Loading... Additional Content is being loaded
Windows
Analysis Report
Wartless_v8.8.9.0.dll
Overview
General Information
| Sample Name: | Wartless_v8.8.9.0.dll |
| Analysis ID: | 557481 |
| MD5: | 3b4e9e88c0dd6e82ecc65e2d219544c6 |
| SHA1: | 5d4f4d60773ed452188c8a099b5972edbbb03f90 |
| SHA256: | 4d4bedbc795e2dd4fe929b6dc57bfc314165795e25c362959fbabc59c0a60d80 |
| Tags: | exegoziisfbitalypwvodafoneursnifvodafone |
| Infos: |   |
 |
|
Detection
Ursnif
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Writes or reads registry keys via WMI
Found API chain indicative of debugger detection
Machine Learning detection for sample
Found evasive API chain (may stop execution after checking system information)
Sigma detected: Suspicious Call by Ordinal
Writes registry values via WMI
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Registers a DLL
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
AV Detection |
  |
|---|
| Source: |
Malware Configuration Extractor: |
||
| Source: |
Virustotal: |
Perma Link | ||
| Source: |
ReversingLabs: |
|||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Avira URL Cloud: |
||
| Source: |
Virustotal: |
Perma Link | ||
| Source: |
Virustotal: |
Perma Link | ||
| Source: |
Virustotal: |
Perma Link | ||
| Source: |
Joe Sandbox ML: |
||
| Source: |
Avira: |
||
| Source: |
Avira: |
||
| Source: |
Avira: |
||
| Source: |
Avira: |
||
Cryptography |
|
|---|
| Source: |
Code function: |
1_2_010C4872 | |
| Source: |
Code function: |
5_2_04F94872 | |
| Source: |
Code function: |
6_2_04214872 | |
| Source: |
Code function: |
9_2_04444872 | |
Compliance |
|
|---|
| Source: |
Static PE information: |
||
| Source: |
File opened: |
Jump to behavior | ||
Networking |
|
|---|
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Snort IDS: |
||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Domain query: |
|||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Domain query: |
|||
| Source: |
Domain query: |
|||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Domain query: |
|||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
ASN Name: |
||
| Source: |
ASN Name: |
||
| Source: |
IP Address: |
||
| Source: |
IP Address: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
DNS traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
| Source: |
HTTP traffic detected: |
||
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
|---|
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
Binary or memory string: |
||
E-Banking Fraud |
|
|---|
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
Code function: |
1_2_010C4872 | |
| Source: |
Code function: |
5_2_04F94872 | |
| Source: |
Code function: |
6_2_04214872 | |
| Source: |
Code function: |
9_2_04444872 | |
System Summary |
|
|---|
| Source: |
WMI Queries: |
||
| Source: |
WMI Queries: |
||
| Source: |
WMI Queries: |
||
| Source: |
WMI Queries: |
||
| Source: |
WMI Queries: |
||
| Source: |
WMI Queries: |
||
| Source: |
WMI Queries: |
||
| Source: |
WMI Queries: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
WMI Registry write: |
||
| Source: |
Static PE information: |
||
| Source: |
Code function: |
1_2_10002244 | |
| Source: |
Code function: |
1_2_010C81DC | |
| Source: |
Code function: |
1_2_010C6C62 | |
| Source: |
Code function: |
1_2_010C4EF3 | |
| Source: |
Code function: |
5_2_04F94EF3 | |
| Source: |
Code function: |
5_2_04F96C62 | |
| Source: |
Code function: |
5_2_04F981DC | |
| Source: |
Code function: |
5_2_03690DF9 | |
| Source: |
Code function: |
5_2_03690DF7 | |
| Source: |
Code function: |
6_2_04216C62 | |
| Source: |
Code function: |
6_2_04214EF3 | |
| Source: |
Code function: |
6_2_042181DC | |
| Source: |
Code function: |
9_2_04446C62 | |
| Source: |
Code function: |
9_2_04444EF3 | |
| Source: |
Code function: |
9_2_044481DC | |
| Source: |
Code function: |
1_2_100012BE | |
| Source: |
Code function: |
1_2_10001F61 | |
| Source: |
Code function: |
1_2_10001077 | |
| Source: |
Code function: |
1_2_10002465 | |
| Source: |
Code function: |
1_2_010C77BB | |
| Source: |
Code function: |
1_2_010C8401 | |
| Source: |
Code function: |
5_2_04F977BB | |
| Source: |
Code function: |
5_2_04F98401 | |
| Source: |
Code function: |
5_2_03690AB8 | |
| Source: |
Code function: |
5_2_03690880 | |
| Source: |
Code function: |
6_2_042177BB | |
| Source: |
Code function: |
6_2_04218401 | |
| Source: |
Code function: |
9_2_044477BB | |
| Source: |
Code function: |
9_2_04448401 | |
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Section loaded: |
Jump to behavior | ||
| Source: |
Virustotal: |
||
| Source: |
ReversingLabs: |
||
| Source: |
Static PE information: |
||
| Source: |
Key opened: |
Jump to behavior | ||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Process created: |
|||
| Source: |
Key value queried: |
Jump to behavior | ||
| Source: |
File created: |
Jump to behavior | ||
| Source: |
File created: |
Jump to behavior | ||
| Source: |
Classification label: |
||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
Code function: |
1_2_010C2AB4 | |
| Source: |
Process created: |
||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
File read: |
Jump to behavior | ||
| Source: |
Window detected: |
||
| Source: |
File opened: |
Jump to behavior | ||
| Source: |
Static PE information: |
||
| Source: |
Static PE information: |
||
Data Obfuscation |
|
|---|
| Source: |
Code function: |
1_2_10002243 | |
| Source: |
Code function: |
1_2_100021E9 | |
| Source: |
Code function: |
1_2_010C81DB | |
| Source: |
Code function: |
1_2_010C7DE9 | |
| Source: |
Code function: |
5_2_04F97DE9 | |
| Source: |
Code function: |
5_2_04F981DB | |
| Source: |
Code function: |
5_2_03690C10 | |
| Source: |
Code function: |
5_2_03690C56 | |
| Source: |
Code function: |
5_2_0369087F | |
| Source: |
Code function: |
5_2_03690B11 | |
| Source: |
Code function: |
5_2_03690BFB | |
| Source: |
Code function: |
5_2_03690764 | |
| Source: |
Code function: |
5_2_03690B11 | |
| Source: |
Code function: |
5_2_036908B6 | |
| Source: |
Code function: |
6_2_04217DE9 | |
| Source: |
Code function: |
6_2_042181DB | |
| Source: |
Code function: |
9_2_044481DB | |
| Source: |
Code function: |
9_2_04447DE9 | |
| Source: |
Code function: |
1_2_10001BE8 | |
| Source: |
Process created: |
||
Hooking and other Techniques for Hiding and Protection |
|
|---|
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
| Source: |
Process information set: |
Jump to behavior | ||
Malware Analysis System Evasion |
|
|---|
| Source: |
Evasive API call chain: |
||
| Source: |
Thread sleep time: |
Jump to behavior | ||
| Source: |
Thread sleep count: |
Jump to behavior | ||
| Source: |
Thread sleep time: |
Jump to behavior | ||
| Source: |
Check user administrative privileges: |
||
| Source: |
Check user administrative privileges: |
||
| Source: |
Check user administrative privileges: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
Anti Debugging |
|
|---|
| Source: |
Debugger detection routine: |
||
| Source: |
Code function: |
1_2_10001BE8 | |
| Source: |
Code function: |
5_2_03690B14 | |
| Source: |
Code function: |
5_2_03690BFC | |
| Source: |
Code function: |
5_2_03690A64 | |
| Source: |
Code function: |
5_2_03690C57 | |
| Source: |
Code function: |
5_2_03690CE8 | |
HIPS / PFW / Operating System Protection Evasion |
|
|---|
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Domain query: |
|||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Domain query: |
|||
| Source: |
Domain query: |
|||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Domain query: |
|||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Network Connect: |
Jump to behavior | ||
| Source: |
Process created: |
Jump to behavior | ||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
| Source: |
Binary or memory string: |
||
Language, Device and Operating System Detection |
|
|---|
| Source: |
Code function: |
1_2_010C21BC | |
| Source: |
Key value queried: |
Jump to behavior | ||
| Source: |
Code function: |
1_2_10001DCF | |
| Source: |
Code function: |
1_2_1000169C | |
| Source: |
Code function: |
1_2_010C21BC | |
Stealing of Sensitive Information |
|
|---|
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
Remote Access Functionality |
|
|---|
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
| Source: |
File source: |
||
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Contacted Public IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 31.41.46.120 | intermedia.bar | Russian Federation | 56577 | ASRELINKRU | true | |
| 198.54.117.218 | parkingpage.namecheap.com | United States | 22612 | NAMECHEAP-NETUS | false | |
| 198.54.117.210 | unknown | United States | 22612 | NAMECHEAP-NETUS | true | |
| 198.54.117.211 | unknown | United States | 22612 | NAMECHEAP-NETUS | true | |
| 198.54.117.212 | unknown | United States | 22612 | NAMECHEAP-NETUS | true | |
| 192.64.119.233 | nnnnnn.casa | United States | 22612 | NAMECHEAP-NETUS | true | |
| 162.255.119.177 | nnnnnn.bar | United States | 22612 | NAMECHEAP-NETUS | true | |
| 198.54.117.215 | unknown | United States | 22612 | NAMECHEAP-NETUS | true | |
| 198.54.117.216 | unknown | United States | 22612 | NAMECHEAP-NETUS | true |
| IP |
|---|
| 192.168.2.1 |
Contacted Domains
| Name | IP | Active |
|---|---|---|
| parkingpage.namecheap.com | 198.54.117.218 | true |
| intermedia.bar | 31.41.46.120 | true |
| nnnnnn.bar | 162.255.119.177 | true |
| nnnnnn.casa | 192.64.119.233 | true |
| www.nnnnnn.casa | unknown | unknown |
| www.nnnnnn.bar | unknown | unknown |
Contacted URLs
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown | |
| true |
|
unknown |