Windows
Analysis Report
171121_PDF.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 171121_PDF.exe (PID: 6968 cmdline:
"C:\Users\ user\Deskt op\171121_ PDF.exe" MD5: 60D8B8589BA8045361AE148EE76C7582) - ieinstal.exe (PID: 5012 cmdline:
"C:\Users\ user\Deskt op\171121_ PDF.exe" MD5: DAD17AB737E680C47C8A44CBB95EE67E) - ieinstal.exe (PID: 7124 cmdline:
"C:\Users\ user\Deskt op\171121_ PDF.exe" MD5: DAD17AB737E680C47C8A44CBB95EE67E)
- cleanup
{"Payload URL": "https://onedrive.live.com/downloa"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Networking |
---|
Source: | URLs: |
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00405A7F | |
Source: | Code function: | 0_2_0040721E | |
Source: | Code function: | 0_2_00406A36 | |
Source: | Code function: | 0_2_00405395 | |
Source: | Code function: | 0_2_023284F7 | |
Source: | Code function: | 0_2_02321A5F | |
Source: | Code function: | 0_2_0232FB8E | |
Source: | Code function: | 0_2_0232CFC2 | |
Source: | Code function: | 0_2_0232330D | |
Source: | Code function: | 0_2_0232702D | |
Source: | Code function: | 0_2_02327005 | |
Source: | Code function: | 0_2_0232E629 | |
Source: | Code function: | 0_2_0232E665 | |
Source: | Code function: | 0_2_0232D66F | |
Source: | Code function: | 0_2_0232D698 | |
Source: | Code function: | 0_2_0232E6F9 | |
Source: | Code function: | 0_2_0232E6CD | |
Source: | Code function: | 0_2_0232E734 | |
Source: | Code function: | 0_2_0232272C | |
Source: | Code function: | 0_2_0232D71E | |
Source: | Code function: | 0_2_0232E76E | |
Source: | Code function: | 0_2_0232D758 | |
Source: | Code function: | 0_2_02329784 | |
Source: | Code function: | 0_2_023247F1 | |
Source: | Code function: | 0_2_02327463 | |
Source: | Code function: | 0_2_0232E59E | |
Source: | Code function: | 0_2_0232E5EC | |
Source: | Code function: | 0_2_0232DA30 | |
Source: | Code function: | 0_2_02320A5C | |
Source: | Code function: | 0_2_02324A41 | |
Source: | Code function: | 0_2_02324A81 | |
Source: | Code function: | 0_2_02324AE4 | |
Source: | Code function: | 0_2_02324B2E | |
Source: | Code function: | 0_2_02324BB4 | |
Source: | Code function: | 0_2_0232DBC5 | |
Source: | Code function: | 0_2_02324819 | |
Source: | Code function: | 0_2_0232E819 | |
Source: | Code function: | 0_2_0232D855 | |
Source: | Code function: | 0_2_0232E844 | |
Source: | Code function: | 0_2_0232D89D | |
Source: | Code function: | 0_2_023248DD | |
Source: | Code function: | 0_2_0232D989 | |
Source: | Code function: | 0_2_0232D9D1 | |
Source: | Code function: | 0_2_0232CFED | |
Source: | Code function: | 0_2_02326FD9 | |
Source: | Code function: | 0_2_02324C32 | |
Source: | Code function: | 0_2_02321DBE | |
Source: | Code function: | 15_2_03203760 | |
Source: | Code function: | 15_2_032047F1 | |
Source: | Code function: | 15_2_0320FB8E | |
Source: | Code function: | 15_2_03201A5F | |
Source: | Code function: | 15_2_0320CFC2 | |
Source: | Code function: | 15_2_0320330D | |
Source: | Code function: | 15_2_0320702D | |
Source: | Code function: | 15_2_03207005 | |
Source: | Code function: | 15_2_0320272C | |
Source: | Code function: | 15_2_03203781 | |
Source: | Code function: | 15_2_03209784 | |
Source: | Code function: | 15_2_0320D698 | |
Source: | Code function: | 15_2_0320E59E | |
Source: | Code function: | 15_2_03207463 | |
Source: | Code function: | 15_2_03204B2E | |
Source: | Code function: | 15_2_03204BB4 | |
Source: | Code function: | 15_2_03204A41 | |
Source: | Code function: | 15_2_03200A5C | |
Source: | Code function: | 15_2_03204A81 | |
Source: | Code function: | 15_2_03204AE4 | |
Source: | Code function: | 15_2_03204819 | |
Source: | Code function: | 15_2_03203849 | |
Source: | Code function: | 15_2_032048DD | |
Source: | Code function: | 15_2_0320CFED | |
Source: | Code function: | 15_2_03206FD9 | |
Source: | Code function: | 15_2_03201DBE | |
Source: | Code function: | 15_2_03204C32 |
Source: | Static PE information: |
Source: | Code function: | 0_2_0232F695 | |
Source: | Code function: | 0_2_0232FB8E | |
Source: | Code function: | 0_2_0232CFC2 | |
Source: | Code function: | 0_2_0232D210 | |
Source: | Code function: | 0_2_0232D295 | |
Source: | Code function: | 0_2_0232D2E0 | |
Source: | Code function: | 0_2_0232D311 | |
Source: | Code function: | 0_2_0232D046 | |
Source: | Code function: | 0_2_0232D0E6 | |
Source: | Code function: | 0_2_0232D0D1 | |
Source: | Code function: | 0_2_0232D13C | |
Source: | Code function: | 0_2_02328A05 | |
Source: | Code function: | 0_2_0232CFED | |
Source: | Code function: | 15_2_0320F695 | |
Source: | Code function: | 15_2_0320CFC2 | |
Source: | Code function: | 15_2_0320D311 | |
Source: | Code function: | 15_2_0320D210 | |
Source: | Code function: | 15_2_0320D295 | |
Source: | Code function: | 15_2_0320D2E0 | |
Source: | Code function: | 15_2_0320D13C | |
Source: | Code function: | 15_2_0320D046 | |
Source: | Code function: | 15_2_0320D0E6 | |
Source: | Code function: | 15_2_0320D0D1 | |
Source: | Code function: | 15_2_0320CFED |
Source: | Process Stats: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00405242 | |
Source: | Code function: | 0_2_00405A7B | |
Source: | Code function: | 0_2_0040885A | |
Source: | Code function: | 0_2_0040A865 | |
Source: | Code function: | 0_2_00405B0D | |
Source: | Code function: | 0_2_00406A35 | |
Source: | Code function: | 0_2_00405B0D | |
Source: | Code function: | 0_2_00405D16 | |
Source: | Code function: | 0_2_004086AE | |
Source: | Code function: | 0_2_023281C4 | |
Source: | Code function: | 0_2_023281C4 | |
Source: | Code function: | 0_2_0232564C | |
Source: | Code function: | 0_2_0232A7DA | |
Source: | Code function: | 0_2_0232183A | |
Source: | Code function: | 0_2_02322F47 | |
Source: | Code function: | 0_2_02320F31 | |
Source: | Code function: | 0_2_02322F57 | |
Source: | Code function: | 15_2_032081C4 | |
Source: | Code function: | 15_2_0320A7DA | |
Source: | Code function: | 15_2_0320564C | |
Source: | Code function: | 15_2_0320183A | |
Source: | Code function: | 15_2_03200F31 | |
Source: | Code function: | 15_2_03202F57 | |
Source: | Code function: | 15_2_03202F47 |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Stalling execution: | graph_15-8580 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Last function: |
Source: | Code function: | 0_2_023240AA |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Code function: | 0_2_023296BF | |
Source: | Code function: | 0_2_0232E59E | |
Source: | Code function: | 0_2_0232C982 | |
Source: | Code function: | 0_2_0232BEA2 | |
Source: | Code function: | 15_2_032096BF | |
Source: | Code function: | 15_2_0320E59E | |
Source: | Code function: | 15_2_0320C982 | |
Source: | Code function: | 15_2_0320BEA2 |
Source: | Code function: | 0_2_023240AA |
Source: | Code function: | 0_2_0232AB06 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | Signature Results: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 112 Process Injection | 2 Virtualization/Sandbox Evasion | OS Credential Dumping | 311 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Software Packing | LSASS Memory | 2 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 112 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 11 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Obfuscated Files or Information | NTDS | 2 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
60% | Virustotal | Browse | ||
17% | Metadefender | Browse | ||
68% | ReversingLabs | Win32.Trojan.Shelsy | ||
100% | Avira | TR/AD.Nekark.jinay | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1107800 | Download File | ||
100% | Avira | TR/AD.Nekark.jinay | Download File |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
onedrive.live.com | unknown | unknown | false | high | |
d34m1w.bn.files.1drv.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 558240 |
Start date: | 23.01.2022 |
Start time: | 06:42:50 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 171121_PDF.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@5/2@2/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 23.211.4.86, 13.107.42.13, 13.107.42.12
- Excluded domains from analysis (whitelisted): odc-web-brs.onedrive.akadns.net, fs.microsoft.com, bn-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, odc-web-geo.onedrive.akadns.net, odc-bn-files-brs.onedrive.akadns.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, odc-bn-files-geo.onedrive.akadns.net, ris.api.iris.microsoft.com, l-0004.l-msedge.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, l-0003.l-msedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
06:45:46 | Autostart | |
06:45:54 | Autostart |
Process: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 112464 |
Entropy (8bit): | 6.100427719868403 |
Encrypted: | false |
SSDEEP: | 1536:9PtG0c3vhsblLAvTIpS1HP9CGZG48TdiwOeQqn4kFgGYglLg:61JsblLAvI+FW48QwOen4Hi8 |
MD5: | 68F03A1A9EC55A9B943A015C091817D6 |
SHA1: | C952F771410E036D5C897EC956FFBB09291B167E |
SHA-256: | 75E5DC79753DA6494A68CF2F5E9101FB6433103DD3AA7D8BADCD23DDD2F5F651 |
SHA-512: | A9C5946EEF3B54BCAF23EB53CBBABA0B1BB6438A0A6DEC675F7F2E4AF7CA1CED7AF2737DB1079A68F9EBE1126D9338EE91436E847D57C9A5726759B4F8EA5C0C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\171121_PDF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.623084520004525 |
Encrypted: | false |
SSDEEP: | 12:rl3lKFQCb776fGZHbYS6TS63TXlYdl7HtllGXPuK9iUmTc:rbQylDVYdtNllG/uw7 |
MD5: | 23BC92D1C5A3C3698C8524B7CEB3F5D9 |
SHA1: | 199D2660FEA3F7310397A37A8C7C600E7A26D461 |
SHA-256: | 5A6730EB0987730B214A46DC814FE2071576A338B2210DECE2780AC6E3B45DD7 |
SHA-512: | 6FA7CAB689912B93C312D35E0E0F218E6138A3BCB8BC1B31CF0F80E4795C079F8589B879CCAC55C14262C710D4772A4067CCA4ED7890AED678EC988D113227DD |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.100488610521297 |
TrID: |
|
File name: | 171121_PDF.exe |
File size: | 112464 |
MD5: | 60d8b8589ba8045361ae148ee76c7582 |
SHA1: | 328a778d026ad6611bb295bf3a799b6499fc7c7c |
SHA256: | 8f34d0008f07a4460c9ebc5a8d8a558a85979bd0112962eddf9506dc5b627989 |
SHA512: | 6d7ab39a3367d72d70e0cf8af182fdf7b20100be1159465cebf5603c06bd485ffd0b5acee687ad029c1205c1cdadfbfe10002451b484cde1746ed2c8814f58e7 |
SSDEEP: | 1536:OPtG0c3vhsblLAvTIpS1HP9CGZG48TdiwOeQqn4kFgGYglLg:X1JsblLAvI+FW48QwOen4Hi8 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................._.......................Rich............................PE..L....~.N.................`...P...............p....@ |
Icon Hash: | f2c2c29190d2c783 |
Entrypoint: | 0x401194 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4ED97EE6 [Sat Dec 3 01:44:06 2011 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | fca27436e553ec62bb2d0905390fd4e6 |
Signature Valid: | false |
Signature Issuer: | E=Bibaciousnessmnten3@Pinjerforhaa.Non, CN=Vrdiheftesgalets, OU=Formationsskridt, O=ptychoptery, L=Retrickedtrbesk, S=Linoxininvectivel5, C=LV |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 81C291A64F4EEAD3EB815B820975A11F |
Thumbprint SHA-1: | 3B9FB2B3310D80BB215D1F0A8A1B4C5CE397126F |
Thumbprint SHA-256: | 6E26EF48D70BCD9763606EA3E88539664649D7701B6F561892E318BB4DB04839 |
Serial: | 00 |
Instruction |
---|
push 00401A0Ch |
call 00007F4FD4A94823h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx+58h], al |
push FFFFFFBFh |
fadd st(0), st(7) |
int1 |
dec edi |
movsb |
jmp 00007F4FD4A94840h |
sbb al, 8Eh |
scasd |
inc edx |
aas |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
loopne 00007F4FD4A947F8h |
or dword ptr [ebx], eax |
jnc 00007F4FD4A948A7h |
bound ebp, dword ptr [edi+72h] |
imul ebp, dword ptr fs:[esi+00h], 20004108h |
or byte ptr [ecx+00h], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
add dword ptr [edi+ebx*8-316D0720h], ecx |
xor eax, 8026BB49h |
nop |
dec edx |
and eax, 87C64A41h |
out E9h, al |
cmpsd |
pop eax |
rol dword ptr [edi-7Dh], 1 |
arpl word ptr [ebx+7Ah], dx |
arpl word ptr [edx], cx |
pop ss |
and byte ptr [edx], bh |
dec edi |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
je 00007F4FD4A94835h |
add byte ptr [eax], al |
push ebx |
add eax, dword ptr [eax] |
add byte ptr [eax], al |
push cs |
add byte ptr [esi+4Fh], al |
inc esp |
inc ebp |
push edx |
inc ecx |
dec esp |
inc ebp |
push edx |
push ebx |
dec eax |
pop ecx |
inc esp |
push edx |
add byte ptr [42000701h], cl |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x16d14 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x19000 | 0x2bca | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1b000 | 0x750 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x238 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x90 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x15ffc | 0x16000 | False | 0.495827414773 | data | 6.39269902756 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x17000 | 0x17f8 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x19000 | 0x2bca | 0x3000 | False | 0.236735026042 | data | 3.87641922123 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
SET | 0x19724 | 0x24a6 | MS Windows icon resource - 3 icons, 24x24, 16 colors, 4 bits/pixel, 24x24, 8 bits/pixel | English | United States |
RT_ICON | 0x1943c | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4152326007, next used block 7370615 | ||
RT_GROUP_ICON | 0x19428 | 0x14 | data | ||
RT_VERSION | 0x19140 | 0x2e8 | data | English | United States |
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, _adj_fdiv_m64, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, _adj_fdiv_m32i, _adj_fdivr_m32i, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarSetVar, __vbaLateMemCallLd, _CIatan, __vbaR8IntI4, _allmul, _CItan, _CIexp, __vbaFreeObj |
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | ART |
InternalName | Brugstyveriscortic |
FileVersion | 1.00 |
CompanyName | ART |
LegalTrademarks | ART |
Comments | ART |
ProductName | ART |
ProductVersion | 1.00 |
FileDescription | Classic ART |
OriginalFilename | Brugstyveriscortic.exe |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 23, 2022 06:45:47.377051115 CET | 55102 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2022 06:45:47.926724911 CET | 56236 | 53 | 192.168.2.3 | 8.8.8.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 23, 2022 06:45:47.377051115 CET | 192.168.2.3 | 8.8.8.8 | 0x102a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 23, 2022 06:45:47.926724911 CET | 192.168.2.3 | 8.8.8.8 | 0x6b8c | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 23, 2022 06:45:47.424824953 CET | 8.8.8.8 | 192.168.2.3 | 0x102a | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Jan 23, 2022 06:45:47.976964951 CET | 8.8.8.8 | 192.168.2.3 | 0x6b8c | No error (0) | bn-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 23, 2022 06:45:47.976964951 CET | 8.8.8.8 | 192.168.2.3 | 0x6b8c | No error (0) | odc-bn-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Start time: | 06:43:39 |
Start date: | 23/01/2022 |
Path: | C:\Users\user\Desktop\171121_PDF.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 112464 bytes |
MD5 hash: | 60D8B8589BA8045361AE148EE76C7582 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
Start time: | 06:44:14 |
Start date: | 23/01/2022 |
Path: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 480256 bytes |
MD5 hash: | DAD17AB737E680C47C8A44CBB95EE67E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Start time: | 06:44:15 |
Start date: | 23/01/2022 |
Path: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdd0000 |
File size: | 480256 bytes |
MD5 hash: | DAD17AB737E680C47C8A44CBB95EE67E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Execution Graph
Execution Coverage: | 1.2% |
Dynamic/Decrypted Code Coverage: | 93.5% |
Signature Coverage: | 46.8% |
Total number of Nodes: | 124 |
Total number of Limit Nodes: | 6 |
Graph
Function 023247F1 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 231libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232FB8E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198nativethreadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232CFC2 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153memorynativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232CFED Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 137memorynativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D046 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126memorynativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D0D1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114memorynativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D0E6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113memorynativeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023284F7 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 144sleepCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232F695 Relevance: 1.5, APIs: 1, Instructions: 35nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02328A05 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232AB06 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02321A5F Relevance: .2, Instructions: 235COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02321DBE Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 61% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D5C7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232BEF6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232BEFB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B33D Relevance: 1.6, APIs: 1, Instructions: 72fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B340 Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B39C Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B3BA Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B3FD Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B50D Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B541 Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B5AD Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B5E8 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232A1FA Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B619 Relevance: 1.5, APIs: 1, Instructions: 17fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232B66D Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023296B7 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02327F16 Relevance: 1.4, APIs: 1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02328AEC Relevance: 1.4, APIs: 1, Instructions: 112sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023281D4 Relevance: 1.3, APIs: 1, Instructions: 77sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02328A77 Relevance: 1.3, APIs: 1, Instructions: 68sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02327A72 Relevance: 1.3, APIs: 1, Instructions: 62sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02328D1D Relevance: 1.3, APIs: 1, Instructions: 26sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232E59E Relevance: 4.4, Strings: 3, Instructions: 679COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232E5EC Relevance: 2.8, Strings: 2, Instructions: 317COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232E629 Relevance: 2.8, Strings: 2, Instructions: 310COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232E665 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232E6CD Relevance: 2.8, Strings: 2, Instructions: 292COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232E6F9 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232E734 Relevance: 2.8, Strings: 2, Instructions: 283COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232E76E Relevance: 2.8, Strings: 2, Instructions: 283COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232E819 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232E844 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02320A5C Relevance: 1.5, Strings: 1, Instructions: 221COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232330D Relevance: 1.4, Strings: 1, Instructions: 165COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232272C Relevance: .5, Instructions: 463COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D698 Relevance: .3, Instructions: 252COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02327463 Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02324819 Relevance: .2, Instructions: 189libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D66F Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02329784 Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023248DD Relevance: .2, Instructions: 163libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232DA30 Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D71E Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232DBC5 Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D758 Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02327005 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405395 Relevance: .1, Instructions: 129COMMONCrypto
C-Code - Quality: 17% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02326FD9 Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D855 Relevance: .1, Instructions: 122COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D89D Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D989 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232D9D1 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02324A41 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232702D Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02324A81 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A7F Relevance: .1, Instructions: 106COMMONCrypto
C-Code - Quality: 32% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406A36 Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02324AE4 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02324B2E Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02324C32 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02324BB4 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040721E Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232C982 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023240AA Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023296BF Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0232BEA2 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 2.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 113 |
Total number of Limit Nodes: | 9 |
Graph
Function 032047F1 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 231filelibraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320FB8E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320CFC2 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153memorynativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320CFED Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 137memorynativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320D046 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126memorynativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320D0D1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114memorynativeCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320D0E6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113memorynativeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03204A41 Relevance: 1.6, APIs: 1, Instructions: 113fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03204A81 Relevance: 1.6, APIs: 1, Instructions: 108fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03204AE4 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320F695 Relevance: 1.5, APIs: 1, Instructions: 35nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320BEF6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320BEFB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B33D Relevance: 1.6, APIs: 1, Instructions: 72fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B340 Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B39C Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B3BA Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B3FD Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B50D Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B541 Relevance: 1.5, APIs: 1, Instructions: 34fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B5AD Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B5E8 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320A1FA Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B918 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B619 Relevance: 1.5, APIs: 1, Instructions: 17fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320AB06 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B969 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0320B66D Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03202ECA Relevance: 1.3, APIs: 1, Instructions: 22sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |