Windows Analysis Report
TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Overview

General Information

Sample Name:	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Analysis ID:	682142
MD5:	687eaf8fd9a58cf46574aef19dafc169
SHA1:	cd557296fdbb180f7ff621740194358c35f40df2
SHA256:	29dde4dac348711a623a7a26f912d95fa2049f8853fa60b2dc4b2ab1fa977302
Tags:	exeSnakeKeylogger
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Snake Keylogger

Malicious sample detected (through community Yara rule)

Yara detected Telegram RAT

Yara detected AntiVM3

Snort IDS alert for network traffic

Tries to steal Mail credentials (via file / registry access)

Tries to harvest and steal ftp login credentials

.NET source code references suspicious native API functions

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

May check the online IP address of the machine

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

Yara detected Generic Downloader

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Yara detected Credential Stealer

Creates processes with suspicious names

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Uses a known web browser user agent for HTTP communication

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Virustotal: Detection: 16%

Perma Link

Machine Learning detection for sample

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Joe Sandbox ML: detected

Antivirus or Machine Learning detection for unpacked file

Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack

Avira: Label: TR/ATRAPS.Gen

Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram Token": "5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU", "Telegram ID": "5350445922"}

Uses 32bit PE files

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E3319h	4_2_067E3070
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E7CF1h	4_2_067E7A48
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EFAE1h	4_2_067EF838
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E62E1h	4_2_067E6038
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E48D1h	4_2_067E4628
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EE0A9h	4_2_067EDE00
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E85A1h	4_2_067E82F8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E6B91h	4_2_067E68E8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E5181h	4_2_067E4ED8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EE981h	4_2_067EE6D8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E3771h	4_2_067E34C8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E8149h	4_2_067E7EA0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E6739h	4_2_067E6490
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E4D29h	4_2_067E4A80
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EE529h	4_2_067EE280
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E4021h	4_2_067E3D78
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E89F9h	4_2_067E8750
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E6FE9h	4_2_067E6D40
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E55D9h	4_2_067E5330
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EEDD9h	4_2_067EEB30
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E3BC9h	4_2_067E3920
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E7899h	4_2_067E75F0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EF689h	4_2_067EF3E0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E5E89h	4_2_067E5BE0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E4479h	4_2_067E41D0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E7441h	4_2_067E7198
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E5A31h	4_2_067E5788
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EF231h	4_2_067EEF88
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	4_2_067EC020
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	4_2_067EC00F
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	4_2_067EC336

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2842536 ETPRO TROJAN 404/Snake/Matiex Keylogger Style External IP Check 192.168.2.3:49745 -> 132.226.8.169:80

May check the online IP address of the machine

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org

Yara detected Generic Downloader

Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: UTMEMUS UTMEMUS

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 132.226.8.169 132.226.8.169

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.507243389.0000000003314000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.507243389.0000000003314000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org4
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244944693.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://en.wT
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241548753.0000000005424000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241643484.0000000005424000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241515901.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241515901.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.comhcB
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	String found in binary or memory: http://philiphanson.org/medius/book/1.0
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	String found in binary or memory: http://philiphanson.org/medius/temp-transform
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244750060.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com.9
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com8
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comB
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comD
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comO
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comP
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comTC
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244750060.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comX
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coma
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comn-ug
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.como.
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comubh
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248292088.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247899736.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248013764.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249212196.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247599965.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248975877.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247971338.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249401879.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248316005.0000000005468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html(
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249124611.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249035342.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247971338.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers5
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248292088.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249401879.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249612104.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249521915.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersC
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248975877.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersV
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249347532.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersa
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254479324.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259791263.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255468860.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255512656.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259750301.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259972416.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254531502.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254663310.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255575317.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254568643.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260234535.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260027135.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260132985.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254400877.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259851842.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269537935.000000000544C000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254635868.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259562054.000000000544A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersico
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249035342.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersr
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248087830.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248047250.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248013764.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designerss
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com0
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comC
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comFq
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comW.TTF.
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269568884.0000000005420000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.coma
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comalsm
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comdTTF
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269568884.0000000005420000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comgretaU
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comsiv
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243623220.0000000005425000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243492789.000000000545D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243660543.0000000005427000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243524363.000000000545D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243744160.000000000542B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.252246557.000000000542C000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.krF
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.240550270.000000000543B000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.240550270.000000000543B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.come
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr8
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krB
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krK
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krp
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243660543.0000000005427000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comY
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.nete
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netsiv
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnP
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnX
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cna
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnb
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cny
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot

Source: unknown

DNS traffic detected: queries for: checkip.dyndns.org

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown

Uses 32bit PE files

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23

Detected potential crypto function

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250C214	0_2_0250C214
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250EBB2	0_2_0250EBB2
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250EBB8	0_2_0250EBB8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_04F006B4	0_2_04F006B4
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_04F037F1	0_2_04F037F1
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_06C96338	0_2_06C96338
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3070	4_2_067E3070
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7A48	4_2_067E7A48
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E0040	4_2_067E0040
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF838	4_2_067EF838
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6038	4_2_067E6038
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4628	4_2_067E4628
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EDE00	4_2_067EDE00
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E82F8	4_2_067E82F8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E68E8	4_2_067E68E8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4ED8	4_2_067E4ED8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE6D8	4_2_067EE6D8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E34C8	4_2_067E34C8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7EA0	4_2_067E7EA0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067ED098	4_2_067ED098
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6490	4_2_067E6490
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4A80	4_2_067E4A80
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE280	4_2_067EE280
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3D78	4_2_067E3D78
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EB770	4_2_067EB770
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E8750	4_2_067E8750
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6D40	4_2_067E6D40
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5330	4_2_067E5330
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEB30	4_2_067EEB30
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3920	4_2_067E3920
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E75F0	4_2_067E75F0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF3E0	4_2_067EF3E0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5BE0	4_2_067E5BE0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E41D0	4_2_067E41D0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E8BA8	4_2_067E8BA8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EC398	4_2_067EC398
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7198	4_2_067E7198
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5788	4_2_067E5788
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEF88	4_2_067EEF88
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4A70	4_2_067E4A70
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE271	4_2_067EE271
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3060	4_2_067E3060
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7A3A	4_2_067E7A3A
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E0033	4_2_067E0033
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E602A	4_2_067E602A
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF828	4_2_067EF828
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EC020	4_2_067EC020
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4618	4_2_067E4618
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EC00F	4_2_067EC00F
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E82E8	4_2_067E82E8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E68D8	4_2_067E68D8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4EC8	4_2_067E4EC8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE6C8	4_2_067EE6C8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EB6C9	4_2_067EB6C9
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E34B8	4_2_067E34B8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7E90	4_2_067E7E90
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6482	4_2_067E6482
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5778	4_2_067E5778
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEF79	4_2_067EEF79
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3D68	4_2_067E3D68
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E8741	4_2_067E8741
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6D30	4_2_067E6D30
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEB20	4_2_067EEB20
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5321	4_2_067E5321
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3910	4_2_067E3910
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EDDF0	4_2_067EDDF0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E75E0	4_2_067E75E0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5BDA	4_2_067E5BDA
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF3D0	4_2_067EF3D0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E41C0	4_2_067E41C0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7188	4_2_067E7188

Sample file is different than original file name gathered from version info

PE file contains strange resources

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Virustotal: Detection: 16%

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKeysNormalize.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDoncepre.dll@ vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271717491.0000000002626000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWebName.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271410326.00000000025A7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWebName.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.280763595.0000000006EF0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameKeysNormalize.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000000.236415106.00000000001C2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameELEMD.exe. vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.281062016.0000000007250000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDoncepre.dll@ vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.281037436.0000000007110000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameWebName.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260670018.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKeysNormalize.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.267300036.0000000000422000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.502317619.00000000012F7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Binary or memory string: OriginalFilenameELEMD.exe. vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Source: unknown	Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe "C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe"
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Jump to behavior

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, Main.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.f0000.0.unpack, Main.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, ??zu07b4?/zu060c???.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, u07bbufffd??ufffd/ufffd???ufffd.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, Main.cs	.Net Code: SafeHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.f0000.0.unpack, Main.cs	.Net Code: SafeHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250DA13 push edi; retf	0_2_0250DA17
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_04F0D7A0 push es; ret	0_2_04F0D7B0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_06C9B291 push D4070C25h; iretd	0_2_06C9B29D

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File created: \tufan yaz#u011ean - kredi kart#u0131 hesap #u00d6zeti - 45431108.exe
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File created: \tufan yaz#u011ean - kredi kart#u0131 hesap #u00d6zeti - 45431108.exe			Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: Yara match	File source: 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe TID: 5680	Thread sleep time: -45877s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe TID: 6048	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Thread delayed: delay time: 45877			Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, u07bbufffd??ufffd/ufffd???ufffd.cs	Reference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, ????U/?????.cs	Reference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Name	IP	Active
checkip.dyndns.com	132.226.8.169	true
checkip.dyndns.org	unknown	unknown

ID:	682142
Product:	CloudBasic
Start time:	05:31:06
Start date:	11.08.2022
Sample:	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	687eaf8fd9a58cf46574aef19dafc169
SHA1:	cd557296fdbb180f7ff621740194358c35f40df2
SHA256:	29dde4dac348711a623a7a26f912d95fa2049f8853fa60b2dc4b2ab1fa977302
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Windows Analysis Report TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe