | 0x10001550 |
opzpazspbecyjojf | 49 | 0x100015b0 |
oqoigff | 50 | 0x10001a00 |
oujlzhzvhjh | 51 | 0x100016f0 |
ovpsanbypajv | 52 | 0x100015e0 |
pblpcaadqbdxyb | 53 | 0x10001680 |
ragwdgnyohftj | 54 | 0x100017d0 |
rfosmac | 55 | 0x10001710 |
rgymbuetvifqjqdlo | 56 | 0x10001930 |
rmoxbxbbgidnbds | 57 | 0x10001970 |
rxnkmfbycdcc | 58 | 0x10001560 |
sefltbc | 59 | 0x10001880 |
sgieprcsphl | 60 | 0x100019a0 |
shpcmnqzvyltgdt | 61 | 0x100016d0 |
slktbekupvmdbt | 62 | 0x100015c0 |
sormivnk | 63 | 0x10001570 |
tdblkstlyin | 64 | 0x10001600 |
tkllyrc | 65 | 0x10001650 |
tkwpnvfqnbpbdqe | 66 | 0x10001a20 |
tnhtgnjrabqakgeke | 67 | 0x10001700 |
tzpmcwwig | 68 | 0x10001520 |
uceklmggjof | 69 | 0x10001610 |
ukwdddyj | 70 | 0x10001640 |
uwnaptydgur | 71 | 0x10001940 |
vjusqoeo | 72 | 0x10001580 |
vnyufpq | 73 | 0x10001590 |
vsrwmkhzkrtlexxb | 74 | 0x100014e0 |
wermsdfzb | 75 | 0x10001770 |
wkhpfdjkypy | 76 | 0x100014c0 |
wksndtayhfm | 77 | 0x100015d0 |
wnjvxspilxpchq | 78 | 0x10001670 |
wuqwfssiddrcl | 79 | 0x10001570 |
wyyhtqptznbrknitg | 80 | 0x100017f0 |
wzkcijdvadq | 81 | 0x10001540 |
wzxlvxuyy | 82 | 0x100019b0 |
xhtxeilfgsghxik | 83 | 0x10001780 |
xvdijhconoukll | 84 | 0x100014b0 |
ybbwnezvxfafm | 85 | 0x10001750 |
yeylpreasnzamgac | 86 | 0x100019d0 |
ypkidshxgzkkehc | 87 | 0x100018c0 |
ypzvmpfbgai | 88 | 0x10001760 |
zbrzizodycg | 89 | 0x10001990 |
zdiuqcnzg | 90 | 0x10001920 |
zfkwwtxd | 91 | 0x10001490 |
zktykfwmaehxg | 92 | 0x10001600 |
zmkbqvofdhermov | 93 | 0x10001960 |
zvtqmkitgmzgo | 94 | 0x100017b0 |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 09:46:23 |
Start date: | 02/12/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1290000 |
File size: | 893440 bytes |
MD5 hash: | 72FCD8FB0ADC38ED9050569AD673650E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:46:24 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:46:24 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:46:24 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:46:28 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:46:35 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:48:12 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:48:14 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:48:25 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:48:31 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:48:32 |
Start date: | 02/12/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6eb840000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:48:32 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1350000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 09:48:34 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1350000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 09:48:43 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1350000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 09:48:44 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1350000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 09:49:16 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
C-Code - Quality: 97% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B9990, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 394filememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4A1290, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 136memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BA21B, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BA2CB, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC460, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC4E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C1AA1, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BA114, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C209C, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C2C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C0566, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BFC29, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BCCF1, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BF563, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BFBCA, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 97% |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AD530, Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 445memoryCOMMONCrypto
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AE690, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 135libraryloadersynchronizationCOMMON
C-Code - Quality: 52% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AE890, Relevance: 25.1, APIs: 9, Strings: 5, Instructions: 588libraryloaderCOMMONCrypto
C-Code - Quality: 52% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4A6070, Relevance: 10.9, Strings: 8, Instructions: 927COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D28D5, Relevance: 6.5, Strings: 5, Instructions: 228COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D52D1, Relevance: 6.5, Strings: 5, Instructions: 201COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C8D80, Relevance: 6.4, Strings: 5, Instructions: 147COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BAB0C, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CEE60, Relevance: 5.4, Strings: 4, Instructions: 354COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C6453, Relevance: 5.2, Strings: 4, Instructions: 220COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C2CC2, Relevance: 5.2, Strings: 4, Instructions: 219COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D3D0C, Relevance: 5.2, Strings: 4, Instructions: 212COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CBD61, Relevance: 5.2, Strings: 4, Instructions: 195COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C43BE, Relevance: 5.2, Strings: 4, Instructions: 180COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CA083, Relevance: 5.1, Strings: 4, Instructions: 149COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DE3B5, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DDB87, Relevance: 5.1, Strings: 4, Instructions: 113COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C0326, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4A9F10, Relevance: 4.0, Strings: 3, Instructions: 233COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D85B8, Relevance: 4.0, Strings: 3, Instructions: 224COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D9124, Relevance: 4.0, Strings: 3, Instructions: 200COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CCB13, Relevance: 3.9, Strings: 3, Instructions: 181COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D0BA4, Relevance: 3.9, Strings: 3, Instructions: 159COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DBF0C, Relevance: 3.9, Strings: 3, Instructions: 155COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C90D4, Relevance: 3.9, Strings: 3, Instructions: 128COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DE10A, Relevance: 3.9, Strings: 3, Instructions: 112COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CF48A, Relevance: 3.9, Strings: 3, Instructions: 105COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DE899, Relevance: 3.8, Strings: 3, Instructions: 88COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CCE5A, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DDDA5, Relevance: 3.8, Strings: 3, Instructions: 58COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4A1DE0, Relevance: 2.8, Strings: 2, Instructions: 317COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C1EFB, Relevance: 2.8, Strings: 2, Instructions: 260COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4A68B0, Relevance: 2.8, Strings: 2, Instructions: 252COMMON
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D3782, Relevance: 2.7, Strings: 2, Instructions: 236COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E1CDB, Relevance: 2.7, Strings: 2, Instructions: 228COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CAA4E, Relevance: 2.6, Strings: 2, Instructions: 150COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DEA55, Relevance: 2.6, Strings: 2, Instructions: 143COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D0E97, Relevance: 2.6, Strings: 2, Instructions: 129COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DCD35, Relevance: 2.6, Strings: 2, Instructions: 100COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C3228, Relevance: 2.6, Strings: 2, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001E20CE, Relevance: 2.6, Strings: 2, Instructions: 89COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CA92F, Relevance: 2.6, Strings: 2, Instructions: 78COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CAE43, Relevance: 2.6, Strings: 2, Instructions: 73COMMON
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BE3A1, Relevance: 1.8, APIs: 1, Instructions: 274COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BA584, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C0927, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B10C0, Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C4D1E, Relevance: 1.5, Strings: 1, Instructions: 218COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CFA78, Relevance: 1.4, Strings: 1, Instructions: 199COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C46FA, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DE5A7, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C358B, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001CFE9D, Relevance: 1.4, Strings: 1, Instructions: 118COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D62F5, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C4B81, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001DD7BE, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D56E9, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C387F, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C3432, Relevance: 1.3, Strings: 1, Instructions: 83COMMON
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4A3A90, Relevance: .5, Instructions: 489COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C800A, Relevance: .3, Instructions: 269COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C75D2, Relevance: .1, Instructions: 111COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001C51EC, Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D0A93, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D282D, Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B9920, Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C02CC, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BEC0B, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001D07D2, Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4ADEE0, Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 451memorylibraryloaderCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC8C0, Relevance: 33.7, APIs: 14, Strings: 5, Instructions: 477memoryCOMMON
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC890, Relevance: 26.7, APIs: 12, Strings: 3, Instructions: 409memoryCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC500, Relevance: 12.6, APIs: 10, Instructions: 125COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B1DA0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC690, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4A10A0, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 141memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B2B10, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BCCFF, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B97A0, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AD1B0, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BEC2D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC440, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC420, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC4C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC480, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC4A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C4089, Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B2620, Relevance: 6.2, APIs: 4, Instructions: 215COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BCDDF, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C06C7, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C57E6, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C493F, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 6E4B9990, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 394filememoryCOMMON
C-Code - Quality: 62% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BA21B, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BA2CB, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC460, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC4E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4A1290, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 136memoryCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C1AA1, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
C-Code - Quality: 19% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BA114, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C0566, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BFC29, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6E4AD530, Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 445memoryCOMMONCrypto
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4A77B4, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 423COMMONCrypto
C-Code - Quality: 81% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BAB0C, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4ADEE0, Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 451memorylibraryloaderCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC8C0, Relevance: 33.7, APIs: 14, Strings: 5, Instructions: 477memoryCOMMON
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC890, Relevance: 26.7, APIs: 12, Strings: 3, Instructions: 409memoryCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AE690, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 135libraryloadersynchronizationCOMMON
C-Code - Quality: 52% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC500, Relevance: 12.6, APIs: 10, Instructions: 125COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B1DA0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212fileCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC690, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95memoryCOMMON
C-Code - Quality: 45% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4A10A0, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 141memoryCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B2B10, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111memoryCOMMON
C-Code - Quality: 56% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BCCFF, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B97A0, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AD1B0, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BEC2D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC440, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC420, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC4C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC480, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4AC4A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C4089, Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4B2620, Relevance: 6.2, APIs: 4, Instructions: 215COMMON
C-Code - Quality: 56% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4BCDDF, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C06C7, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C57E6, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C493F, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191fileCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031A2C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03402C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|