Windows
Analysis Report
ORDEN DE COMPRA 80107.pdf________________________.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- ORDEN DE COMPRA 80107.pdf________________________.exe (PID: 4600 cmdline:
"C:\Users\ user\Deskt op\ORDEN D E COMPRA 8 0107.pdf__ __________ __________ __.exe" MD5: AF7C27FD6E49538AA93A667D67463C51) - CasPol.exe (PID: 5340 cmdline:
"C:\Users\ user\Deskt op\ORDEN D E COMPRA 8 0107.pdf__ __________ __________ __.exe" MD5: F866FC1C2E928779C7119353C3091F0C) - CasPol.exe (PID: 4820 cmdline:
"C:\Users\ user\Deskt op\ORDEN D E COMPRA 8 0107.pdf__ __________ __________ __.exe" MD5: F866FC1C2E928779C7119353C3091F0C) - CasPol.exe (PID: 5640 cmdline:
"C:\Users\ user\Deskt op\ORDEN D E COMPRA 8 0107.pdf__ __________ __________ __.exe" MD5: F866FC1C2E928779C7119353C3091F0C) - conhost.exe (PID: 4568 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- cleanup
{"Payload URL": "https://cdn.discordapp.com/attachments/934180388522299433/9350"}
{"Exfil Mode": "SMTP", "SMTP Info": "kubaba@bhgautopartes.comicui4cu2@@mail.bhgautopartes.comkubabareports@bhgautopartes.com"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
LokiBot_Dropper_Packed_R11_Feb18 | Auto-generated rule - file scan copy.pdf.r11 | Florian Roth |
| |
LokiBot_Dropper_Packed_R11_Feb18 | Auto-generated rule - file scan copy.pdf.r11 | Florian Roth |
| |
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 2 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | URLs: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_0041357E | |
Source: | Code function: | 0_2_004015B8 | |
Source: | Code function: | 0_2_00413579 | |
Source: | Code function: | 0_2_0040192D | |
Source: | Code function: | 0_2_004071BA | |
Source: | Code function: | 7_2_1E0646A0 | |
Source: | Code function: | 7_2_1E064690 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Code function: | 0_2_004159B1 | |
Source: | Code function: | 0_2_00415489 | |
Source: | Code function: | 0_2_004159B1 | |
Source: | Code function: | 0_2_02C01ED5 | |
Source: | Code function: | 0_2_02C046C3 | |
Source: | Code function: | 0_2_02C0345E | |
Source: | Code function: | 7_2_1E067760 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 211 Windows Management Instrumentation | Path Interception | 111 Process Injection | 1 Masquerading | OS Credential Dumping | 411 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 331 Virtualization/Sandbox Evasion | Security Account Manager | 331 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 111 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 113 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | 114 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | Virustotal | Browse | ||
23% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cdn.discordapp.com | 162.159.133.233 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
true | low | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.133.233 | cdn.discordapp.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 558805 |
Start date: | 24.01.2022 |
Start time: | 14:08:19 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | ORDEN DE COMPRA 80107.pdf________________________.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 23 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@8/1@1/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 23.211.6.115
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, client.wns.windows.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
14:10:59 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
162.159.133.233 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
cdn.discordapp.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Users\user\Desktop\ORDEN DE COMPRA 80107.pdf________________________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.5176804370857258 |
Encrypted: | false |
SSDEEP: | 192://X054dxd6sA6bhFg/J7RJA4ZoEBWc0CRUcu6hnrdAK7q+R1din://XSoxj7bI//J9X8kl5d7RPi |
MD5: | A8380A556DB83A33F7EBA03B4D73B00C |
SHA1: | FF905006775895EAF4F9324382AD984EDD59F77B |
SHA-256: | D4B63288420323011F114B031B4F8C81629B153B527477B7B78C2DFA5EB36F85 |
SHA-512: | 7001ADE8A8F534430AB41CF58068D21504D481B18F45BB35DC28424603D839B2D40E034433404DE8B8EDD57F5CCC74A6285B729B8CE774AC180869E191AC523C |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 4.6163713423423145 |
TrID: |
|
File name: | ORDEN DE COMPRA 80107.pdf________________________.exe |
File size: | 234664 |
MD5: | af7c27fd6e49538aa93a667d67463c51 |
SHA1: | e2da9a0143a07da2b2c498f4622ea5db21d9298f |
SHA256: | d7553925a2f9d9840cd23da20f66fcbfb3e7eca2f24c624e2f6139181eefc138 |
SHA512: | 6fdf0a2efc97e8c69c8aa97d4a2f47826c7bc201a8db4323f41ac097925c0c5e919ec7df5e72579d61dab3e7e38f8e8a324ca8a336b55e2ce756838a9bd08122 |
SSDEEP: | 3072:sXFgpRlMXzGWG2z7JHEsmVT0s4L9b3DJpRMWXXHRVo:gORmw2zFEVT54NR18 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P...1...1...1...-...1.......1.......1..Rich.1..........................PE..L...0f.a..........................................@ |
Icon Hash: | 0019797830717130 |
Entrypoint: | 0x4015b8 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x61EE6630 [Mon Jan 24 08:41:20 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 021148ab9e3c0ac12b1105f8e3760ae5 |
Signature Valid: | false |
Signature Issuer: | E=Dietitians@Terrorizations6.Si, CN=keraphyllous, OU=HOVEDSTADSKOMMUNE, O=Architecure, L=EUKALYPTUSOLIEN, S=Prointegration, C=IR |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | BE1303855B86E4F48D5A57F935662A94 |
Thumbprint SHA-1: | 80AC2905FEB6F49E6001B047F27CC16C86E48EE2 |
Thumbprint SHA-256: | F0E4E678BE0A5E24577BFAB858068D4B101D1C87140BCC78FE4981114828BE34 |
Serial: | 00 |
Instruction |
---|
push 0040E858h |
call 00007F9EBC7EDCC5h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add ch, ch |
mov dl, EBh |
sbb byte ptr [994ED3DEh], ch |
dec ecx |
stc |
sahf |
mov al, 41h |
xchg eax, esi |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec ecx |
outsb |
je 00007F9EBC7EDD44h |
imul esp, dword ptr [edi+61h], 0035746Eh |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
sbb al, 50h |
mov dword ptr [edi-2Dh], edx |
dec ebp |
sti |
cmp eax, 8479B84Ah |
dec ebx |
aas |
mov esp, A60C1FE7h |
fistp qword ptr [edx-37h] |
fadd qword ptr [edi-51h] |
sub edx, FFFFFF8Ah |
dec ebp |
jc 00007F9EBC7EDD45h |
lodsb |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
hlt |
iretd |
add byte ptr [eax], al |
xchg ebx, ecx |
add byte ptr [eax], al |
add byte ptr [eax+eax], cl |
dec ebp |
popad |
popad |
outsb |
jnc 00007F9EBC7EDD42h |
popad |
jbe 00007F9EBC7EDD40h |
jnc 00007F9EBC7EDCD2h |
or eax, 4E000901h |
popad |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x28e64 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c000 | 0xcec4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x38000 | 0x14a8 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x238 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x1b4 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x28484 | 0x29000 | False | 0.374112757241 | data | 5.25902998253 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x2a000 | 0x154c | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x2c000 | 0xcec4 | 0xd000 | False | 0.109600360577 | data | 1.79496645519 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x37e1c | 0x10a8 | data | ||
RT_ICON | 0x35874 | 0x25a8 | data | ||
RT_ICON | 0x2c3cc | 0x94a8 | data | ||
RT_GROUP_ICON | 0x2c39c | 0x30 | data | ||
RT_VERSION | 0x2c150 | 0x24c | data | Bulgarian | Bulgaria |
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaHresultCheck, __vbaStrI4, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaVarTstLe, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGet3, __vbaStrCmp, __vbaObjVar, _adj_fpatan, __vbaLateIdCallLd, __vbaRedim, __vbaStrR8, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaVarCat, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaI4Var, __vbaVarDup, __vbaVarTstGe, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Description | Data |
---|---|
Translation | 0x0402 0x04b0 |
LegalCopyright | VAR Fas |
InternalName | Mousetail6 |
FileVersion | 1.00 |
CompanyName | VAR Fas |
ProductName | VAR Fas |
ProductVersion | 1.00 |
OriginalFilename | Mousetail6.exe |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Bulgarian | Bulgaria |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 24, 2022 14:09:49.475080013 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:49.475120068 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:49.475205898 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:49.690426111 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:49.690459013 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:49.763958931 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:49.764117956 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:49.986814976 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:49.986855984 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:49.987384081 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:49.987479925 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:49.990124941 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.033879995 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.308470964 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.308674097 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.308752060 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.308820963 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.308892012 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.308953047 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.308963060 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.308999062 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309025049 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309031010 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309089899 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309101105 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309119940 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309173107 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309226990 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309279919 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309294939 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309309959 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309372902 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309437037 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309442043 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309458971 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309520960 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309535027 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309592009 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309603930 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309655905 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309665918 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309684038 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309724092 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309760094 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.309770107 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.309952021 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310030937 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310044050 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310102940 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310123920 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310153008 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310189009 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310225010 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310250998 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310399055 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310420990 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310431957 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310447931 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310487986 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310498953 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310559034 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310570955 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310628891 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310630083 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310647011 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310704947 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310739040 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310759068 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310771942 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310822964 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310828924 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310857058 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310869932 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310903072 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310923100 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310942888 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.310954094 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.310985088 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.311017990 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.311026096 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.311037064 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.311072111 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.311110973 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.311124086 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.311135054 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.311168909 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.311214924 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.311225891 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.311244965 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.311290026 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.311306000 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.311321020 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.311362982 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.337349892 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.337553978 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.337613106 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.337704897 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.337707996 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.337728977 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.337776899 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.337790966 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.337825060 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.337908030 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.337946892 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338027000 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338109970 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338184118 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338207960 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338280916 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338301897 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338376999 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338464975 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338541985 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338556051 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338587046 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338614941 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338627100 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338641882 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338664055 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338679075 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338691950 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338733912 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338782072 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338850021 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338929892 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.338937044 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.338949919 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.339001894 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.339080095 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.339152098 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.339159012 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.339176893 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.339224100 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.366704941 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.366820097 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.366883993 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.366904020 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.366926908 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.366974115 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.366993904 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367031097 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367060900 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367083073 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367085934 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367157936 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367172956 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367189884 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367259979 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367264032 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367288113 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367373943 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367439985 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367533922 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367549896 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367562056 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367613077 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367660999 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367743969 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367814064 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367834091 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367846966 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.367923975 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.367984056 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368063927 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.368065119 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368082047 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368153095 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.368161917 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368180990 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368244886 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.368334055 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368426085 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.368494034 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368577957 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.368580103 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368597031 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368652105 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.368669033 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368746042 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368752003 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.368765116 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368819952 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.368920088 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.368997097 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.369010925 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.369021893 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.369069099 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.369112968 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.369168043 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.369247913 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.369251966 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.369265079 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.369330883 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.369411945 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.369493961 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.369548082 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.369632006 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.369645119 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.369714975 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.369719028 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Jan 24, 2022 14:09:50.369784117 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.370104074 CET | 49750 | 443 | 192.168.2.3 | 162.159.133.233 |
Jan 24, 2022 14:09:50.370131016 CET | 443 | 49750 | 162.159.133.233 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 24, 2022 14:09:49.442687988 CET | 54154 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 24, 2022 14:09:49.462178946 CET | 53 | 54154 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 24, 2022 14:09:49.442687988 CET | 192.168.2.3 | 8.8.8.8 | 0xcede | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 24, 2022 14:09:49.462178946 CET | 8.8.8.8 | 192.168.2.3 | 0xcede | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 14:09:49.462178946 CET | 8.8.8.8 | 192.168.2.3 | 0xcede | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 14:09:49.462178946 CET | 8.8.8.8 | 192.168.2.3 | 0xcede | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 14:09:49.462178946 CET | 8.8.8.8 | 192.168.2.3 | 0xcede | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 14:09:49.462178946 CET | 8.8.8.8 | 192.168.2.3 | 0xcede | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49750 | 162.159.133.233 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-01-24 13:09:49 UTC | 0 | OUT | |
2022-01-24 13:09:50 UTC | 0 | IN | |
2022-01-24 13:09:50 UTC | 1 | IN | |
2022-01-24 13:09:50 UTC | 1 | IN | |
2022-01-24 13:09:50 UTC | 2 | IN | |
2022-01-24 13:09:50 UTC | 4 | IN | |
2022-01-24 13:09:50 UTC | 5 | IN | |
2022-01-24 13:09:50 UTC | 6 | IN | |
2022-01-24 13:09:50 UTC | 8 | IN | |
2022-01-24 13:09:50 UTC | 9 | IN | |
2022-01-24 13:09:50 UTC | 10 | IN | |
2022-01-24 13:09:50 UTC | 12 | IN | |
2022-01-24 13:09:50 UTC | 13 | IN | |
2022-01-24 13:09:50 UTC | 14 | IN | |
2022-01-24 13:09:50 UTC | 16 | IN | |
2022-01-24 13:09:50 UTC | 17 | IN | |
2022-01-24 13:09:50 UTC | 18 | IN | |
2022-01-24 13:09:50 UTC | 20 | IN | |
2022-01-24 13:09:50 UTC | 21 | IN | |
2022-01-24 13:09:50 UTC | 22 | IN | |
2022-01-24 13:09:50 UTC | 24 | IN | |
2022-01-24 13:09:50 UTC | 25 | IN | |
2022-01-24 13:09:50 UTC | 27 | IN | |
2022-01-24 13:09:50 UTC | 28 | IN | |
2022-01-24 13:09:50 UTC | 29 | IN | |
2022-01-24 13:09:50 UTC | 31 | IN | |
2022-01-24 13:09:50 UTC | 32 | IN | |
2022-01-24 13:09:50 UTC | 33 | IN | |
2022-01-24 13:09:50 UTC | 34 | IN | |
2022-01-24 13:09:50 UTC | 36 | IN | |
2022-01-24 13:09:50 UTC | 37 | IN | |
2022-01-24 13:09:50 UTC | 38 | IN | |
2022-01-24 13:09:50 UTC | 40 | IN | |
2022-01-24 13:09:50 UTC | 41 | IN | |
2022-01-24 13:09:50 UTC | 42 | IN | |
2022-01-24 13:09:50 UTC | 44 | IN | |
2022-01-24 13:09:50 UTC | 45 | IN | |
2022-01-24 13:09:50 UTC | 46 | IN | |
2022-01-24 13:09:50 UTC | 48 | IN | |
2022-01-24 13:09:50 UTC | 49 | IN | |
2022-01-24 13:09:50 UTC | 50 | IN | |
2022-01-24 13:09:50 UTC | 52 | IN | |
2022-01-24 13:09:50 UTC | 53 | IN | |
2022-01-24 13:09:50 UTC | 57 | IN | |
2022-01-24 13:09:50 UTC | 61 | IN | |
2022-01-24 13:09:50 UTC | 65 | IN | |
2022-01-24 13:09:50 UTC | 69 | IN | |
2022-01-24 13:09:50 UTC | 73 | IN | |
2022-01-24 13:09:50 UTC | 77 | IN | |
2022-01-24 13:09:50 UTC | 82 | IN | |
2022-01-24 13:09:50 UTC | 86 | IN | |
2022-01-24 13:09:50 UTC | 90 | IN | |
2022-01-24 13:09:50 UTC | 94 | IN | |
2022-01-24 13:09:50 UTC | 95 | IN | |
2022-01-24 13:09:50 UTC | 99 | IN | |
2022-01-24 13:09:50 UTC | 103 | IN | |
2022-01-24 13:09:50 UTC | 107 | IN | |
2022-01-24 13:09:50 UTC | 111 | IN | |
2022-01-24 13:09:50 UTC | 115 | IN | |
2022-01-24 13:09:50 UTC | 119 | IN | |
2022-01-24 13:09:50 UTC | 123 | IN | |
2022-01-24 13:09:50 UTC | 127 | IN | |
2022-01-24 13:09:50 UTC | 131 | IN | |
2022-01-24 13:09:50 UTC | 135 | IN | |
2022-01-24 13:09:50 UTC | 139 | IN | |
2022-01-24 13:09:50 UTC | 143 | IN | |
2022-01-24 13:09:50 UTC | 147 | IN | |
2022-01-24 13:09:50 UTC | 151 | IN | |
2022-01-24 13:09:50 UTC | 155 | IN | |
2022-01-24 13:09:50 UTC | 159 | IN | |
2022-01-24 13:09:50 UTC | 163 | IN | |
2022-01-24 13:09:50 UTC | 167 | IN | |
2022-01-24 13:09:50 UTC | 171 | IN | |
2022-01-24 13:09:50 UTC | 175 | IN | |
2022-01-24 13:09:50 UTC | 179 | IN | |
2022-01-24 13:09:50 UTC | 183 | IN | |
2022-01-24 13:09:50 UTC | 187 | IN | |
2022-01-24 13:09:50 UTC | 191 | IN | |
2022-01-24 13:09:50 UTC | 195 | IN | |
2022-01-24 13:09:50 UTC | 199 | IN | |
2022-01-24 13:09:50 UTC | 203 | IN | |
2022-01-24 13:09:50 UTC | 207 | IN | |
2022-01-24 13:09:50 UTC | 211 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Start time: | 14:10:05 |
Start date: | 24/01/2022 |
Path: | C:\Users\user\Desktop\ORDEN DE COMPRA 80107.pdf________________________.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 234664 bytes |
MD5 hash: | AF7C27FD6E49538AA93A667D67463C51 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Yara matches: |
|
Reputation: | low |
Start time: | 14:10:25 |
Start date: | 24/01/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x3c0000 |
File size: | 107624 bytes |
MD5 hash: | F866FC1C2E928779C7119353C3091F0C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Start time: | 14:10:26 |
Start date: | 24/01/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x310000 |
File size: | 107624 bytes |
MD5 hash: | F866FC1C2E928779C7119353C3091F0C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Start time: | 14:10:27 |
Start date: | 24/01/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xea0000 |
File size: | 107624 bytes |
MD5 hash: | F866FC1C2E928779C7119353C3091F0C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | moderate |
Start time: | 14:10:27 |
Start date: | 24/01/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f20f0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Execution Graph
Execution Coverage: | 30.2% |
Dynamic/Decrypted Code Coverage: | 0.6% |
Signature Coverage: | 1.6% |
Total number of Nodes: | 635 |
Total number of Limit Nodes: | 108 |
Graph
Function 004015B8 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 809COMMONCrypto
Control-flow Graph
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413579 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 173memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041357E Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 172memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424314 Relevance: 415.0, APIs: 220, Strings: 16, Instructions: 1996COMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 56% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 48% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 57% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040192D Relevance: .2, Instructions: 156COMMONCrypto
C-Code - Quality: 91% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004071BA Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426CF9 Relevance: 102.3, APIs: 68, Instructions: 317COMMON
Control-flow Graph
C-Code - Quality: 52% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 49% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 17% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004286F9 Relevance: 25.7, APIs: 17, Instructions: 160COMMON
Control-flow Graph
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041123F Relevance: 15.1, APIs: 10, Instructions: 108COMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004266C1 Relevance: 12.1, APIs: 8, Instructions: 95COMMON
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426334 Relevance: 12.1, APIs: 8, Instructions: 77COMMON
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 10.5% |
Dynamic/Decrypted Code Coverage: | 96.4% |
Signature Coverage: | 0% |
Total number of Nodes: | 83 |
Total number of Limit Nodes: | 8 |
Graph
Function 1E066902 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 147threadCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1E066940 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120threadCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0130EA41 Relevance: 1.7, APIs: 1, Instructions: 151threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1E065084 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1E065090 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0130EAA7 Relevance: 1.6, APIs: 1, Instructions: 100threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0130EA7A Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1E067780 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0130EB36 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1E066B62 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1E066B68 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1E06BE79 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1E06BE88 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DF7D53C Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DF8D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DF8D005 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1DF7D537 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |