Windows
Analysis Report
RFQ__637456464647.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- RFQ__637456464647.exe (PID: 6312 cmdline:
"C:\Users\ user\Deskt op\RFQ__63 7456464647 .exe" MD5: B4BC907E8D48E8F09B4D9FDD8D416599) - RFQ__637456464647.exe (PID: 6400 cmdline:
C:\Users\u ser\Deskto p\RFQ__637 456464647. exe MD5: B4BC907E8D48E8F09B4D9FDD8D416599) - chrome.exe (PID: 6672 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\chrome .exe" MD5: 7F916511A313837EFCDE9E4112A64E5B) - WerFault.exe (PID: 7124 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 312 -s 129 6 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- cleanup
{"Exfil Mode": "Telegram", "Telegram Token": "Null!", "Telegram ID": "5164987354:AAFbwY5baNRyoCilWU25jL6nSQnU8yn8vuc"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
MALWARE_Win_SnakeKeylogger | Detects Snake Keylogger | ditekSHen |
| |
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Click to see the 57 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 109 entries |
Timestamp: | 192.168.2.3132.226.8.16949740802842536 05/23/22-19:00:12.710166 |
SID: | 2842536 |
Source Port: | 49740 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_054D0498 | |
Source: | Code function: | 1_2_054D0040 | |
Source: | Code function: | 1_2_054D08F0 | |
Source: | Code function: | 1_2_0648DE00 | |
Source: | Code function: | 1_2_06484628 | |
Source: | Code function: | 1_2_06484ED8 | |
Source: | Code function: | 1_2_0648E6D8 | |
Source: | Code function: | 1_2_06487EA0 | |
Source: | Code function: | 1_2_06488750 | |
Source: | Code function: | 1_2_06485788 | |
Source: | Code function: | 1_2_0648EF88 | |
Source: | Code function: | 1_2_064834C8 | |
Source: | Code function: | 1_2_06486490 | |
Source: | Code function: | 1_2_06486D40 | |
Source: | Code function: | 1_2_06483D78 | |
Source: | Code function: | 1_2_064875F0 | |
Source: | Code function: | 1_2_06487A48 | |
Source: | Code function: | 1_2_064882F8 | |
Source: | Code function: | 1_2_06484A80 | |
Source: | Code function: | 1_2_0648E280 | |
Source: | Code function: | 1_2_06485330 | |
Source: | Code function: | 1_2_0648EB30 | |
Source: | Code function: | 1_2_06485BE0 | |
Source: | Code function: | 1_2_0648F3E0 | |
Source: | Code function: | 1_2_06483070 | |
Source: | Code function: | 1_2_06486038 | |
Source: | Code function: | 1_2_0648F838 | |
Source: | Code function: | 1_2_064868E8 | |
Source: | Code function: | 1_2_06483920 | |
Source: | Code function: | 1_2_064841D0 | |
Source: | Code function: | 1_2_06487198 | |
Source: | Code function: | 1_2_0648C336 | |
Source: | Code function: | 1_2_0648C00F | |
Source: | Code function: | 1_2_0648C020 |
Networking |
---|
Source: | Snort IDS: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Binary or memory string: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process created: |
Source: | Code function: | 1_2_054D0498 | |
Source: | Code function: | 1_2_054D0040 | |
Source: | Code function: | 1_2_054D4318 | |
Source: | Code function: | 1_2_054D2398 | |
Source: | Code function: | 1_2_054D4FB0 | |
Source: | Code function: | 1_2_054D4968 | |
Source: | Code function: | 1_2_054D29E0 | |
Source: | Code function: | 1_2_054D08F0 | |
Source: | Code function: | 1_2_054D3678 | |
Source: | Code function: | 1_2_054D16F8 | |
Source: | Code function: | 1_2_054D3028 | |
Source: | Code function: | 1_2_054D1D48 | |
Source: | Code function: | 1_2_054D3CC8 | |
Source: | Code function: | 1_2_054D0493 | |
Source: | Code function: | 1_2_054D0016 | |
Source: | Code function: | 1_2_054D430A | |
Source: | Code function: | 1_2_054D2388 | |
Source: | Code function: | 1_2_054D4F9F | |
Source: | Code function: | 1_2_054D4959 | |
Source: | Code function: | 1_2_054D29CF | |
Source: | Code function: | 1_2_054D08E0 | |
Source: | Code function: | 1_2_054D3668 | |
Source: | Code function: | 1_2_054D16EA | |
Source: | Code function: | 1_2_054D3018 | |
Source: | Code function: | 1_2_054D1D38 | |
Source: | Code function: | 1_2_054D3CB9 | |
Source: | Code function: | 1_2_0648DE00 | |
Source: | Code function: | 1_2_06484628 | |
Source: | Code function: | 1_2_06484ED8 | |
Source: | Code function: | 1_2_0648E6D8 | |
Source: | Code function: | 1_2_06487EA0 | |
Source: | Code function: | 1_2_06488750 | |
Source: | Code function: | 1_2_0648B770 | |
Source: | Code function: | 1_2_06485788 | |
Source: | Code function: | 1_2_0648EF88 | |
Source: | Code function: | 1_2_064834C8 | |
Source: | Code function: | 1_2_06486490 | |
Source: | Code function: | 1_2_06486D40 | |
Source: | Code function: | 1_2_06483D78 | |
Source: | Code function: | 1_2_064875F0 | |
Source: | Code function: | 1_2_06487A48 | |
Source: | Code function: | 1_2_064882F8 | |
Source: | Code function: | 1_2_06484A80 | |
Source: | Code function: | 1_2_0648E280 | |
Source: | Code function: | 1_2_06485330 | |
Source: | Code function: | 1_2_0648EB30 | |
Source: | Code function: | 1_2_06485BE0 | |
Source: | Code function: | 1_2_0648F3E0 | |
Source: | Code function: | 1_2_0648C398 | |
Source: | Code function: | 1_2_06488BA8 | |
Source: | Code function: | 1_2_06480040 | |
Source: | Code function: | 1_2_06483070 | |
Source: | Code function: | 1_2_06486038 | |
Source: | Code function: | 1_2_0648F838 | |
Source: | Code function: | 1_2_064868E8 | |
Source: | Code function: | 1_2_0648D098 | |
Source: | Code function: | 1_2_06483920 | |
Source: | Code function: | 1_2_064841D0 | |
Source: | Code function: | 1_2_06487198 | |
Source: | Code function: | 1_2_06484621 | |
Source: | Code function: | 1_2_06484EC8 | |
Source: | Code function: | 1_2_0648E6C8 | |
Source: | Code function: | 1_2_0648B6C9 | |
Source: | Code function: | 1_2_06487E90 | |
Source: | Code function: | 1_2_06488741 | |
Source: | Code function: | 1_2_06485778 | |
Source: | Code function: | 1_2_0648EF79 | |
Source: | Code function: | 1_2_06486483 | |
Source: | Code function: | 1_2_064834B8 | |
Source: | Code function: | 1_2_06483D68 | |
Source: | Code function: | 1_2_06486D37 | |
Source: | Code function: | 1_2_064875E0 | |
Source: | Code function: | 1_2_0648DDF0 | |
Source: | Code function: | 1_2_06484A70 | |
Source: | Code function: | 1_2_0648E271 | |
Source: | Code function: | 1_2_06487A3B | |
Source: | Code function: | 1_2_064882E8 | |
Source: | Code function: | 1_2_0648EB20 | |
Source: | Code function: | 1_2_06485321 | |
Source: | Code function: | 1_2_06485BD0 | |
Source: | Code function: | 1_2_0648F3D0 | |
Source: | Code function: | 1_2_06483063 | |
Source: | Code function: | 1_2_0648C00F | |
Source: | Code function: | 1_2_0648F828 | |
Source: | Code function: | 1_2_0648602F | |
Source: | Code function: | 1_2_0648C020 | |
Source: | Code function: | 1_2_06480033 | |
Source: | Code function: | 1_2_064868D8 | |
Source: | Code function: | 1_2_06483910 | |
Source: | Code function: | 1_2_064841C0 | |
Source: | Code function: | 1_2_06487188 | |
Source: | Code function: | 5_2_00007FF7A8B761E0 | |
Source: | Code function: | 5_2_00007FF7A8B76A10 | |
Source: | Code function: | 5_2_00007FF7A8B67160 | |
Source: | Code function: | 5_2_00007FF7A8B5B170 | |
Source: | Code function: | 5_2_00007FF7A8B13980 | |
Source: | Code function: | 5_2_00007FF7A8B3B220 | |
Source: | Code function: | 5_2_00007FF7A8AADA80 | |
Source: | Code function: | 5_2_00007FF7A8B993DC | |
Source: | Code function: | 5_2_00007FF7A8A76BA0 | |
Source: | Code function: | 5_2_00007FF7A8A74B50 | |
Source: | Code function: | 5_2_00007FF7A8B5DB20 | |
Source: | Code function: | 5_2_00007FF7A8BE1CE0 | |
Source: | Code function: | 5_2_00007FF7A8AAE4B0 | |
Source: | Code function: | 5_2_00007FF7A8B3DC90 | |
Source: | Code function: | 5_2_00007FF7A8A76C80 | |
Source: | Code function: | 5_2_00007FF7A8B395A0 | |
Source: | Code function: | 5_2_00007FF7A8B665D0 | |
Source: | Code function: | 5_2_00007FF7A8AA4540 | |
Source: | Code function: | 5_2_00007FF7A8AB0540 | |
Source: | Code function: | 5_2_00007FF7A8A75D90 | |
Source: | Code function: | 5_2_00007FF7A8C05550 | |
Source: | Code function: | 5_2_00007FF7A8A77D60 | |
Source: | Code function: | 5_2_00007FF7A8AB96A0 | |
Source: | Code function: | 5_2_00007FF7A8C0CEC0 | |
Source: | Code function: | 5_2_00007FF7A8B5A630 | |
Source: | Code function: | 5_2_00007FF7A8B5AFE0 | |
Source: | Code function: | 5_2_00007FF7A8B65FA0 | |
Source: | Code function: | 5_2_00007FF7A8AE9780 | |
Source: | Code function: | 5_2_00007FF7A8B3E8B0 | |
Source: | Code function: | 5_2_00007FF7A8AC60E0 |
Source: | Code function: | 0_2_01722F68 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Code function: | 5_2_00007FF7A8BDA170 |
Source: | Static file information: | |||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_054D9BB1 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 5_2_00007FF7A8B391C0 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 5_2_00007FF7A8AA4330 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 1_2_06482D81 |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 5_2_00007FF7A8B13980 | |
Source: | Code function: | 5_2_00007FF7A8A77D60 | |
Source: | Code function: | 5_2_00007FF7A8B9AFA0 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 5_2_00007FF7A8AC60E0 |
Source: | Code function: | 5_2_00007FF7A8B8819C |
Source: | Code function: | 5_2_00007FF7A8A8B550 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 2 Command and Scripting Interpreter | 1 Valid Accounts | 1 Valid Accounts | 1 Valid Accounts | 2 OS Credential Dumping | 11 System Time Discovery | Remote Services | 1 Email Collection | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Access Token Manipulation | 1 Input Capture | 2 Security Software Discovery | Remote Desktop Protocol | 1 Input Capture | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 112 Process Injection | 1 Virtualization/Sandbox Evasion | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 11 Archive Collected Data | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Disable or Modify Tools | NTDS | 1 Process Discovery | Distributed Component Object Model | 2 Data from Local System | Scheduled Transfer | 2 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 112 Process Injection | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 11 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | 15 System Information Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Software Packing | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
46% | ReversingLabs | ByteCode-MSIL.Backdoor.Bladabhindi | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
checkip.dyndns.com | 132.226.8.169 | true | true | unknown | |
checkip.dyndns.org | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
132.226.8.169 | checkip.dyndns.com | United States | 16989 | UTMEMUS | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 632544 |
Start date and time: 23/05/202218:58:49 | 2022-05-23 18:58:49 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | RFQ__637456464647.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 29 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/5@2/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, onedsblobprdcus15.centralus.cloudapp.azure.com, store-images.s-microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, arc.msn.com
- Execution Graph export aborted for target chrome.exe, PID 6672 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
19:00:24 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
132.226.8.169 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
checkip.dyndns.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
UTMEMUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RFQ__63745646464_94dd9d68755d61cc97c9e42d0ec1b28c5989ec6_083b13b0_1b958159\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0802804484479727 |
Encrypted: | false |
SSDEEP: | 192:WOyEvUsxHBUZMXSaKtXfW/u7s4S274Itw:ZyEvUSBUZMXSah/u7s4X4Itw |
MD5: | E56BC667B3B678430631F7CE3B8BBD4C |
SHA1: | EA08F52BDD81A1D5BD03C34A20802621A13A5E8C |
SHA-256: | 3C7F3BEF460243B93180F3CCBD3CBC10971A29097D21F53C4B57598568A8058C |
SHA-512: | F0ED9A2F476CD8B0899F8234DF82D1FFE2480992EC4EAE7A3957214828AFE6A64B9DCF86399061B7889A108F69F41485A778C450FBDC86D64B8B15D2E69B33D4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 265529 |
Entropy (8bit): | 3.312337303087705 |
Encrypted: | false |
SSDEEP: | 3072:rkHORSy0dv9UCgUnOw9gIOgF5xlH0DhmGndsTjd+pe:rkkTcTjP9RpDxt0AGFp |
MD5: | 7973C58C32915FBA6B5E4EEE9BF12854 |
SHA1: | 8FBE6CBECD95C5CE84DC87F9A6399D06FD2BDBBC |
SHA-256: | 0583DBAE1CBBF287351119BDE87703268E64DA8D430F9D3C33A9D99C185432B2 |
SHA-512: | 16E6182D38A8D0AB550B3FA310E6FC81E84E8AEEF686015B9050A2F8CB1A74D6C406CEFBC0A830E496F8655DEADB904F7444CA7835083ECBF4B1235098380EE9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8422 |
Entropy (8bit): | 3.6962392631754497 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNicG6yVG6YWhSUvlCvGgmfZF3S3Cprz89bphsfSYjm:RrlsNi16yVG6YgSUvlzgmf73S7pafSx |
MD5: | DB6D045DBC6C75AE674930E621C24D0C |
SHA1: | EC5D9E89F492C938C6B45FD7948D6D7E630575C0 |
SHA-256: | 6763D58AA2DA5B1C0DB34B2CD54ABF3DEA1334933A99F235945CFDD3CD6B445A |
SHA-512: | 27D6CDA8DA201F33BCEFFBD510B010C421FD95B0D2871636315AA63C3147B43E11CB310388FB9AD143452D723651EFF61E9350C20A72AD7EB47BF5352048A18A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4794 |
Entropy (8bit): | 4.506229802328503 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsjJgtWI9AGWgc8sqYj68fm8M4JKOwO7FnHno+q8vrOwOsUPOY4TsK3QE:uITf9nHgrsqYbJ7wcIKawyPO1Y1ud |
MD5: | 10BD2D57F1961B27D477C05A55D89E59 |
SHA1: | 1ABFAD5821C4BC61962184488F33565531BB59F9 |
SHA-256: | 40DBD1A60D73AA328FAB8171384B79764B1A0F1A934FB1038CC0BE506F2CEB11 |
SHA-512: | D8A24722E437F15B220AF4A2AC6BB5DA80E8F6B90C25CA69C3FCE203329D755953F8F9B739039FC3EE766DFB9D7273A9790535D741CBB8856F02A386D36C828F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\RFQ__637456464647.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2622352 |
Entropy (8bit): | 6.584925607886023 |
Encrypted: | false |
SSDEEP: | 49152:ZkwWDBRk5Swp1oFSFb8XUK+3crWECSP/cESM0RCZ/Sf8peUTbVkyC:2TX79FXCaSMHpC |
MD5: | 7F916511A313837EFCDE9E4112A64E5B |
SHA1: | 6A2A2427CF1D888CB40A18527478C84DEDF1DB61 |
SHA-256: | F342AF2B1E3DD9BA90C10F643EC1F50459EFBB5912496E8AC553682C2B7A9F6E |
SHA-512: | A2F92AE37D6ECD16D7B4312EA2548F494D01BD386A439E05258073F4038FCFA60BD7D79FCB8CA5B285BAC121799826B87655EC594F7B4A9CCF5DA70CE3273E1B |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.991836040381107 |
TrID: |
|
File name: | RFQ__637456464647.exe |
File size: | 2844160 |
MD5: | b4bc907e8d48e8f09b4d9fdd8d416599 |
SHA1: | 592a814a428c8a5de3f06245996fc775e8dc987f |
SHA256: | 7f7804a5460695dae61e378d733f0a613083e84c654ea6264a5276944b33f943 |
SHA512: | b74608846f9e494789e52b79e1aab9fd5fa7918b46441cc0cf2ee0d2883151c327180b4119bbeae6bd83360dcedc8c6142e6fab0b56650b818aa51a2527d6759 |
SSDEEP: | 49152:oXJTCTSfReUawVjvGdhAD7E3IJ6daAQeFdjwCE1/02Xro9+83qpK:suoRZawVjvGdhGE3IJA/jwD82013q |
TLSH: | A9D52383B38AA47AF0BC25B4DCC3EB834F65579C5665FCD62A8151AC38253BBE570213 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b.................Z+..........y+.. ....+...@.. ........................+.......+...@................................ |
Icon Hash: | 00828e8e8686b000 |
Entrypoint: | 0x6b791a |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x628B062E [Mon May 23 03:57:34 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2b78d0 | 0x4a | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2b8000 | 0x72a | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2ba000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x2b5920 | 0x2b5a00 | unknown | unknown | unknown | unknown | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x2b8000 | 0x72a | 0x800 | False | 0.31591796875 | data | 4.48924436504 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x2ba000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x2b80b8 | 0x27c | data | ||
RT_MANIFEST | 0x2b8334 | 0x1fa | XML 1.0 document, ASCII text, with very long lines, with no line terminators | ||
RT_MANIFEST | 0x2b8530 | 0x1fa | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | |
Assembly Version | 0.0.0.0 |
InternalName | JxIIaRUTvaLxexPWTLbbe.exe |
FileVersion | 0.0.0.0 |
ProductVersion | 0.0.0.0 |
FileDescription | |
OriginalFilename | JxIIaRUTvaLxexPWTLbbe.exe |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.3132.226.8.16949740802842536 05/23/22-19:00:12.710166 | TCP | 2842536 | ETPRO TROJAN 404/Snake/Matiex Keylogger Style External IP Check | 49740 | 80 | 192.168.2.3 | 132.226.8.169 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 23, 2022 19:00:09.422519922 CEST | 49740 | 80 | 192.168.2.3 | 132.226.8.169 |
May 23, 2022 19:00:12.433237076 CEST | 49740 | 80 | 192.168.2.3 | 132.226.8.169 |
May 23, 2022 19:00:12.709538937 CEST | 80 | 49740 | 132.226.8.169 | 192.168.2.3 |
May 23, 2022 19:00:12.709647894 CEST | 49740 | 80 | 192.168.2.3 | 132.226.8.169 |
May 23, 2022 19:00:12.710165977 CEST | 49740 | 80 | 192.168.2.3 | 132.226.8.169 |
May 23, 2022 19:00:12.986522913 CEST | 80 | 49740 | 132.226.8.169 | 192.168.2.3 |
May 23, 2022 19:00:13.988107920 CEST | 80 | 49740 | 132.226.8.169 | 192.168.2.3 |
May 23, 2022 19:00:14.126456022 CEST | 49740 | 80 | 192.168.2.3 | 132.226.8.169 |
May 23, 2022 19:01:18.987670898 CEST | 80 | 49740 | 132.226.8.169 | 192.168.2.3 |
May 23, 2022 19:01:18.987759113 CEST | 49740 | 80 | 192.168.2.3 | 132.226.8.169 |
May 23, 2022 19:01:54.057121992 CEST | 49740 | 80 | 192.168.2.3 | 132.226.8.169 |
May 23, 2022 19:01:54.333545923 CEST | 80 | 49740 | 132.226.8.169 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 23, 2022 19:00:09.279763937 CEST | 64851 | 53 | 192.168.2.3 | 8.8.8.8 |
May 23, 2022 19:00:09.298605919 CEST | 53 | 64851 | 8.8.8.8 | 192.168.2.3 |
May 23, 2022 19:00:09.312563896 CEST | 49316 | 53 | 192.168.2.3 | 8.8.8.8 |
May 23, 2022 19:00:09.331444979 CEST | 53 | 49316 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 23, 2022 19:00:09.279763937 CEST | 192.168.2.3 | 8.8.8.8 | 0xc5ee | Standard query (0) | A (IP address) | IN (0x0001) | |
May 23, 2022 19:00:09.312563896 CEST | 192.168.2.3 | 8.8.8.8 | 0x2cce | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 23, 2022 19:00:09.298605919 CEST | 8.8.8.8 | 192.168.2.3 | 0xc5ee | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | ||
May 23, 2022 19:00:09.298605919 CEST | 8.8.8.8 | 192.168.2.3 | 0xc5ee | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | ||
May 23, 2022 19:00:09.298605919 CEST | 8.8.8.8 | 192.168.2.3 | 0xc5ee | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | ||
May 23, 2022 19:00:09.298605919 CEST | 8.8.8.8 | 192.168.2.3 | 0xc5ee | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | ||
May 23, 2022 19:00:09.298605919 CEST | 8.8.8.8 | 192.168.2.3 | 0xc5ee | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | ||
May 23, 2022 19:00:09.298605919 CEST | 8.8.8.8 | 192.168.2.3 | 0xc5ee | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | ||
May 23, 2022 19:00:09.331444979 CEST | 8.8.8.8 | 192.168.2.3 | 0x2cce | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | ||
May 23, 2022 19:00:09.331444979 CEST | 8.8.8.8 | 192.168.2.3 | 0x2cce | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | ||
May 23, 2022 19:00:09.331444979 CEST | 8.8.8.8 | 192.168.2.3 | 0x2cce | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | ||
May 23, 2022 19:00:09.331444979 CEST | 8.8.8.8 | 192.168.2.3 | 0x2cce | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | ||
May 23, 2022 19:00:09.331444979 CEST | 8.8.8.8 | 192.168.2.3 | 0x2cce | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | ||
May 23, 2022 19:00:09.331444979 CEST | 8.8.8.8 | 192.168.2.3 | 0x2cce | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49740 | 132.226.8.169 | 80 | C:\Users\user\Desktop\RFQ__637456464647.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 23, 2022 19:00:12.710165977 CEST | 1139 | OUT | |
May 23, 2022 19:00:13.988107920 CEST | 1139 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:59:56 |
Start date: | 23/05/2022 |
Path: | C:\Users\user\Desktop\RFQ__637456464647.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd20000 |
File size: | 2844160 bytes |
MD5 hash: | B4BC907E8D48E8F09B4D9FDD8D416599 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 1 |
Start time: | 18:59:58 |
Start date: | 23/05/2022 |
Path: | C:\Users\user\Desktop\RFQ__637456464647.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8f0000 |
File size: | 2844160 bytes |
MD5 hash: | B4BC907E8D48E8F09B4D9FDD8D416599 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Target ID: | 5 |
Start time: | 19:00:08 |
Start date: | 23/05/2022 |
Path: | C:\Users\user\AppData\Local\Temp\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a8a70000 |
File size: | 2622352 bytes |
MD5 hash: | 7F916511A313837EFCDE9E4112A64E5B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Target ID: | 13 |
Start time: | 19:00:19 |
Start date: | 23/05/2022 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf40000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
Execution Graph
Execution Coverage: | 24.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 5.8% |
Total number of Nodes: | 52 |
Total number of Limit Nodes: | 2 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017233F0 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017233F8 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017234B1 Relevance: 1.5, APIs: 1, Instructions: 49memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 017234B8 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01723631 Relevance: 1.5, APIs: 1, Instructions: 44threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01723638 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 8.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 44.4% |
Total number of Nodes: | 18 |
Total number of Limit Nodes: | 1 |
Graph
Function 06480040 Relevance: 3.5, Strings: 1, Instructions: 2230COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06487A48 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06483070 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648DE00 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06484628 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648F838 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06486038 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064834C8 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06484ED8 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648E6D8 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064868E8 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064882F8 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648E280 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06484A80 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06486490 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06487EA0 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06486D40 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06488750 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06483D78 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06483920 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648EB30 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06485330 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064841D0 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648F3E0 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06485BE0 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064875F0 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648EF88 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06485788 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06487198 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D0498 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D0040 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D08F0 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064882E8 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D0016 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06488741 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648F828 Relevance: 1.6, APIs: 1, Instructions: 105COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064834B8 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06483D68 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06487188 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D08E0 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648F3D0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648E6C8 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06485778 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648EF79 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648EB20 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06485BD0 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648E271 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064868D8 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06487E90 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06483910 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064841C0 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648DDF0 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06484A70 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06484EC8 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06486D37 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064875E0 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648602F Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06485321 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06483063 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06484621 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06487A3B Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06486483 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D0493 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06480033 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06488BA8 Relevance: .7, Instructions: 745COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648D098 Relevance: .7, Instructions: 693COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648C398 Relevance: .7, Instructions: 677COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D4318 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D4FB0 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D3678 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D16F8 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D3028 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D1D48 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D3CC8 Relevance: .2, Instructions: 219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648B6C9 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D2398 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D4968 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D29E0 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648B770 Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D2388 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D29CF Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D4959 Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D3CB9 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D4F9F Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D430A Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D3668 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D3018 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D16EA Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054D1D38 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06482AD8 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06482C73 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06482F2C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06482ECC Relevance: 1.6, APIs: 1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054DB981 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 054DB988 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648C020 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648C00F Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0648C336 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8B13980 Relevance: 27.1, APIs: 4, Strings: 11, Instructions: 840COMMONCrypto
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A77D60 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 600COMMONCrypto
C-Code - Quality: 27% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8B391C0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 223COMMON
C-Code - Quality: 27% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AC60E0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 198pipeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AA4330 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80threadlibraryloaderCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8B5A630 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 242COMMONCrypto
C-Code - Quality: 45% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8BDA170 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80windowCOMMON
C-Code - Quality: 23% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AA4540 Relevance: 6.3, APIs: 4, Instructions: 329threadCOMMONCrypto
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 19% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AB0E20 Relevance: 4.6, APIs: 3, Instructions: 61memoryinjectionCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AA9040 Relevance: 66.7, APIs: 1, Strings: 37, Instructions: 167COMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AB0113 Relevance: 15.2, APIs: 10, Instructions: 179injectionfileCOMMON
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8C208A0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 104COMMON
C-Code - Quality: 21% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8BBAE4C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86libraryloaderCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 33% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AC3E40 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 181libraryloaderCOMMON
C-Code - Quality: 42% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A7A710 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 104COMMON
C-Code - Quality: 36% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AC4120 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 57libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A7CB00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182timeCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AB9EA0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 159libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A79280 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 112COMMON
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A7A8D0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 112fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8B45850 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 107timeCOMMON
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AC3CE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81threadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A790A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78COMMON
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A796D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8BFABB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A7A480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79fileCOMMON
C-Code - Quality: 32% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8C11C00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72fileCOMMON
C-Code - Quality: 32% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A79460 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A7ACD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47fileCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A79900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
C-Code - Quality: 28% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8AA1710 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 41COMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A93830 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8B6A180 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114COMMON
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8ABA080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8BC2D40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8ACE870 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
C-Code - Quality: 25% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8B8B26C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8A71080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8ABE5D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37threadCOMMON
C-Code - Quality: 16% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8B67AA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A8BAE5BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
C-Code - Quality: 27% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |