Windows
Analysis Report
hFGZpat9Mf.dll
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 988 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\hFG Zpat9Mf.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 5904 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\hFG Zpat9Mf.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 3272 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\hFGZ pat9Mf.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - WerFault.exe (PID: 4496 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 272 -s 684 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- cleanup
{"RSA Public Key": "a/OOe3vutyE+gNUF58s+932DNMr8fczoarMUDWqkJsUgObu+3KDuWCwO4VJi2nQNFoXQ13xL3U4zAT7teC979D2YSjTERxwWBeeP0HeZqNq0qcAgYIwsDRVFhGgIWRlndn894LdhC+W8uyATPg1or5n2yZWlh+/NEBJX1nFopQ/z09NIGZPpSgelgd7Gl3dRww5rEsR2WK4eL7TmnaoLNu6StWcVsJ2/hdx1IvAw+0FHXO2OQVeCIyD0YqFOgVX4yIlMXSNJExST4L1Wc5wBukAkkdIxFsm7gsamW82tEhFe2W5TqQV7VVRxRARRhHVoEwzsqj+Q49089Kkixnoy1HXPNrN04rhNhyDNba5DkKY=", "c2_domain": ["config.edge.skype.com", "194.76.226.200", "giporedtrip.at", "habpfans.at", "31.214.157.187"], "botnet": "3000", "server": "50", "serpent_key": "YFyLBjaJo8V90gKm", "sleep_time": "1", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 19 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 14 entries |
System Summary |
---|
Source: | Author: Florian Roth: |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_007053C4 | |
Source: | Code function: | 3_2_00E153C4 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 3_2_00E33B10 |
Source: | Code function: | 3_2_00E34154 |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00730108 |
Source: | Code function: | 3_2_00E57B64 |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Code function: | 0_2_007284AC |
Source: | Code function: | 0_2_0076B448 | |
Source: | Code function: | 3_2_00E7B448 | |
Source: | Code function: | 3_2_00E41FAC | |
Source: | Code function: | 3_2_01082244 | |
Source: | Code function: | 3_2_00ED17C8 |
Source: | Code function: | 0_2_0072A41C | |
Source: | Code function: | 0_2_0074A9F4 | |
Source: | Code function: | 3_2_00E3A41C | |
Source: | Code function: | 3_2_00E5A9F4 | |
Source: | Code function: | 3_2_010814BA | |
Source: | Code function: | 3_2_01082465 |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00708912 |
Source: | Code function: | 0_2_007210CC |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Mutant created: |
Source: | Code function: | 0_2_00716C2C |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0076BDEF | |
Source: | Code function: | 0_2_007080C5 | |
Source: | Code function: | 0_2_0070E178 | |
Source: | Code function: | 0_2_00716121 | |
Source: | Code function: | 0_2_0072A235 | |
Source: | Code function: | 0_2_007061C8 | |
Source: | Code function: | 0_2_007061C8 | |
Source: | Code function: | 0_2_00716281 | |
Source: | Code function: | 0_2_0071E278 | |
Source: | Code function: | 0_2_0071623D | |
Source: | Code function: | 0_2_00706240 | |
Source: | Code function: | 0_2_007182C1 | |
Source: | Code function: | 0_2_0071459D | |
Source: | Code function: | 0_2_0072C6B9 | |
Source: | Code function: | 0_2_00714634 | |
Source: | Code function: | 0_2_0072C715 | |
Source: | Code function: | 0_2_0072A897 | |
Source: | Code function: | 0_2_0072A8F8 | |
Source: | Code function: | 0_2_0071C8C2 | |
Source: | Code function: | 0_2_0072A93C | |
Source: | Code function: | 0_2_0072A9C4 | |
Source: | Code function: | 0_2_0072AA9B | |
Source: | Code function: | 0_2_0072AAF4 | |
Source: | Code function: | 0_2_00728B0A | |
Source: | Code function: | 0_2_00728B84 | |
Source: | Code function: | 0_2_0072AB5B | |
Source: | Code function: | 0_2_00728B40 | |
Source: | Code function: | 0_2_0072AC30 | |
Source: | Code function: | 0_2_0072ABC3 | |
Source: | Code function: | 0_2_0072AC87 | |
Source: | Code function: | 0_2_00706CD9 |
Source: | Code function: | 0_2_0072921C |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00721174 | |
Source: | Code function: | 3_2_00E37170 | |
Source: | Code function: | 3_2_00E5D24C |
Source: | Code function: | 0_2_0072921C |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Evasive API call chain: | graph_3-18255 |
Source: | Code function: | 0_2_0072C54C | |
Source: | Code function: | 3_2_00E3C54C |
Source: | Last function: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Code function: | 0_2_0072C54C | |
Source: | Code function: | 3_2_00E3C54C |
Source: | Code function: | 0_2_0072165C |
Source: | Code function: | 0_2_007053C4 | |
Source: | Code function: | 3_2_00E153C4 |
Source: | API call chain: | graph_3-18577 | ||
Source: | API call chain: | graph_3-18940 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Debugger detection routine: | graph_3-18255 |
Source: | Code function: | 0_2_0072921C |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Memory protected: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_0070557C | |
Source: | Code function: | 0_2_0070C804 | |
Source: | Code function: | 0_2_0070B148 | |
Source: | Code function: | 0_2_0070B194 | |
Source: | Code function: | 0_2_00705688 | |
Source: | Code function: | 3_2_00E1557C | |
Source: | Code function: | 3_2_00E1B194 | |
Source: | Code function: | 3_2_00E1B148 | |
Source: | Code function: | 3_2_00E15688 | |
Source: | Code function: | 3_2_00E1C804 | |
Source: | Code function: | 3_2_00E15E74 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 3_2_00E19C14 |
Source: | Code function: | 0_2_0070C10C |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 2 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 31 Input Capture | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 3 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 11 Native API | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | 1 Screen Capture | Exfiltration Over Bluetooth | 1 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 116 System Information Discovery | SMB/Windows Admin Shares | 31 Input Capture | Automated Exfiltration | 3 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Software Packing | NTDS | 1 Query Registry | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 231 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 11 Virtualization/Sandbox Evasion | Cached Domain Credentials | 11 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 11 Process Injection | DCSync | 11 Application Window Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 1 Remote System Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
21% | Virustotal | Browse | ||
33% | ReversingLabs | Win32.Infostealer.Gozi | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen8 | Download File | ||
100% | Avira | TR/Kazy.4159236 | Download File | ||
100% | Avira | HEUR/AGEN.1108767 | Download File | ||
100% | Avira | TR/Kazy.4159236 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | TR/Kazy.4159236 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen8 | Download File | ||
100% | Avira | HEUR/AGEN.1108767 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen8 | Download File | ||
100% | Avira | HEUR/AGEN.1108767 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen8 | Download File | ||
100% | Avira | TR/Kazy.4159236 | Download File | ||
100% | Avira | HEUR/AGEN.1108767 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
giporedtrip.at | 211.119.84.112 | true | true |
| unknown |
habpfans.at | 41.41.255.235 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| low | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
181.129.180.251 | unknown | Colombia | 13489 | EPMTelecomunicacionesSAESPCO | true | |
41.41.255.235 | habpfans.at | Egypt | 8452 | TE-ASTE-ASEG | true | |
211.119.84.112 | giporedtrip.at | Korea Republic of | 3786 | LGDACOMLGDACOMCorporationKR | true | |
31.214.157.187 | unknown | Germany | 58329 | RACKPLACEDE | true | |
61.36.14.230 | unknown | Korea Republic of | 3786 | LGDACOMLGDACOMCorporationKR | true | |
194.76.226.200 | unknown | Germany | 39378 | SERVINGADE | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 560543 |
Start date: | 26.01.2022 |
Start time: | 17:02:04 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | hFGZpat9Mf.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 34 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winDLL@6/6@4/7 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 23.211.6.115, 13.107.42.16, 104.208.16.94, 13.107.43.16
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, l-0007.dc-msedge.net, blobcollector.events.data.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, l-0007.l-msedge.net, config.edge.skype.com, onedsblobprdcus16.centralus.cloudapp.azure.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
17:03:26 | API Interceptor | |
17:03:34 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
181.129.180.251 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
giporedtrip.at | Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TE-ASTE-ASEG | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
EPMTelecomunicacionesSAESPCO | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_319baef4101f2973dda1833cdb25524ddf68727_82810a17_11720b30\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9231380421791202 |
Encrypted: | false |
SSDEEP: | 192:dSiB0oXKHBUZMX4jed+tTN/u7slS274ItWc:civXiBUZMX4jeI5/u7slX4ItWc |
MD5: | 2E9E475BBF5C444FDD216D612789DF16 |
SHA1: | 962AD3179B750CF580262E1907A21695CCCF95CA |
SHA-256: | 0064278D09AABB28FEDAF0249EA8CB8FE70CA1E041D4894DCF53040F05E19E31 |
SHA-512: | 18EBA813F6A28E2B7751BD3001B4482C544F808182C859505F4FBFDC25EAAA2F687261D01906D9337561C1D8F0E8ACC7BD71C9A5A2211592E1F48E8D3637A661 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 50394 |
Entropy (8bit): | 2.1230258138964713 |
Encrypted: | false |
SSDEEP: | 192:v7u7354xKvI2O5Skb+XKD74zz7hFK/dDBRvU0SF9Dq0Awi/Y4p:/oQB5Lb+XKIzz7hFadDBR8xFpq0Awi/ |
MD5: | E557B9E94120C75B30455B3AB7BB4F67 |
SHA1: | 2816C199A296B247FADBC24CB7248059CC2AA728 |
SHA-256: | A0FB0FDB2F46849AE8FFCCB0F6830134282C4BEF5375EC4B3328CA9957E8FC78 |
SHA-512: | 1B07B0D1CC742AB0398A7C0CF12C6A6D4AD57568006FC2B39D05E84E9B93F969C117C21CCF5CC366B21403FCE10D970DE56DAA1951B4037F3A93066D91297D33 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8312 |
Entropy (8bit): | 3.6976983898128415 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNips6rRf+Z46YBgah6TgmfTNSOCprR689bW4sfcSm:RrlsNiy6Ff246YBb6TgmfTNSHDWrfI |
MD5: | 1F0DCAF8CAD8216C2681E359FDB9FC32 |
SHA1: | F83B65FE0F97B36C53DEA67EF86D390C5F2E4874 |
SHA-256: | C48C34B58275C8586BA05F0DE058403E5D4BEF7A7489275B5971858A1B1B65DA |
SHA-512: | 3B02715FD729AA52FA2738D709F4B09EA244329D1CD8A1FAED420EE2A0A87085BE984ABD38EC3BDF61C2A0D0A5DFCA9640331E596FE7971D8009FF0C5E986BD9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4670 |
Entropy (8bit): | 4.493943117199789 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zs8JgtWI9A2VWSC8BVs8fm8M4JCdszZFAV+q8/OD0yx4SrS1d:uITf632kSNXRJRUVt0iDW1d |
MD5: | 0126F95A901429A83B8D25CA87CD378F |
SHA1: | B291C283CF80A9811F1EA5703267243116199DDD |
SHA-256: | 507F8842DAC1704D0AF596840F0F75862C0CEC375118DCBDC55ED85F1D39E175 |
SHA-512: | 6D3D54EE263306831C43EB89F8246689251F0E293ABB94C3E5F63E658D95274E665B774CEB35CD1BB8A8E74F10FE749C0B5315E26085DC76BFC232DBED680EEC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1572864 |
Entropy (8bit): | 4.2638646695109035 |
Encrypted: | false |
SSDEEP: | 12288:MLR2cbZ/FPLJ86W9cwmTJw4qNsIbc65wppMcGFtz3OUkB8lA6LD6y7Rt:sR2cbZ/FPLJ86W9yqYKt |
MD5: | 35049590C5CC406E8B91A1B0B5092584 |
SHA1: | B8ACCA4CFDD281BC793D177261B5A769CAE049C3 |
SHA-256: | B84991E6386C563D75788B986DA5381F88A5EA41408DD98DA31B8E2C4755528A |
SHA-512: | 26800F9733BF8608CB4BF2C24592BDA4092458DC12E2B707C5503956015600540CF36114916E5696D997FDB72896332A3014664287BC26840D9D79B40F9CC19A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24576 |
Entropy (8bit): | 3.8361821028758083 |
Encrypted: | false |
SSDEEP: | 384:Zwb5uZrdgdXX5gQp8XXLnxOf2oMPmxwp95GjZmGuADTTeW5N5oAR1V:mlcreXXZpigf2ovxwp3WmGuuTeSN51R1 |
MD5: | 498211172CBFC34A13FD2E9630E30A11 |
SHA1: | 7413547E9D96756DF22533A3E31E05F5996C75CC |
SHA-256: | 6B575ABA2719D1440DCAFECBA4C5FBA11673407180D636A18D597189984D0B21 |
SHA-512: | 2E58314560305ECCCEFA4377EA207FC5B825E2B55E4F2AA1314355E89E44C2D2AFF62D830A82B8D3731E3650AC473C79E19A5A79C0F6DB0D71132481E69CAC90 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.882756524717819 |
TrID: |
|
File name: | hFGZpat9Mf.dll |
File size: | 655360 |
MD5: | 9acde2c3e3a375590a1bc716eabc52c5 |
SHA1: | e231c9ae802a9aad9916f08256f7558f531d54ce |
SHA256: | 57f997217db22a4d97700768189d44034303e3b15dc08fa48ed6b91bd7051c05 |
SHA512: | 3c282a6dac4c1a655a6851ef7bcf9d336603614216f93e8bde031697118439081b113bb71473e2939b30225fa684d56d9dbc80bd888cc3312b167c7bef130946 |
SSDEEP: | 12288:CxdKNJ2yElIM31TVlVPt0+JQjahIx9Q2oleUcUGHS:CwuyElIMlTzBt0Bp3seBU |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | b99988fcd4f66e0f |
Entrypoint: | 0x46b448 |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 7f3476b35f56feee8663a4d549e47d9e |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFC4h |
push ebx |
mov eax, 0046B028h |
call 00007F8E18CB1738h |
push 0046BDF8h |
call 00007F8E18CB1A8Ah |
push 0046BDF8h |
call 00007F8E18CB1A80h |
push 0046BDF8h |
call 00007F8E18CB1A76h |
push 0046BDF8h |
call 00007F8E18CB1A6Ch |
push 0046BDF8h |
call 00007F8E18CB1A62h |
push 0046BDF8h |
call 00007F8E18CB1A58h |
push 0046BDF8h |
call 00007F8E18CB1A4Eh |
push 0046BDF8h |
call 00007F8E18CB1A44h |
push 0046BDF8h |
call 00007F8E18CB1A3Ah |
push 0046BDF8h |
call 00007F8E18CB1A30h |
push 0046BDF8h |
call 00007F8E18CB1A26h |
push 0046BDF8h |
call 00007F8E18CB1A1Ch |
push 0046BDF8h |
call 00007F8E18CB1A12h |
push 0046BDF8h |
call 00007F8E18CB1A08h |
push 0046BDF8h |
call 00007F8E18CB19FEh |
push 0046BDF8h |
call 00007F8E18CB19F4h |
push 0046BDF8h |
call 00007F8E18CB19EAh |
push 0046BDF8h |
call 00007F8E18CB19E0h |
push 0000BDF8h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x70000 | 0x2172 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x7a000 | 0x29600 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x73000 | 0x6e18 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0x6ae04 | 0x6b000 | False | 0.529191917348 | data | 6.56713483483 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
DATA | 0x6c000 | 0x2324 | 0x2400 | False | 0.465928819444 | data | 4.93971870671 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
BSS | 0x6f000 | 0xf55 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x70000 | 0x2172 | 0x2200 | False | 0.365349264706 | data | 4.98625501899 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.reloc | 0x73000 | 0x6e18 | 0x7000 | False | 0.615618024554 | data | 6.66070715654 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0x7a000 | 0x29600 | 0x29600 | False | 0.458589029456 | data | 6.73870167703 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_CURSOR | 0x7bd68 | 0x134 | data | ||
RT_CURSOR | 0x7be9c | 0x134 | data | ||
RT_CURSOR | 0x7bfd0 | 0x134 | data | ||
RT_CURSOR | 0x7c104 | 0x134 | data | ||
RT_CURSOR | 0x7c238 | 0x134 | data | ||
RT_CURSOR | 0x7c36c | 0x134 | data | ||
RT_CURSOR | 0x7c4a0 | 0x134 | data | ||
RT_BITMAP | 0x7c5d4 | 0x1d0 | data | ||
RT_BITMAP | 0x7c7a4 | 0x1e4 | data | ||
RT_BITMAP | 0x7c988 | 0x1d0 | data | ||
RT_BITMAP | 0x7cb58 | 0x1d0 | data | ||
RT_BITMAP | 0x7cd28 | 0x1d0 | data | ||
RT_BITMAP | 0x7cef8 | 0x1d0 | data | ||
RT_BITMAP | 0x7d0c8 | 0x1d0 | data | ||
RT_BITMAP | 0x7d298 | 0x1d0 | data | ||
RT_BITMAP | 0x7d468 | 0x1d0 | data | ||
RT_BITMAP | 0x7d638 | 0x1d0 | data | ||
RT_BITMAP | 0x7d808 | 0xe8 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x7d8f0 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 49, next used block 48059 | English | United States |
RT_DIALOG | 0x7dbd8 | 0x52 | data | ||
RT_STRING | 0x7dc2c | 0x15c | data | ||
RT_STRING | 0x7dd88 | 0x3e4 | data | ||
RT_STRING | 0x7e16c | 0x340 | data | ||
RT_STRING | 0x7e4ac | 0x354 | data | ||
RT_STRING | 0x7e800 | 0x230 | data | ||
RT_STRING | 0x7ea30 | 0x1d4 | data | ||
RT_STRING | 0x7ec04 | 0xec | data | ||
RT_STRING | 0x7ecf0 | 0x2fc | data | ||
RT_STRING | 0x7efec | 0xd4 | data | ||
RT_STRING | 0x7f0c0 | 0x110 | data | ||
RT_STRING | 0x7f1d0 | 0x24c | data | ||
RT_STRING | 0x7f41c | 0x3f8 | data | ||
RT_STRING | 0x7f814 | 0x360 | data | ||
RT_STRING | 0x7fb74 | 0x3e8 | data | ||
RT_STRING | 0x7ff5c | 0x234 | data | ||
RT_STRING | 0x80190 | 0xec | data | ||
RT_STRING | 0x8027c | 0x1b4 | data | ||
RT_STRING | 0x80430 | 0x3e4 | data | ||
RT_STRING | 0x80814 | 0x358 | data | ||
RT_STRING | 0x80b6c | 0x2b4 | data | ||
RT_RCDATA | 0x80e20 | 0x10 | data | ||
RT_RCDATA | 0x80e30 | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors | Bulgarian | Bulgaria |
RT_RCDATA | 0x81130 | 0x104 | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81234 | 0x10b | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81340 | 0xed | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81430 | 0xe4 | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81514 | 0xfe | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81614 | 0x96 | GIF image data, version 89a, 24 x 24 | Bulgarian | Bulgaria |
RT_RCDATA | 0x816ac | 0x10c | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x817b8 | 0x105 | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x818c0 | 0x102 | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x819c4 | 0xfb | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81ac0 | 0x10e | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81bd0 | 0x105 | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81cd8 | 0x100 | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81dd8 | 0xfc | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81ed4 | 0x113 | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x81fe8 | 0x10e | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x820f8 | 0x106 | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82200 | 0xfd | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82300 | 0x115 | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82418 | 0x113 | GIF image data, version 89a, 22 x 22 | Bulgarian | Bulgaria |
RT_RCDATA | 0x8252c | 0x229 | HTML document, ASCII text, with CRLF, CR line terminators | Bulgarian | Bulgaria |
RT_RCDATA | 0x82758 | 0x3f | GIF image data, version 89a, 12 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82798 | 0x6e | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82808 | 0x50 | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82858 | 0x6c | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x828c4 | 0x4f | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82914 | 0x6f | GIF image data, version 89a, 17 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82984 | 0x41 | GIF image data, version 89a, 15 x 15 | Bulgarian | Bulgaria |
RT_RCDATA | 0x829c8 | 0x3c | GIF image data, version 89a, 16 x 12 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82a04 | 0x69 | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82a70 | 0x4d | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82ac0 | 0x71 | GIF image data, version 89a, 16 x 17 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82b34 | 0x69 | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82ba0 | 0x4d | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82bf0 | 0x12c | GIF image data, version 89a, 10 x 12 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82d1c | 0x129 | GIF image data, version 89a, 10 x 12 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82e48 | 0x91 | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82edc | 0x82 | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82f60 | 0x75 | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x82fd8 | 0x9e | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x83078 | 0x7c | GIF image data, version 89a, 16 x 16 | Bulgarian | Bulgaria |
RT_RCDATA | 0x830f4 | 0x36 | GIF image data, version 89a, 1 x 1 | Bulgarian | Bulgaria |
RT_RCDATA | 0x8312c | 0xea6 | HTML document, ASCII text, with CRLF line terminators | Bulgarian | Bulgaria |
RT_RCDATA | 0x83fd4 | 0x2b9f | ASCII text, with CRLF line terminators | Bulgarian | Bulgaria |
RT_RCDATA | 0x86b74 | 0x4e98 | ASCII text, with CRLF line terminators | Bulgarian | Bulgaria |
RT_RCDATA | 0x8ba0c | 0x539 | ASCII text, with CRLF line terminators | Bulgarian | Bulgaria |
RT_RCDATA | 0x8bf48 | 0x1d08 | HTML document, ASCII text, with CRLF line terminators | Bulgarian | Bulgaria |
RT_RCDATA | 0x8dc50 | 0x61b | ASCII text, with CRLF line terminators | Bulgarian | Bulgaria |
RT_RCDATA | 0x8e26c | 0x671 | ASCII text, with CRLF line terminators | Bulgarian | Bulgaria |
RT_RCDATA | 0x8e8e0 | 0x7e61 | ASCII text, with CRLF line terminators | Bulgarian | Bulgaria |
RT_RCDATA | 0x96744 | 0xd59 | HTML document, ASCII text, with CRLF line terminators | Bulgarian | Bulgaria |
RT_RCDATA | 0x974a0 | 0x664 | data | ||
RT_RCDATA | 0x97b04 | 0x1c9 | Delphi compiled form 'Tgj3eo9f8hwe89fq' | ||
RT_RCDATA | 0x97cd0 | 0xb804 | data | English | United States |
RT_GROUP_CURSOR | 0xa34d4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xa34e8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xa34fc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xa3510 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xa3524 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xa3538 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xa354c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_ICON | 0xa3560 | 0x14 | data | English | United States |
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle |
user32.dll | GetKeyboardType, LoadStringA, MessageBoxA, CharNextA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
kernel32.dll | lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
gdi32.dll | UnrealizeObject, StrokePath, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt |
user32.dll | CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit |
ole32.dll | CoUninitialize, CoInitialize |
oleaut32.dll | GetErrorInfo, SysFreeString |
comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Bulgarian | Bulgaria |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
01/26/22-17:03:29.526106 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49753 | 80 | 192.168.2.5 | 13.107.42.16 |
01/26/22-17:03:50.217694 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49758 | 80 | 192.168.2.5 | 194.76.226.200 |
01/26/22-17:04:11.131587 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49771 | 80 | 192.168.2.5 | 211.119.84.112 |
01/26/22-17:04:11.131587 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49771 | 80 | 192.168.2.5 | 211.119.84.112 |
01/26/22-17:04:32.817920 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49781 | 80 | 192.168.2.5 | 41.41.255.235 |
01/26/22-17:04:53.808751 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49812 | 80 | 192.168.2.5 | 31.214.157.187 |
01/26/22-17:04:53.808751 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49812 | 80 | 192.168.2.5 | 31.214.157.187 |
01/26/22-17:05:14.219179 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49814 | 80 | 192.168.2.5 | 13.107.43.16 |
01/26/22-17:05:55.173450 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49825 | 80 | 192.168.2.5 | 181.129.180.251 |
01/26/22-17:06:16.920281 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49827 | 80 | 192.168.2.5 | 61.36.14.230 |
01/26/22-17:06:38.188650 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49828 | 80 | 192.168.2.5 | 31.214.157.187 |
01/26/22-17:06:59.014573 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49829 | 80 | 192.168.2.5 | 13.107.43.16 |
01/26/22-17:06:59.014573 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49829 | 80 | 192.168.2.5 | 13.107.43.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 26, 2022 17:03:50.196054935 CET | 49758 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:03:50.216969967 CET | 80 | 49758 | 194.76.226.200 | 192.168.2.5 |
Jan 26, 2022 17:03:50.217222929 CET | 49758 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:03:50.217694044 CET | 49758 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:03:50.240555048 CET | 80 | 49758 | 194.76.226.200 | 192.168.2.5 |
Jan 26, 2022 17:03:50.485863924 CET | 80 | 49758 | 194.76.226.200 | 192.168.2.5 |
Jan 26, 2022 17:03:50.527489901 CET | 49758 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:04:10.823165894 CET | 49771 | 80 | 192.168.2.5 | 211.119.84.112 |
Jan 26, 2022 17:04:11.131019115 CET | 80 | 49771 | 211.119.84.112 | 192.168.2.5 |
Jan 26, 2022 17:04:11.131146908 CET | 49771 | 80 | 192.168.2.5 | 211.119.84.112 |
Jan 26, 2022 17:04:11.131587029 CET | 49771 | 80 | 192.168.2.5 | 211.119.84.112 |
Jan 26, 2022 17:04:11.641944885 CET | 80 | 49771 | 211.119.84.112 | 192.168.2.5 |
Jan 26, 2022 17:04:12.363171101 CET | 80 | 49771 | 211.119.84.112 | 192.168.2.5 |
Jan 26, 2022 17:04:12.363260984 CET | 80 | 49771 | 211.119.84.112 | 192.168.2.5 |
Jan 26, 2022 17:04:12.363360882 CET | 49771 | 80 | 192.168.2.5 | 211.119.84.112 |
Jan 26, 2022 17:04:12.363540888 CET | 49771 | 80 | 192.168.2.5 | 211.119.84.112 |
Jan 26, 2022 17:04:12.671621084 CET | 80 | 49771 | 211.119.84.112 | 192.168.2.5 |
Jan 26, 2022 17:04:32.723215103 CET | 49781 | 80 | 192.168.2.5 | 41.41.255.235 |
Jan 26, 2022 17:04:32.817071915 CET | 80 | 49781 | 41.41.255.235 | 192.168.2.5 |
Jan 26, 2022 17:04:32.817342997 CET | 49781 | 80 | 192.168.2.5 | 41.41.255.235 |
Jan 26, 2022 17:04:32.817919970 CET | 49781 | 80 | 192.168.2.5 | 41.41.255.235 |
Jan 26, 2022 17:04:33.109745026 CET | 80 | 49781 | 41.41.255.235 | 192.168.2.5 |
Jan 26, 2022 17:04:33.531102896 CET | 80 | 49781 | 41.41.255.235 | 192.168.2.5 |
Jan 26, 2022 17:04:33.531539917 CET | 80 | 49781 | 41.41.255.235 | 192.168.2.5 |
Jan 26, 2022 17:04:33.531630993 CET | 49781 | 80 | 192.168.2.5 | 41.41.255.235 |
Jan 26, 2022 17:04:33.531966925 CET | 49781 | 80 | 192.168.2.5 | 41.41.255.235 |
Jan 26, 2022 17:04:33.613989115 CET | 80 | 49781 | 41.41.255.235 | 192.168.2.5 |
Jan 26, 2022 17:04:53.780751944 CET | 49812 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:04:53.807960033 CET | 80 | 49812 | 31.214.157.187 | 192.168.2.5 |
Jan 26, 2022 17:04:53.808163881 CET | 49812 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:04:53.808751106 CET | 49812 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:04:53.835407972 CET | 80 | 49812 | 31.214.157.187 | 192.168.2.5 |
Jan 26, 2022 17:04:54.068263054 CET | 80 | 49812 | 31.214.157.187 | 192.168.2.5 |
Jan 26, 2022 17:04:54.110872984 CET | 49812 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:04:55.488312960 CET | 80 | 49758 | 194.76.226.200 | 192.168.2.5 |
Jan 26, 2022 17:04:55.489257097 CET | 49758 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:04:55.489376068 CET | 49758 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:04:55.509185076 CET | 80 | 49758 | 194.76.226.200 | 192.168.2.5 |
Jan 26, 2022 17:05:19.442369938 CET | 49812 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:05:19.469677925 CET | 80 | 49812 | 31.214.157.187 | 192.168.2.5 |
Jan 26, 2022 17:05:19.469788074 CET | 49812 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:05:34.284610987 CET | 49816 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:05:34.305545092 CET | 80 | 49816 | 194.76.226.200 | 192.168.2.5 |
Jan 26, 2022 17:05:34.307151079 CET | 49816 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:05:34.308445930 CET | 49816 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:05:34.328700066 CET | 80 | 49816 | 194.76.226.200 | 192.168.2.5 |
Jan 26, 2022 17:05:34.582305908 CET | 80 | 49816 | 194.76.226.200 | 192.168.2.5 |
Jan 26, 2022 17:05:34.735786915 CET | 49816 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:05:54.993796110 CET | 49825 | 80 | 192.168.2.5 | 181.129.180.251 |
Jan 26, 2022 17:05:55.171062946 CET | 80 | 49825 | 181.129.180.251 | 192.168.2.5 |
Jan 26, 2022 17:05:55.171247959 CET | 49825 | 80 | 192.168.2.5 | 181.129.180.251 |
Jan 26, 2022 17:05:55.173449993 CET | 49825 | 80 | 192.168.2.5 | 181.129.180.251 |
Jan 26, 2022 17:05:55.585179090 CET | 80 | 49825 | 181.129.180.251 | 192.168.2.5 |
Jan 26, 2022 17:05:56.107831001 CET | 80 | 49825 | 181.129.180.251 | 192.168.2.5 |
Jan 26, 2022 17:05:56.107940912 CET | 80 | 49825 | 181.129.180.251 | 192.168.2.5 |
Jan 26, 2022 17:05:56.108086109 CET | 49825 | 80 | 192.168.2.5 | 181.129.180.251 |
Jan 26, 2022 17:05:56.108222008 CET | 49825 | 80 | 192.168.2.5 | 181.129.180.251 |
Jan 26, 2022 17:05:56.284883976 CET | 80 | 49825 | 181.129.180.251 | 192.168.2.5 |
Jan 26, 2022 17:06:16.600522995 CET | 49827 | 80 | 192.168.2.5 | 61.36.14.230 |
Jan 26, 2022 17:06:16.919651031 CET | 80 | 49827 | 61.36.14.230 | 192.168.2.5 |
Jan 26, 2022 17:06:16.919747114 CET | 49827 | 80 | 192.168.2.5 | 61.36.14.230 |
Jan 26, 2022 17:06:16.920280933 CET | 49827 | 80 | 192.168.2.5 | 61.36.14.230 |
Jan 26, 2022 17:06:17.439112902 CET | 80 | 49827 | 61.36.14.230 | 192.168.2.5 |
Jan 26, 2022 17:06:18.136353016 CET | 80 | 49827 | 61.36.14.230 | 192.168.2.5 |
Jan 26, 2022 17:06:18.136398077 CET | 80 | 49827 | 61.36.14.230 | 192.168.2.5 |
Jan 26, 2022 17:06:18.136567116 CET | 49827 | 80 | 192.168.2.5 | 61.36.14.230 |
Jan 26, 2022 17:06:18.136715889 CET | 49827 | 80 | 192.168.2.5 | 61.36.14.230 |
Jan 26, 2022 17:06:18.455836058 CET | 80 | 49827 | 61.36.14.230 | 192.168.2.5 |
Jan 26, 2022 17:06:38.157824993 CET | 49828 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:06:38.188126087 CET | 80 | 49828 | 31.214.157.187 | 192.168.2.5 |
Jan 26, 2022 17:06:38.188208103 CET | 49828 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:06:38.188649893 CET | 49828 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:06:38.218698025 CET | 80 | 49828 | 31.214.157.187 | 192.168.2.5 |
Jan 26, 2022 17:06:38.456873894 CET | 80 | 49828 | 31.214.157.187 | 192.168.2.5 |
Jan 26, 2022 17:06:38.508755922 CET | 49828 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:06:39.579426050 CET | 80 | 49816 | 194.76.226.200 | 192.168.2.5 |
Jan 26, 2022 17:06:39.579612017 CET | 49816 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:06:39.787955999 CET | 49816 | 80 | 192.168.2.5 | 194.76.226.200 |
Jan 26, 2022 17:06:39.808128119 CET | 80 | 49816 | 194.76.226.200 | 192.168.2.5 |
Jan 26, 2022 17:07:09.449675083 CET | 49828 | 80 | 192.168.2.5 | 31.214.157.187 |
Jan 26, 2022 17:07:09.480206013 CET | 80 | 49828 | 31.214.157.187 | 192.168.2.5 |
Jan 26, 2022 17:07:09.482753038 CET | 49828 | 80 | 192.168.2.5 | 31.214.157.187 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 26, 2022 17:04:10.702095032 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2022 17:04:10.821247101 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2022 17:04:32.537123919 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2022 17:04:32.720880985 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2022 17:05:54.678286076 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2022 17:05:54.987817049 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2022 17:06:16.351515055 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2022 17:06:16.595956087 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 26, 2022 17:04:10.702095032 CET | 192.168.2.5 | 8.8.8.8 | 0xb2e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 26, 2022 17:04:32.537123919 CET | 192.168.2.5 | 8.8.8.8 | 0x72f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 26, 2022 17:05:54.678286076 CET | 192.168.2.5 | 8.8.8.8 | 0xdb34 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 26, 2022 17:06:16.351515055 CET | 192.168.2.5 | 8.8.8.8 | 0x5295 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 26, 2022 17:04:10.821247101 CET | 8.8.8.8 | 192.168.2.5 | 0xb2e | No error (0) | 211.119.84.112 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:10.821247101 CET | 8.8.8.8 | 192.168.2.5 | 0xb2e | No error (0) | 183.78.205.92 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:10.821247101 CET | 8.8.8.8 | 192.168.2.5 | 0xb2e | No error (0) | 210.92.250.133 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:10.821247101 CET | 8.8.8.8 | 192.168.2.5 | 0xb2e | No error (0) | 187.232.235.234 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:10.821247101 CET | 8.8.8.8 | 192.168.2.5 | 0xb2e | No error (0) | 183.100.39.157 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:10.821247101 CET | 8.8.8.8 | 192.168.2.5 | 0xb2e | No error (0) | 203.228.9.102 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:10.821247101 CET | 8.8.8.8 | 192.168.2.5 | 0xb2e | No error (0) | 41.41.255.235 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:10.821247101 CET | 8.8.8.8 | 192.168.2.5 | 0xb2e | No error (0) | 186.6.45.193 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:10.821247101 CET | 8.8.8.8 | 192.168.2.5 | 0xb2e | No error (0) | 197.44.54.172 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:10.821247101 CET | 8.8.8.8 | 192.168.2.5 | 0xb2e | No error (0) | 151.251.30.69 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:32.720880985 CET | 8.8.8.8 | 192.168.2.5 | 0x72f | No error (0) | 41.41.255.235 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:32.720880985 CET | 8.8.8.8 | 192.168.2.5 | 0x72f | No error (0) | 186.6.45.193 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:32.720880985 CET | 8.8.8.8 | 192.168.2.5 | 0x72f | No error (0) | 197.44.54.172 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:32.720880985 CET | 8.8.8.8 | 192.168.2.5 | 0x72f | No error (0) | 151.251.30.69 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:32.720880985 CET | 8.8.8.8 | 192.168.2.5 | 0x72f | No error (0) | 211.119.84.112 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:32.720880985 CET | 8.8.8.8 | 192.168.2.5 | 0x72f | No error (0) | 183.78.205.92 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:32.720880985 CET | 8.8.8.8 | 192.168.2.5 | 0x72f | No error (0) | 210.92.250.133 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:32.720880985 CET | 8.8.8.8 | 192.168.2.5 | 0x72f | No error (0) | 187.232.235.234 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:32.720880985 CET | 8.8.8.8 | 192.168.2.5 | 0x72f | No error (0) | 183.100.39.157 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:04:32.720880985 CET | 8.8.8.8 | 192.168.2.5 | 0x72f | No error (0) | 203.228.9.102 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:05:54.987817049 CET | 8.8.8.8 | 192.168.2.5 | 0xdb34 | No error (0) | 181.129.180.251 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:05:54.987817049 CET | 8.8.8.8 | 192.168.2.5 | 0xdb34 | No error (0) | 222.236.49.124 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:05:54.987817049 CET | 8.8.8.8 | 192.168.2.5 | 0xdb34 | No error (0) | 187.212.179.214 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:05:54.987817049 CET | 8.8.8.8 | 192.168.2.5 | 0xdb34 | No error (0) | 95.104.121.111 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:05:54.987817049 CET | 8.8.8.8 | 192.168.2.5 | 0xdb34 | No error (0) | 178.31.236.98 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:05:54.987817049 CET | 8.8.8.8 | 192.168.2.5 | 0xdb34 | No error (0) | 31.167.149.141 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:05:54.987817049 CET | 8.8.8.8 | 192.168.2.5 | 0xdb34 | No error (0) | 58.235.189.190 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:05:54.987817049 CET | 8.8.8.8 | 192.168.2.5 | 0xdb34 | No error (0) | 61.36.14.230 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:05:54.987817049 CET | 8.8.8.8 | 192.168.2.5 | 0xdb34 | No error (0) | 14.51.96.70 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:05:54.987817049 CET | 8.8.8.8 | 192.168.2.5 | 0xdb34 | No error (0) | 180.69.193.102 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:06:16.595956087 CET | 8.8.8.8 | 192.168.2.5 | 0x5295 | No error (0) | 61.36.14.230 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:06:16.595956087 CET | 8.8.8.8 | 192.168.2.5 | 0x5295 | No error (0) | 14.51.96.70 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:06:16.595956087 CET | 8.8.8.8 | 192.168.2.5 | 0x5295 | No error (0) | 180.69.193.102 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:06:16.595956087 CET | 8.8.8.8 | 192.168.2.5 | 0x5295 | No error (0) | 181.129.180.251 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:06:16.595956087 CET | 8.8.8.8 | 192.168.2.5 | 0x5295 | No error (0) | 222.236.49.124 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:06:16.595956087 CET | 8.8.8.8 | 192.168.2.5 | 0x5295 | No error (0) | 187.212.179.214 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:06:16.595956087 CET | 8.8.8.8 | 192.168.2.5 | 0x5295 | No error (0) | 95.104.121.111 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:06:16.595956087 CET | 8.8.8.8 | 192.168.2.5 | 0x5295 | No error (0) | 178.31.236.98 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:06:16.595956087 CET | 8.8.8.8 | 192.168.2.5 | 0x5295 | No error (0) | 31.167.149.141 | A (IP address) | IN (0x0001) | ||
Jan 26, 2022 17:06:16.595956087 CET | 8.8.8.8 | 192.168.2.5 | 0x5295 | No error (0) | 58.235.189.190 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49758 | 194.76.226.200 | 80 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 26, 2022 17:03:50.217694044 CET | 1190 | OUT | |
Jan 26, 2022 17:03:50.485863924 CET | 1191 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49771 | 211.119.84.112 | 80 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 26, 2022 17:04:11.131587029 CET | 8224 | OUT | |
Jan 26, 2022 17:04:12.363171101 CET | 11882 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.5 | 49781 | 41.41.255.235 | 80 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 26, 2022 17:04:32.817919970 CET | 17822 | OUT | |
Jan 26, 2022 17:04:33.531102896 CET | 17823 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.5 | 49812 | 31.214.157.187 | 80 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 26, 2022 17:04:53.808751106 CET | 17909 | OUT | |
Jan 26, 2022 17:04:54.068263054 CET | 17910 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.5 | 49816 | 194.76.226.200 | 80 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 26, 2022 17:05:34.308445930 CET | 17926 | OUT | |
Jan 26, 2022 17:05:34.582305908 CET | 17927 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.5 | 49825 | 181.129.180.251 | 80 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 26, 2022 17:05:55.173449993 CET | 18600 | OUT | |
Jan 26, 2022 17:05:56.107831001 CET | 18601 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.5 | 49827 | 61.36.14.230 | 80 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 26, 2022 17:06:16.920280933 CET | 18609 | OUT | |
Jan 26, 2022 17:06:18.136353016 CET | 18610 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.5 | 49828 | 31.214.157.187 | 80 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 26, 2022 17:06:38.188649893 CET | 18611 | OUT | |
Jan 26, 2022 17:06:38.456873894 CET | 18611 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:03:03 |
Start date: | 26/01/2022 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8b0000 |
File size: | 116736 bytes |
MD5 hash: | 7DEB5DB86C0AC789123DEC286286B938 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | high |
Target ID: | 1 |
Start time: | 17:03:04 |
Start date: | 26/01/2022 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 17:03:04 |
Start date: | 26/01/2022 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1360000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | high |
Target ID: | 7 |
Start time: | 17:03:07 |
Start date: | 26/01/2022 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x930000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Execution Graph
Execution Coverage: | 1.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 12.2% |
Total number of Nodes: | 329 |
Total number of Limit Nodes: | 9 |
Graph
Function 0076B448 Relevance: 312.8, APIs: 172, Strings: 6, Instructions: 1255librarymemorywindowCOMMONCrypto
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070557C Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 184registrystringlibraryCOMMON
Control-flow Graph
C-Code - Quality: 69% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00705688 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98stringlibrarythreadCOMMON
Control-flow Graph
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00701524 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00705340 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007016B8 Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071DCE8 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00701380 Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072921C Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
Control-flow Graph
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007053C4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00730108 Relevance: 7.7, APIs: 5, Instructions: 235sleepCOMMON
C-Code - Quality: 63% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072C54C Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007210CC Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070C804 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00708912 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072A41C Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072165C Relevance: 1.5, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070B148 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070C10C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070B194 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007284AC Relevance: 1.4, Strings: 1, Instructions: 191COMMON
C-Code - Quality: 90% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00721174 Relevance: .0, Instructions: 8COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 52% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00706DC4 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072B68C Relevance: 18.1, APIs: 12, Instructions: 142COMMON
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070CA64 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0073666C Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125registryCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00723414 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071CAB8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109threadCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007272A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00727374 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00727448 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007216B4 Relevance: 12.1, APIs: 8, Instructions: 79COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072404C Relevance: 10.6, APIs: 7, Instructions: 66COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00732470 Relevance: 9.2, APIs: 6, Instructions: 150COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00722024 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00721864 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00719850 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00720F48 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071CAB6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70threadCOMMON
C-Code - Quality: 67% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007030DC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007316F4 Relevance: 7.7, APIs: 5, Instructions: 171COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0073D084 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072539C Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007217CC Relevance: 7.6, APIs: 5, Instructions: 55COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070B3D0 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007371C0 Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070B480 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070CECC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070EDAC Relevance: 6.1, APIs: 4, Instructions: 115COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0070C8F0 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0073714C Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00706C9C Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 4.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 760 |
Total number of Limit Nodes: | 22 |
Graph
Function 00E7B448 Relevance: 310.9, APIs: 172, Strings: 5, Instructions: 1196librarymemorywindowCOMMONCrypto
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1557C Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 184registrystringlibraryCOMMON
Control-flow Graph
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E15688 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98stringlibrarythreadCOMMON
Control-flow Graph
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010814BA Relevance: 13.6, APIs: 9, Instructions: 120sleepnativesynchronizationCOMMON
Control-flow Graph
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010817A7 Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E11A0C Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
Control-flow Graph
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01082093 Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
Control-flow Graph
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01081883 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 106memoryCOMMON
Control-flow Graph
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EDA320 Relevance: 3.2, APIs: 2, Instructions: 195memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E120F8 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EDA740 Relevance: 3.1, APIs: 2, Instructions: 86memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00ED9DD0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E11524 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E15340 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E116B8 Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E2DCE8 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E153C4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E5D24C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E3C54C Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E57B64 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E19C14 Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E3921C Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E35624 Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 351windowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E16DC4 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E3B68C Relevance: 18.1, APIs: 12, Instructions: 142COMMON
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1CA64 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E4666C Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125registryCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E33414 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E2CAB8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109threadCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E372A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E37374 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E37448 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E13EEC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E316B4 Relevance: 12.1, APIs: 8, Instructions: 79windowCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E3404C Relevance: 10.6, APIs: 7, Instructions: 66COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E42470 Relevance: 9.2, APIs: 6, Instructions: 150COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E31BB4 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
C-Code - Quality: 81% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E32024 Relevance: 9.1, APIs: 6, Instructions: 65windowCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E11AD0 Relevance: 9.1, APIs: 6, Instructions: 62COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E31864 Relevance: 9.1, APIs: 6, Instructions: 55windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E30F48 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E42C4C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 148windowCOMMON
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E35FA0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113windowCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E130DC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E416F4 Relevance: 7.7, APIs: 5, Instructions: 171COMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E4D084 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E3539C Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E45B90 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E317CC Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
C-Code - Quality: 70% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1B3D0 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E471C0 Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1B480 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E50494 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1CECC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1EDAC Relevance: 6.1, APIs: 4, Instructions: 115COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E1C8F0 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E33E94 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E50AEC Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E29850 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01081DDF Relevance: 6.0, APIs: 4, Instructions: 38COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E5380C Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E4714C Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E19EE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |