Windows
Analysis Report
steg.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- steg.exe (PID: 6544 cmdline:
"C:\Users\ user\Deskt op\steg.ex e" MD5: 30747BB37997B54D37BAE65AE590B7E8) - Windows Update.exe (PID: 7000 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Windows U pdate.exe" MD5: 30747BB37997B54D37BAE65AE590B7E8) - dw20.exe (PID: 5912 cmdline:
dw20.exe - x -s 2708 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)
- WindowsUpdate.exe (PID: 6424 cmdline:
"C:\Users\ user\AppDa ta\Roaming \WindowsUp date.exe" MD5: 30747BB37997B54D37BAE65AE590B7E8) - Windows Update.exe (PID: 5876 cmdline:
"C:\Users\ user\AppDa ta\Roaming \Windows U pdate.exe" MD5: 30747BB37997B54D37BAE65AE590B7E8) - dw20.exe (PID: 5528 cmdline:
dw20.exe - x -s 2676 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
JoeSecurity_EmailPasswordDump_Tool | Yara detected EmailPasswordDump Tool by SecurityXploded | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | ||
JoeSecurity_BrowserPasswordDump_Tool | Yara detected BrowserPasswordDump Tool by SecurityXploded | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
JoeSecurity_EmailPasswordDump_Tool | Yara detected EmailPasswordDump Tool by SecurityXploded | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | ||
JoeSecurity_BrowserPasswordDump_Tool | Yara detected BrowserPasswordDump Tool by SecurityXploded | Joe Security | ||
Click to see the 5 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | ||
JoeSecurity_EmailPasswordDump_Tool | Yara detected EmailPasswordDump Tool by SecurityXploded | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | ||
JoeSecurity_BrowserPasswordDump_Tool | Yara detected BrowserPasswordDump Tool by SecurityXploded | Joe Security | ||
Click to see the 79 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
JoeSecurity_EmailPasswordDump_Tool | Yara detected EmailPasswordDump Tool by SecurityXploded | Joe Security | ||
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
JoeSecurity_BrowserPasswordDump_Tool | Yara detected BrowserPasswordDump Tool by SecurityXploded | Joe Security | ||
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
Click to see the 242 entries |
There are no malicious signatures, click here to show all signatures.
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: frack113: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: |
Source: | Author: frack113: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: | ||
Source: | Avira: |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_03370728 | |
Source: | Code function: | 0_2_033714C8 | |
Source: | Code function: | 0_2_033719B8 | |
Source: | Code function: | 0_2_033719A8 | |
Source: | Code function: | 0_2_03371800 | |
Source: | Code function: | 12_2_04BA19B8 | |
Source: | Code function: | 12_2_04BA0728 | |
Source: | Code function: | 12_2_04BA19A8 | |
Source: | Code function: | 12_2_04BA1800 | |
Source: | Code function: | 12_2_04BA14C8 | |
Source: | Code function: | 14_2_053A6228 | |
Source: | Code function: | 14_2_053A0728 | |
Source: | Code function: | 14_2_053A6218 | |
Source: | Code function: | 14_2_053A1800 | |
Source: | Code function: | 14_2_053A19B8 | |
Source: | Code function: | 14_2_053A19A8 | |
Source: | Code function: | 14_2_053A4780 | |
Source: | Code function: | 14_2_053A14C8 |
Networking |
---|
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Code function: | 14_2_012BA09A |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Windows user hook set: | Jump to behavior | ||
Source: | Windows user hook set: | Jump to behavior |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Binary or memory string: |
Source: | Window created: | Jump to behavior | ||
Source: | Window created: | Jump to behavior |
Source: | Process created: |
Source: | Code function: | 0_2_00FDE077 | |
Source: | Code function: | 0_2_00FF8070 | |
Source: | Code function: | 0_2_00F9B2E7 | |
Source: | Code function: | 0_2_00F9C2C7 | |
Source: | Code function: | 0_2_00F90287 | |
Source: | Code function: | 0_2_00F90397 | |
Source: | Code function: | 0_2_00FAC387 | |
Source: | Code function: | 0_2_00F9E337 | |
Source: | Code function: | 0_2_00FC64F7 | |
Source: | Code function: | 0_2_00F9F4F7 | |
Source: | Code function: | 0_2_00FF7590 | |
Source: | Code function: | 0_2_00FBA6E7 | |
Source: | Code function: | 0_2_00FAB6E7 | |
Source: | Code function: | 0_2_00FC46C7 | |
Source: | Code function: | 0_2_00FC7627 | |
Source: | Code function: | 0_2_00FF87EC | |
Source: | Code function: | 0_2_00FA2707 | |
Source: | Code function: | 0_2_00FE4987 | |
Source: | Code function: | 0_2_010798D1 | |
Source: | Code function: | 0_2_00FCFAC7 | |
Source: | Code function: | 0_2_00FE3A57 | |
Source: | Code function: | 0_2_00F8FA17 | |
Source: | Code function: | 0_2_00F8FB27 | |
Source: | Code function: | 0_2_00FF7B00 | |
Source: | Code function: | 0_2_00FA7C87 | |
Source: | Code function: | 0_2_00FD2C77 | |
Source: | Code function: | 0_2_00FCDC27 | |
Source: | Code function: | 0_2_00FDFD97 | |
Source: | Code function: | 0_2_00FF4D00 | |
Source: | Code function: | 0_2_00F93EC7 | |
Source: | Code function: | 0_2_00F8FFF7 | |
Source: | Code function: | 0_2_00FE7FC7 | |
Source: | Code function: | 0_2_00FF9F2B | |
Source: | Code function: | 0_2_00FB4F07 | |
Source: | Code function: | 0_2_03371E53 | |
Source: | Code function: | 4_2_0006E077 | |
Source: | Code function: | 4_2_00088070 | |
Source: | Code function: | 4_2_000FD0AC | |
Source: | Code function: | 4_2_000DB0DC | |
Source: | Code function: | 4_2_00020287 | |
Source: | Code function: | 4_2_000C02CC | |
Source: | Code function: | 4_2_0002C2C7 | |
Source: | Code function: | 4_2_0002B2E7 | |
Source: | Code function: | 4_2_0002E337 | |
Source: | Code function: | 4_2_0003C387 | |
Source: | Code function: | 4_2_00020397 | |
Source: | Code function: | 4_2_000564F7 | |
Source: | Code function: | 4_2_0002F4F7 | |
Source: | Code function: | 4_2_000F950C | |
Source: | Code function: | 4_2_00087590 | |
Source: | Code function: | 4_2_000F85DC | |
Source: | Code function: | 4_2_00057627 | |
Source: | Code function: | 4_2_000546C7 | |
Source: | Code function: | 4_2_0004A6E7 | |
Source: | Code function: | 4_2_0003B6E7 | |
Source: | Code function: | 4_2_00032707 | |
Source: | Code function: | 4_2_000887EC | |
Source: | Code function: | 4_2_001098D1 | |
Source: | Code function: | 4_2_00074987 | |
Source: | Code function: | 4_2_0001FA17 | |
Source: | Code function: | 4_2_00073A57 | |
Source: | Code function: | 4_2_0005FAC7 | |
Source: | Code function: | 4_2_00087B00 | |
Source: | Code function: | 4_2_0001FB27 | |
Source: | Code function: | 4_2_000F2BFC | |
Source: | Code function: | 4_2_0005DC27 | |
Source: | Code function: | 4_2_00062C77 | |
Source: | Code function: | 4_2_00037C87 | |
Source: | Code function: | 4_2_00084D00 | |
Source: | Code function: | 12_2_00338070 | |
Source: | Code function: | 12_2_0031E077 | |
Source: | Code function: | 12_2_003AD0AC | |
Source: | Code function: | 12_2_002D0287 | |
Source: | Code function: | 12_2_002DB2E7 | |
Source: | Code function: | 12_2_002DC2C7 | |
Source: | Code function: | 12_2_002DE337 | |
Source: | Code function: | 12_2_002EC387 | |
Source: | Code function: | 12_2_002D0397 | |
Source: | Code function: | 12_2_003064F7 | |
Source: | Code function: | 12_2_002DF4F7 | |
Source: | Code function: | 12_2_00337590 | |
Source: | Code function: | 12_2_00307627 | |
Source: | Code function: | 12_2_002FA6E7 | |
Source: | Code function: | 12_2_002EB6E7 | |
Source: | Code function: | 12_2_003046C7 | |
Source: | Code function: | 12_2_002E2707 | |
Source: | Code function: | 12_2_003387EC | |
Source: | Code function: | 12_2_003B98D1 | |
Source: | Code function: | 12_2_00324987 | |
Source: | Code function: | 12_2_002CFA17 | |
Source: | Code function: | 12_2_00323A57 | |
Source: | Code function: | 12_2_0030FAC7 | |
Source: | Code function: | 12_2_002CFB27 | |
Source: | Code function: | 12_2_00337B00 | |
Source: | Code function: | 12_2_0030DC27 | |
Source: | Code function: | 12_2_00312C77 | |
Source: | Code function: | 12_2_002E7C87 | |
Source: | Code function: | 12_2_00334D00 | |
Source: | Code function: | 12_2_0031FD97 | |
Source: | Code function: | 12_2_002D3EC7 | |
Source: | Code function: | 12_2_00339F2B | |
Source: | Code function: | 12_2_002F4F07 | |
Source: | Code function: | 12_2_002CFFF7 | |
Source: | Code function: | 12_2_00327FC7 | |
Source: | Code function: | 12_2_04BA1E53 | |
Source: | Code function: | 14_2_00B38070 | |
Source: | Code function: | 14_2_00B1E077 | |
Source: | Code function: | 14_2_00AD0287 | |
Source: | Code function: | 14_2_00ADB2E7 | |
Source: | Code function: | 14_2_00ADC2C7 | |
Source: | Code function: | 14_2_00AEC387 | |
Source: | Code function: | 14_2_00AD0397 | |
Source: | Code function: | 14_2_00ADE337 | |
Source: | Code function: | 14_2_00B064F7 | |
Source: | Code function: | 14_2_00ADF4F7 | |
Source: | Code function: | 14_2_00B37590 | |
Source: | Code function: | 14_2_00AFA6E7 | |
Source: | Code function: | 14_2_00AEB6E7 | |
Source: | Code function: | 14_2_00B07627 | |
Source: | Code function: | 14_2_00B046C7 | |
Source: | Code function: | 14_2_00B07627 | |
Source: | Code function: | 14_2_00B387EC | |
Source: | Code function: | 14_2_00AE2707 | |
Source: | Code function: | 14_2_00BB98D1 | |
Source: | Code function: | 14_2_00B24987 | |
Source: | Code function: | 14_2_00B0FAC7 | |
Source: | Code function: | 14_2_00ACFA17 | |
Source: | Code function: | 14_2_00B23A57 | |
Source: | Code function: | 14_2_00ACFB27 | |
Source: | Code function: | 14_2_00B37B00 | |
Source: | Code function: | 14_2_00AE7C87 | |
Source: | Code function: | 14_2_00B0DC27 | |
Source: | Code function: | 14_2_00B12C77 | |
Source: | Code function: | 14_2_00B1FD97 | |
Source: | Code function: | 14_2_00B34D00 | |
Source: | Code function: | 14_2_00AD3EC7 | |
Source: | Code function: | 14_2_00ACFFF7 | |
Source: | Code function: | 14_2_00B27FC7 | |
Source: | Code function: | 14_2_00B39F2B | |
Source: | Code function: | 14_2_00AF4F07 | |
Source: | Code function: | 14_2_053A5C18 | |
Source: | Code function: | 14_2_053A5C13 | |
Source: | Code function: | 14_2_053A1C60 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 14_2_05523C92 | |
Source: | Code function: | 14_2_05523C5B |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: | ||
Source: | Base64 encoded string: |
Source: | Mutant created: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | |||
Source: | File read: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | 0_2_01072954 | |
Source: | Code function: | 0_2_00FEECAF | |
Source: | Code function: | 4_2_00102954 | |
Source: | Code function: | 4_2_0007ECAF | |
Source: | Code function: | 12_2_003B2954 | |
Source: | Code function: | 12_2_0032ECAF | |
Source: | Code function: | 12_2_0254049D | |
Source: | Code function: | 14_2_00BB2954 | |
Source: | Code function: | 14_2_00B2ECAF |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | Function Chain: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Code function: | 14_2_055217D6 | |
Source: | Code function: | 14_2_055217B4 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 14_2_053A6358 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00FEB5AE |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Replication Through Removable Media | 21 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Disable or Modify Tools | 211 Input Capture | 1 Peripheral Device Discovery | 1 Replication Through Removable Media | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 4 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 2 Native API | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | 211 Input Capture | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 12 Process Injection | 31 Obfuscated Files or Information | Security Account Manager | 23 System Information Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | Automated Exfiltration | 1 Non-Standard Port | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 1 Registry Run Keys / Startup Folder | 11 Software Packing | NTDS | 141 Security Software Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Remote Access Software | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Process Discovery | SSH | Keylogging | Data Transfer Size Limits | 3 Non-Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Masquerading | Cached Domain Credentials | 41 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | 14 Application Layer Protocol | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 41 Virtualization/Sandbox Evasion | DCSync | 1 Remote System Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | 11 System Network Configuration Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 12 Process Injection | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 1 Hidden Files and Directories | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
71% | Virustotal | Browse | ||
88% | ReversingLabs | ByteCode-MSIL.Trojan.Golroted | ||
100% | Avira | TR/Golroted.xous | ||
100% | Avira | TR/Spy.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Golroted.xous | ||
100% | Avira | TR/Spy.Gen | ||
100% | Avira | TR/Golroted.xous | ||
100% | Avira | TR/Spy.Gen | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
88% | ReversingLabs | ByteCode-MSIL.Trojan.Golroted | ||
88% | ReversingLabs | ByteCode-MSIL.Trojan.Golroted |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File | ||
100% | Avira | TR/Golroted.xous | Download File | ||
100% | Avira | TR/Spy.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
whatismyipaddress.com | 104.16.155.36 | true | false | high | |
smtp.gmail.com | 108.177.127.109 | true | false | high | |
140.244.14.0.in-addr.arpa | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.16.155.36 | whatismyipaddress.com | United States | 13335 | CLOUDFLARENETUS | false | |
108.177.127.109 | smtp.gmail.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 593806 |
Start date and time: | 2022-03-22 02:34:19 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | steg.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@10/15@9/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212, 20.189.173.20
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, arc.msn.com
- Execution Graph export aborted for target Windows Update.exe, PID 7000 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
03:35:50 | API Interceptor | |
03:35:53 | API Interceptor | |
03:35:53 | Autostart | |
03:36:02 | Autostart |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_windows update.e_436621b0be9536334964869bf89e95685ea4f5_00000000_15c9a667\Report.wer
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.308745717009357 |
Encrypted: | false |
SSDEEP: | 192:Vpgu5sGzOe63aPLk9Mg5N3gFm1pzvTkyK81X+tXyXyE/u7siS274It:J5siOjayRvw06nE/u7siX4It |
MD5: | B342D04C5AE75D98E4FAEB0840B0B5F2 |
SHA1: | F8FEB8B0BA5852FED3A968B56EC0C31979DA7379 |
SHA-256: | E6FA2CC142861D08C8BE0D2BD56486245936A8FC6CB6C6DE142B774EA30CB8E9 |
SHA-512: | B82C039FBF572D8EA2CA8454988E3D8E13CA79BEDD8D30E3D3260EF408FDED28FA04636C74AC4AFD7DF2B45A99610447414E5AAC596CE716BE542EDF85172893 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_windows update.e_436621b0be9536334964869bf89e95685ea4f5_00000000_17493f51\Report.wer
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.3149700454264321 |
Encrypted: | false |
SSDEEP: | 192:VKMk/sGzNe63aKsn9fbeN9M2v1zzv9kXZKIgjIRcMbu/u7siS274It:G/siNjaEdvO1nbu/u7siX4It |
MD5: | 9DD407AF23C9BED0015D6D10A84A29D3 |
SHA1: | FD2A24B6E56730ABD196C6AE99500A58260ECD19 |
SHA-256: | CD3D2B403E849B3415E6710305A7FA1C3424C515F9F082180DFB0688324C13B2 |
SHA-512: | 388AD6A72B0103CC554E7FCE22118DBE7CE95EC4446F4478B185594468E6075BD67B2322BFD7144F73C45EE8E1ADF05C1E7E536AD20B06451F1C7CAF4AD91D4A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7638 |
Entropy (8bit): | 3.685492785123007 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNig56Pgv6YRO6+gmfZiSW+p1b61f2Jm:RrlsNiO6I6Yo6+gmf4SbbQfp |
MD5: | 866A56B5FB111E45F768C6284D40346F |
SHA1: | 95432D9402FD807511804CFF3B4D70056BC4FA89 |
SHA-256: | A4D82922BBDCE338B22C867B0652C0265B116F54DBBFA7F617DDB323A3C15377 |
SHA-512: | 0410944F05D7B4C9C864F75A4A7F6C22E30F361FD95E4D2907A355376ABF0F8DC13D0247E04822037B8983B3EE4BF78DD59E2E6A52B4DEB08CE9304D047602C2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4693 |
Entropy (8bit): | 4.449132467269561 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsfJgtWI9SMWgc8sqYji8fm8M4JFK85xFJO+q8vj5AC+dOnVQEAEd:uITfBtlgrsqYrJFKy4KdACzVQEAEd |
MD5: | 0C8D726E73F002B17F723F950C9CF9B8 |
SHA1: | ACD71058C2FD5FCDDFF9F3BF7DAC96CCB4613D50 |
SHA-256: | 4467028406D5764C380B8E97DADFEA283CCE0105759D3A93623477BE88868E2A |
SHA-512: | 4CA85B157BF51EAEA19259E34CAF163939F338C4E493A8F0057AE75629A754CF6245AAA310E9F257A137402138465B7E3C38BBD4B8CC121B5E8C8F54F3E328B9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7642 |
Entropy (8bit): | 3.684063614647202 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi7g6I6YO+6ZgmfZiSW+p1Ny1f8Pm:RrlsNi86I6Yf6Zgmf4SbNofJ |
MD5: | D115B32576A0D5FFD2448BFB47AF4C9A |
SHA1: | 574BC5FF44E734B18CB42E6ACB97F441CCAD1360 |
SHA-256: | BBF66801682AE643BF8CDDAFF2225C5C529E6FB40694306B8FF0FACB75664EEC |
SHA-512: | 5E781A249369F6D2255717BAFD44F0C0BEF88AEE7697077FB469F594DC2AC8D33D5AC8F3E3C4C0DFE4551CE4ECCD3BC0303BD1071C89B87EAECAC16C717C79F9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4693 |
Entropy (8bit): | 4.450845819338463 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsfJgtWI9SMWgc8sqYjsz8fm8M4JFK85xFg+q8vj52z6+dOnVQEREd:uITfBtlgrsqYPJFKyMKdq6zVQEREd |
MD5: | 9AA1F9B81F8152D17378B8C185247354 |
SHA1: | B7A2AD40F56ED159255C18CA4BF67D2DD99F64FB |
SHA-256: | 407DC00DC0733E4EC0225CC6FB9A89868954CD408ECC08AE5D76AB0C5DB47102 |
SHA-512: | 934F4FC98C318712844166E7CB5E8BA8B0320DB7F50F306BB50DF8D4AE434F9AAC69F03EBCDDB8FD87EB5DB5792AE07F9D3CEFB4C0626213C08296A8B94C08A9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 664 |
Entropy (8bit): | 5.288448637977022 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9 |
MD5: | B1DB55991C3DA14E35249AEA1BC357CA |
SHA1: | 0DD2D91198FDEF296441B12F1A906669B279700C |
SHA-256: | 34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC |
SHA-512: | BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801 |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\steg.exe |
File Type: | |
Category: | modified |
Size (bytes): | 664 |
Entropy (8bit): | 5.288448637977022 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9 |
MD5: | B1DB55991C3DA14E35249AEA1BC357CA |
SHA1: | 0DD2D91198FDEF296441B12F1A906669B279700C |
SHA-256: | 34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC |
SHA-512: | BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801 |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\steg.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48 |
Entropy (8bit): | 4.304047012067739 |
Encrypted: | false |
SSDEEP: | 3:oNt+kiEaKC59KuCa:oNwknaZ5v |
MD5: | 7C20EC9581869DA3A05E18186353A4B2 |
SHA1: | 210CC52C845FF85B36F422F4C36CA29DB3666482 |
SHA-256: | 23B52B6D0ABD0A0D20690B742429AD1B465D7050535E8FDDB85BF45A8498A4B0 |
SHA-512: | 4CED524729759783EA4783EE98650E6D912D8DAC53386E2DA3C812FE83F40FB1EB97C71521DF380191D399E284D0D94126BD5FC2CBD18B76142EC3A9E97FADA0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\steg.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1167872 |
Entropy (8bit): | 6.562432865407771 |
Encrypted: | false |
SSDEEP: | 24576:IoLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Nx6 |
MD5: | 30747BB37997B54D37BAE65AE590B7E8 |
SHA1: | D702FFAAC8BF35F3372EF2C310B21EEF8A91F6EA |
SHA-256: | A39F2E3D1A27BD091C689A09499B374E5F6743DE23B42BFD9C7A17C1D49DFAD7 |
SHA-512: | CBC7864F127574F1BCB20A442B83D394320BF325F73E75BC6FA8A2EDBBC568EF79973820A672F2340BA5379B9E6EA12C3BB518346B4D702280E9F595D2722322 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\Desktop\steg.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Windows Update.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1167872 |
Entropy (8bit): | 6.562432865407771 |
Encrypted: | false |
SSDEEP: | 24576:IoLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Nx6 |
MD5: | 30747BB37997B54D37BAE65AE590B7E8 |
SHA1: | D702FFAAC8BF35F3372EF2C310B21EEF8A91F6EA |
SHA-256: | A39F2E3D1A27BD091C689A09499B374E5F6743DE23B42BFD9C7A17C1D49DFAD7 |
SHA-512: | CBC7864F127574F1BCB20A442B83D394320BF325F73E75BC6FA8A2EDBBC568EF79973820A672F2340BA5379B9E6EA12C3BB518346B4D702280E9F595D2722322 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Windows Update.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Windows Update.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 2.0 |
Encrypted: | false |
SSDEEP: | 3:Ign:Ig |
MD5: | FDC0EB412A84FA549AFE68373D9087E9 |
SHA1: | 6E56295615BE063470CE266ABB0F949F84090CCD |
SHA-256: | E5FCF24812E6585EAC0EA6F1A5E3AB5A16B8C2B9568C10B4175EA088AAEAE014 |
SHA-512: | 6CE827A2F598C3C3E56D4BBE94632663848E24AAAB476302E905624EAD8047CB03119CA5655009ABD71FCE493089A7E654298CD9D93FAE2A99101E5E637B29DC |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Users\user\AppData\Roaming\Windows Update.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49 |
Entropy (8bit): | 4.359935487883289 |
Encrypted: | false |
SSDEEP: | 3:oNt+kiEaKC59KYr4a:oNwknaZ534a |
MD5: | EAB5D702695BC09B3A1E675917747986 |
SHA1: | CCB1F880801A3826B484428802F66BDCCEDFF0B6 |
SHA-256: | 9E90C44A450FAD02151EC509448B88382B55A7CDC65D32EA970B9AE13C909709 |
SHA-512: | 7328E450F4E3AE277F5F30BAFC0D7D73835AEC39544A999A2A6D08DC6A20BF83874D7D3C5D8B24764F0C432D9A4F0A697377E27E89A5A4FC260E9041D7CF2EA6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 6.562432865407771 |
TrID: |
|
File name: | steg.exe |
File size: | 1167872 |
MD5: | 30747bb37997b54d37bae65ae590b7e8 |
SHA1: | d702ffaac8bf35f3372ef2c310b21eef8a91f6ea |
SHA256: | a39f2e3d1a27bd091c689a09499b374e5f6743de23b42bfd9c7a17c1d49dfad7 |
SHA512: | cbc7864f127574f1bcb20a442b83d394320bf325f73e75bc6fa8a2edbbc568ef79973820a672f2340ba5379b9e6ea12c3bb518346b4d702280e9f595d2722322 |
SSDEEP: | 24576:IoLTkXBwWja4SlukeeKL0xJaqT//aqT8E94Tf3C:Nx6 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&U.....................4........... ........@.. ....................... ............@................................ |
Icon Hash: | 41455554545445a2 |
Entrypoint: | 0x51bb1e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x55260706 [Thu Apr 9 04:58:46 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v2.0.50727 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x11bacc | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x11c000 | 0x3200 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x120000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x119b24 | 0x119c00 | False | 0.521700137256 | data | 6.57631984878 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x11c000 | 0x3200 | 0x3200 | False | 0.105546875 | data | 3.584800479 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x120000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x11c4e0 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2004318071, next used block 4286019447 | ||
RT_ICON | 0x11c7c8 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x11c8f0 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0x11d198 | 0x568 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x11d700 | 0x353 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x11da58 | 0x10a8 | data | ||
RT_ICON | 0x11eb00 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x11ef68 | 0x68 | data | ||
RT_VERSION | 0x11c250 | 0x290 | MS Windows COFF PA-RISC object file | ||
RT_MANIFEST | 0x11efd0 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2014 |
Assembly Version | 1.0.0.0 |
InternalName | Stub.exe |
FileVersion | 1.0.0.0 |
ProductName | Stub |
ProductVersion | 1.0.0.0 |
FileDescription | Stub |
OriginalFilename | Stub.exe |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 22, 2022 03:35:49.548432112 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.564968109 CET | 80 | 49769 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.565078020 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.565628052 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.581891060 CET | 80 | 49769 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.603715897 CET | 80 | 49769 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.648091078 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.651738882 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.651789904 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.651904106 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.919837952 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.919884920 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.970504045 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.970649958 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.973957062 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:49.973985910 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:49.974384069 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.138685942 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.471261024 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.502497911 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502588987 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502660990 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502712011 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.502718925 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502758026 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502784014 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.502826929 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502887964 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.502948046 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.502959967 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503032923 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503056049 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.503070116 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503156900 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503276110 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.503299952 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503324986 CET | 443 | 49770 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:50.503488064 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.503504992 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:50.510982990 CET | 49770 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:51.510516882 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:51.527602911 CET | 80 | 49769 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:35:51.527678967 CET | 49769 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:35:51.615544081 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:51.642159939 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:51.642265081 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.781536102 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.781826973 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.808290005 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.813298941 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.813864946 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.840512037 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.841029882 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.867722034 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.867769957 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.867809057 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.867837906 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.867841959 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.867891073 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.874455929 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.901079893 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.913222075 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.939934015 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.941560984 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:52.968317986 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:52.969223022 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:53.000490904 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:53.186350107 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:53.187505007 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:53.213756084 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:53.214073896 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:53.420264959 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:53.446252108 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:35:53.448362112 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:35:57.867176056 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:14.397748947 CET | 49778 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:14.414284945 CET | 80 | 49778 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:14.414541006 CET | 49778 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:14.415174961 CET | 49778 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:14.432487011 CET | 80 | 49778 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:14.441380978 CET | 80 | 49778 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:14.476999998 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:14.477051020 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:14.477332115 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:14.641254902 CET | 49778 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:15.152592897 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:15.152631998 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:15.192732096 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:15.192898035 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:15.232606888 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:15.232662916 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:15.233402014 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:15.438199997 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:15.441008091 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.405088902 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.430988073 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431046009 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431090117 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431113958 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.431128025 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431139946 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431184053 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431185961 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.431220055 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431252956 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.431263924 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431277037 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431318998 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.431338072 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431372881 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431395054 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.431416035 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431468964 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.431483030 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431500912 CET | 443 | 49779 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:16.431551933 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:16.435791969 CET | 49779 | 443 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:18.709213972 CET | 49778 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:18.725524902 CET | 80 | 49778 | 104.16.155.36 | 192.168.2.4 |
Mar 22, 2022 03:36:18.725651026 CET | 49778 | 80 | 192.168.2.4 | 104.16.155.36 |
Mar 22, 2022 03:36:18.804891109 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:18.831351995 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:18.831476927 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:18.859519005 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:18.859970093 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:18.886312008 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:18.890105009 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:18.890435934 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:18.917603970 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:18.918216944 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:18.945125103 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:18.945179939 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:18.945219994 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:18.945250988 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:18.945266008 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:18.945410013 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:18.948466063 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:18.975002050 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:18.985488892 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:19.012296915 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:19.063807011 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:19.090595007 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:19.091109991 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:19.121975899 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:19.339478970 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:19.340279102 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:19.366837978 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:19.367007017 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 |
Mar 22, 2022 03:36:19.453663111 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Mar 22, 2022 03:36:22.770102978 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 22, 2022 03:35:49.153886080 CET | 57747 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:35:49.172836065 CET | 53 | 57747 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:35:49.480837107 CET | 58171 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:35:49.502553940 CET | 53 | 58171 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:35:49.614589930 CET | 57594 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:35:49.636188030 CET | 53 | 57594 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:35:51.556113005 CET | 60512 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:35:51.583343983 CET | 53 | 60512 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:36:12.834089994 CET | 52472 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:36:13.878803968 CET | 52472 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:36:13.895982027 CET | 53 | 52472 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:36:14.321674109 CET | 62354 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:36:14.345383883 CET | 53 | 62354 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:36:14.452385902 CET | 50061 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:36:14.475357056 CET | 53 | 50061 | 8.8.8.8 | 192.168.2.4 |
Mar 22, 2022 03:36:18.751650095 CET | 60612 | 53 | 192.168.2.4 | 8.8.8.8 |
Mar 22, 2022 03:36:18.791414976 CET | 53 | 60612 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Mar 22, 2022 03:35:49.153886080 CET | 192.168.2.4 | 8.8.8.8 | 0x88e5 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Mar 22, 2022 03:35:49.480837107 CET | 192.168.2.4 | 8.8.8.8 | 0x74aa | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 03:35:49.614589930 CET | 192.168.2.4 | 8.8.8.8 | 0xa390 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 03:35:51.556113005 CET | 192.168.2.4 | 8.8.8.8 | 0x6013 | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 03:36:12.834089994 CET | 192.168.2.4 | 8.8.8.8 | 0xfeaa | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Mar 22, 2022 03:36:13.878803968 CET | 192.168.2.4 | 8.8.8.8 | 0xfeaa | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Mar 22, 2022 03:36:14.321674109 CET | 192.168.2.4 | 8.8.8.8 | 0xadcc | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 03:36:14.452385902 CET | 192.168.2.4 | 8.8.8.8 | 0x107a | Standard query (0) | A (IP address) | IN (0x0001) | |
Mar 22, 2022 03:36:18.751650095 CET | 192.168.2.4 | 8.8.8.8 | 0xbc04 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Mar 22, 2022 03:35:49.172836065 CET | 8.8.8.8 | 192.168.2.4 | 0x88e5 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | |
Mar 22, 2022 03:35:49.502553940 CET | 8.8.8.8 | 192.168.2.4 | 0x74aa | No error (0) | 104.16.155.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:35:49.502553940 CET | 8.8.8.8 | 192.168.2.4 | 0x74aa | No error (0) | 104.16.154.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:35:49.636188030 CET | 8.8.8.8 | 192.168.2.4 | 0xa390 | No error (0) | 104.16.155.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:35:49.636188030 CET | 8.8.8.8 | 192.168.2.4 | 0xa390 | No error (0) | 104.16.154.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:35:51.583343983 CET | 8.8.8.8 | 192.168.2.4 | 0x6013 | No error (0) | 108.177.127.109 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:36:13.895982027 CET | 8.8.8.8 | 192.168.2.4 | 0xfeaa | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | |
Mar 22, 2022 03:36:14.345383883 CET | 8.8.8.8 | 192.168.2.4 | 0xadcc | No error (0) | 104.16.155.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:36:14.345383883 CET | 8.8.8.8 | 192.168.2.4 | 0xadcc | No error (0) | 104.16.154.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:36:14.475357056 CET | 8.8.8.8 | 192.168.2.4 | 0x107a | No error (0) | 104.16.155.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:36:14.475357056 CET | 8.8.8.8 | 192.168.2.4 | 0x107a | No error (0) | 104.16.154.36 | A (IP address) | IN (0x0001) | ||
Mar 22, 2022 03:36:18.791414976 CET | 8.8.8.8 | 192.168.2.4 | 0xbc04 | No error (0) | 108.177.127.109 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49770 | 104.16.155.36 | 443 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49779 | 104.16.155.36 | 443 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.4 | 49769 | 104.16.155.36 | 80 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 22, 2022 03:35:49.565628052 CET | 1104 | OUT | |
Mar 22, 2022 03:35:49.603715897 CET | 1105 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.4 | 49778 | 104.16.155.36 | 80 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 22, 2022 03:36:14.415174961 CET | 1174 | OUT | |
Mar 22, 2022 03:36:14.441380978 CET | 1175 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49770 | 104.16.155.36 | 443 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-03-22 02:35:50 UTC | 0 | OUT | |
2022-03-22 02:35:50 UTC | 0 | IN | |
2022-03-22 02:35:50 UTC | 1 | IN | |
2022-03-22 02:35:50 UTC | 1 | IN | |
2022-03-22 02:35:50 UTC | 2 | IN | |
2022-03-22 02:35:50 UTC | 4 | IN | |
2022-03-22 02:35:50 UTC | 5 | IN | |
2022-03-22 02:35:50 UTC | 6 | IN | |
2022-03-22 02:35:50 UTC | 8 | IN | |
2022-03-22 02:35:50 UTC | 9 | IN | |
2022-03-22 02:35:50 UTC | 10 | IN | |
2022-03-22 02:35:50 UTC | 12 | IN | |
2022-03-22 02:35:50 UTC | 13 | IN | |
2022-03-22 02:35:50 UTC | 14 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49779 | 104.16.155.36 | 443 | C:\Users\user\AppData\Roaming\Windows Update.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-03-22 02:36:16 UTC | 14 | OUT | |
2022-03-22 02:36:16 UTC | 14 | IN | |
2022-03-22 02:36:16 UTC | 15 | IN | |
2022-03-22 02:36:16 UTC | 15 | IN | |
2022-03-22 02:36:16 UTC | 16 | IN | |
2022-03-22 02:36:16 UTC | 18 | IN | |
2022-03-22 02:36:16 UTC | 19 | IN | |
2022-03-22 02:36:16 UTC | 20 | IN | |
2022-03-22 02:36:16 UTC | 22 | IN | |
2022-03-22 02:36:16 UTC | 23 | IN | |
2022-03-22 02:36:16 UTC | 24 | IN | |
2022-03-22 02:36:16 UTC | 26 | IN | |
2022-03-22 02:36:16 UTC | 27 | IN | |
2022-03-22 02:36:16 UTC | 28 | IN |
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Mar 22, 2022 03:35:52.781536102 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 | 220 smtp.gmail.com ESMTP e5-20020a170906374500b006d5825520a7sm7639105ejc.71 - gsmtp |
Mar 22, 2022 03:35:52.781826973 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 | EHLO 980108 |
Mar 22, 2022 03:35:52.813298941 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 | 250-smtp.gmail.com at your service, [102.129.143.93] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 |
Mar 22, 2022 03:35:52.813864946 CET | 49771 | 587 | 192.168.2.4 | 108.177.127.109 | STARTTLS |
Mar 22, 2022 03:35:52.840512037 CET | 587 | 49771 | 108.177.127.109 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
Mar 22, 2022 03:36:18.859519005 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 | 220 smtp.gmail.com ESMTP f17-20020a056402355100b0041925e80963sm3788897edd.41 - gsmtp |
Mar 22, 2022 03:36:18.859970093 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 | EHLO 980108 |
Mar 22, 2022 03:36:18.890105009 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 | 250-smtp.gmail.com at your service, [102.129.143.93] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 |
Mar 22, 2022 03:36:18.890435934 CET | 49780 | 587 | 192.168.2.4 | 108.177.127.109 | STARTTLS |
Mar 22, 2022 03:36:18.917603970 CET | 587 | 49780 | 108.177.127.109 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:35:23 |
Start date: | 22/03/2022 |
Path: | C:\Users\user\Desktop\steg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf80000 |
File size: | 1167872 bytes |
MD5 hash: | 30747BB37997B54D37BAE65AE590B7E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 4 |
Start time: | 03:35:42 |
Start date: | 22/03/2022 |
Path: | C:\Users\user\AppData\Roaming\Windows Update.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10000 |
File size: | 1167872 bytes |
MD5 hash: | 30747BB37997B54D37BAE65AE590B7E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 11 |
Start time: | 03:35:51 |
Start date: | 22/03/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10000000 |
File size: | 33936 bytes |
MD5 hash: | 8D10DA8A3E11747E51F23C882C22BBC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 12 |
Start time: | 03:36:02 |
Start date: | 22/03/2022 |
Path: | C:\Users\user\AppData\Roaming\WindowsUpdate.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2c0000 |
File size: | 1167872 bytes |
MD5 hash: | 30747BB37997B54D37BAE65AE590B7E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 14 |
Start time: | 03:36:07 |
Start date: | 22/03/2022 |
Path: | C:\Users\user\AppData\Roaming\Windows Update.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xac0000 |
File size: | 1167872 bytes |
MD5 hash: | 30747BB37997B54D37BAE65AE590B7E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 15 |
Start time: | 03:36:17 |
Start date: | 22/03/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10000000 |
File size: | 33936 bytes |
MD5 hash: | 8D10DA8A3E11747E51F23C882C22BBC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Execution Graph
Execution Coverage: | 1.1% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 19 |
Total number of Limit Nodes: | 1 |
Graph
Function 03371E53 Relevance: 1.5, Instructions: 1488COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B11013 Relevance: 1.6, APIs: 1, Instructions: 98fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B11120 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B10310 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B1104A Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B111F0 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B112CB Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B11222 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B1187F Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B11306 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B11162 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B10A7F Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B10356 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B118AE Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05B10AA6 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370D20 Relevance: .3, Instructions: 308COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370D30 Relevance: .3, Instructions: 298COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370898 Relevance: .2, Instructions: 204COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03371528 Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370887 Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03371A88 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033702C0 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033702D0 Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03371B19 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03371B28 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03373D08 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370148 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033714D7 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370158 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370439 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370448 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033700B1 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0337081F Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370737 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370270 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033700C0 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370830 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03371538 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370748 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03373D18 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370280 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0337013E Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03373CE0 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0337011D Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03373CDE Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9C2C7 Relevance: 12.3, APIs: 4, Strings: 2, Instructions: 1756COMMONCrypto
C-Code - Quality: 55% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FBA6E7 Relevance: 11.0, APIs: 2, Strings: 4, Instructions: 517COMMONCrypto
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FC46C7 Relevance: 8.3, APIs: 2, Strings: 2, Instructions: 1339COMMONCrypto
C-Code - Quality: 63% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAC387 Relevance: 7.6, APIs: 2, Strings: 1, Instructions: 2344COMMONCrypto
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDFD97 Relevance: 6.0, APIs: 2, Strings: 1, Instructions: 748COMMONCrypto
C-Code - Quality: 91% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD2C77 Relevance: 3.9, APIs: 1, Instructions: 2404COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F93EC7 Relevance: 3.9, APIs: 2, Instructions: 873COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE4987 Relevance: 3.2, APIs: 2, Instructions: 190COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FCFAC7 Relevance: 3.0, APIs: 1, Instructions: 1503COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F9F4F7 Relevance: .5, Instructions: 546COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE3A57 Relevance: .5, Instructions: 533COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDE077 Relevance: .4, Instructions: 399COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8FB27 Relevance: .4, Instructions: 360COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA7C87 Relevance: .2, Instructions: 227COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8FFF7 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F90397 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FC64F7 Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAB6E7 Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F90287 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8FA17 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FCDC27 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE7FC7 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033719A8 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033719B8 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03370728 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03371800 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 033714C8 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8DF27 Relevance: 30.5, APIs: 20, Instructions: 460COMMON
C-Code - Quality: 53% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8F0B7 Relevance: 19.6, APIs: 13, Instructions: 87COMMON
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEAC3B Relevance: 16.8, APIs: 11, Instructions: 261COMMON
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8F737 Relevance: 13.7, APIs: 9, Instructions: 237COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F93D37 Relevance: 13.6, APIs: 9, Instructions: 123COMMON
C-Code - Quality: 54% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8E577 Relevance: 12.2, APIs: 8, Instructions: 245COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FB6977 Relevance: 11.3, Strings: 9, Instructions: 69COMMON
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8C857 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
C-Code - Quality: 20% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 17% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8F387 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD1547 Relevance: 6.2, APIs: 4, Instructions: 221COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA6677 Relevance: 6.2, APIs: 4, Instructions: 201COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F90637 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
C-Code - Quality: 51% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0100E0EC Relevance: 6.1, APIs: 4, Instructions: 98COMMON
C-Code - Quality: 43% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE93FA Relevance: 6.1, APIs: 4, Instructions: 81COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8F2D7 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 23% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 21% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010710E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0009E75C Relevance: 46.9, APIs: 31, Instructions: 416COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0001F0B7 Relevance: 19.6, APIs: 13, Instructions: 87COMMON
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000A178C Relevance: 19.6, APIs: 13, Instructions: 87COMMON
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0007AC3B Relevance: 16.8, APIs: 11, Instructions: 261COMMON
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0001F737 Relevance: 13.7, APIs: 9, Instructions: 237COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000A376C Relevance: 13.7, APIs: 9, Instructions: 236COMMON
C-Code - Quality: 43% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00023D37 Relevance: 13.6, APIs: 9, Instructions: 123COMMON
C-Code - Quality: 54% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0001E577 Relevance: 12.2, APIs: 8, Instructions: 245COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00046977 Relevance: 10.1, Strings: 8, Instructions: 69COMMON
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000A008C Relevance: 9.2, APIs: 6, Instructions: 234COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0001C857 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
C-Code - Quality: 20% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 17% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 19% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0009F7EC Relevance: 7.8, APIs: 5, Instructions: 305COMMON
C-Code - Quality: 55% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000A50EC Relevance: 7.8, APIs: 5, Instructions: 256COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0001F387 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0010A643 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00085B33 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 26% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000A2B0C Relevance: 6.3, APIs: 4, Instructions: 270COMMON
C-Code - Quality: 20% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00061547 Relevance: 6.2, APIs: 4, Instructions: 221COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00036677 Relevance: 6.2, APIs: 4, Instructions: 201COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00079500 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00020637 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
C-Code - Quality: 51% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000A56AC Relevance: 6.1, APIs: 4, Instructions: 124COMMON
C-Code - Quality: 51% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0009E0EC Relevance: 6.1, APIs: 4, Instructions: 98COMMON
C-Code - Quality: 43% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000793FA Relevance: 6.1, APIs: 4, Instructions: 81COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000A323C Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 23% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0001F2D7 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 23% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0008305D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00081B47 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FD5F3 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
C-Code - Quality: 21% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 1.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 58 |
Total number of Limit Nodes: | 5 |
Graph
Function 04BA1E53 Relevance: 1.5, Instructions: 1488COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248B074 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E510CB Relevance: 1.6, APIs: 1, Instructions: 96fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248B653 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248B342 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E511D4 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E510FE Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E51A0B Relevance: 1.6, APIs: 1, Instructions: 76windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E50310 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E512A4 Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248B67E Relevance: 1.6, APIs: 1, Instructions: 72COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E5137F Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248B362 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E51013 Relevance: 1.6, APIs: 1, Instructions: 68fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248BAB5 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248A5AF Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E512D6 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248A65A Relevance: 1.6, APIs: 1, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248A2D6 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E513BA Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E51216 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E50A7F Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E50356 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248A9F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E5104A Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248BAE6 Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248A5D6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248A2FA Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248B0BE Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E51A62 Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04E50AA6 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248AA12 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0248A69A Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0D20 Relevance: .3, Instructions: 305COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0D30 Relevance: .3, Instructions: 298COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0898 Relevance: .2, Instructions: 204COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0887 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA02C0 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA1B19 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA02D0 Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA1B28 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA3D08 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0148 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0254075C Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02540724 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0158 Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA043A Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025405CF Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA3CCF Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA00B1 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0448 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA1528 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA081F Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0737 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA00C0 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02540818 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0270 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA1538 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 025405F6 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0748 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA3D18 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA0280 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA013E Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA3CE0 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 024823F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BA011D Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 63% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002CF0B7 Relevance: 19.6, APIs: 13, Instructions: 87COMMON
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0032AC3B Relevance: 16.8, APIs: 11, Instructions: 261COMMON
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002CF737 Relevance: 13.7, APIs: 9, Instructions: 237COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002D3D37 Relevance: 13.6, APIs: 9, Instructions: 123COMMON
C-Code - Quality: 54% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002CE577 Relevance: 12.2, APIs: 8, Instructions: 245COMMON
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002F6977 Relevance: 10.1, Strings: 8, Instructions: 69COMMON
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002CC857 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
C-Code - Quality: 20% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 17% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 23% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002CF387 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003B1235 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMONLIBRARYCODE
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00311547 Relevance: 6.2, APIs: 4, Instructions: 221COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002E6677 Relevance: 6.2, APIs: 4, Instructions: 201COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002D0637 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
C-Code - Quality: 51% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0034E0EC Relevance: 6.1, APIs: 4, Instructions: 98COMMON
C-Code - Quality: 43% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003293FA Relevance: 6.1, APIs: 4, Instructions: 81COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0035323C Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 23% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002CF2D7 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 23% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 21% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003B10E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 5.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 2.3% |
Total number of Nodes: | 257 |
Total number of Limit Nodes: | 15 |
Graph
Function 05523C5B Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055217B4 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055217D6 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05523C92 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055237E0 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552256C Relevance: 1.6, APIs: 1, Instructions: 107COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055215E6 Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05522F29 Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05522734 Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05522B2A Relevance: 1.6, APIs: 1, Instructions: 90COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05525F54 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012BB8A3 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05523D28 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552386A Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012BA120 Relevance: 1.6, APIs: 1, Instructions: 82networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05523F14 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055207A8 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552290F Relevance: 1.6, APIs: 1, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05522F62 Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05523118 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05522026 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05523E4A Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05522126 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055219AE Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05522772 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05523D62 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552306A Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012BA5AF Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05525A4A Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05522E86 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055225AA Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05522942 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552546A Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552314E Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05522A3A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05520FDB Relevance: 1.6, APIs: 1, Instructions: 53windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05525CCA Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05521558 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055208B2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05523A4A Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05525A6E Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05523F6A Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552163E Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055200DE Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552605E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 055207F2 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05521AB2 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552610A Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552157A Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05525FBE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012BA8AE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 05521002 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0552632A Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012CB354 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012CB3A3 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012B23F4 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012B23BC Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |