Edit tour

Windows Analysis Report
TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Overview

General Information

Sample Name:	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Analysis ID:	682142
MD5:	687eaf8fd9a58cf46574aef19dafc169
SHA1:	cd557296fdbb180f7ff621740194358c35f40df2
SHA256:	29dde4dac348711a623a7a26f912d95fa2049f8853fa60b2dc4b2ab1fa977302
Tags:	exeSnakeKeylogger
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Snake Keylogger

Malicious sample detected (through community Yara rule)

Yara detected Telegram RAT

Yara detected AntiVM3

Snort IDS alert for network traffic

Tries to steal Mail credentials (via file / registry access)

Tries to harvest and steal ftp login credentials

.NET source code references suspicious native API functions

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

May check the online IP address of the machine

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

Yara detected Generic Downloader

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Yara detected Credential Stealer

Creates processes with suspicious names

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Uses a known web browser user agent for HTTP communication

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe (PID: 5912 cmdline: "C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe" MD5: 687EAF8FD9A58CF46574AEF19DAFC169)

TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe (PID: 4592 cmdline: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe MD5: 687EAF8FD9A58CF46574AEF19DAFC169)

cleanup

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram Token": "5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU", "Telegram ID": "5350445922"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x3c59c:$x1: $%SMTPDV$ 0x3b25e:$x2: $#TheHashHere%& 0x3c544:$x3: %FTPDV$ 0x3b240:$x4: $%TelegramDv$ 0x38bb1:$x5: KeyLoggerEventArgs 0x38f47:$x5: KeyLoggerEventArgs 0x3c5c8:$m1: \| Snake Keylogger 0x3c66e:$m1: \| Snake Keylogger 0x3c7c2:$m1: \| Snake Keylogger 0x3c8e8:$m1: \| Snake Keylogger 0x3ca42:$m1: \| Snake Keylogger 0x3c568:$m2: Clipboard Logs ID 0x3c778:$m2: Screenshot Logs ID 0x3c88c:$m2: keystroke Logs ID 0x3ca78:$m3: SnakePW 0x3c750:$m4: \SnakeKeylogger\
00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x379b3:$a1: get_encryptedPassword 0x37c9f:$a2: get_encryptedUsername 0x377bf:$a3: get_timePasswordChanged 0x378ba:$a4: get_passwordField 0x379c9:$a5: set_encryptedPassword 0x38fe4:$a7: get_logins 0x38f47:$a10: KeyLoggerEventArgs 0x38bb1:$a11: KeyLoggerEventArgsEventHandler
00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x210c4:$x1: $%SMTPDV$ 0x284dbc:$x1: $%SMTPDV$ 0x1fd86:$x2: $#TheHashHere%& 0x283a7e:$x2: $#TheHashHere%& 0x2106c:$x3: %FTPDV$ 0x284d64:$x3: %FTPDV$ 0x1fd68:$x4: $%TelegramDv$ 0x283a60:$x4: $%TelegramDv$ 0x1d6d9:$x5: KeyLoggerEventArgs 0x1da6f:$x5: KeyLoggerEventArgs 0x2813d1:$x5: KeyLoggerEventArgs 0x281767:$x5: KeyLoggerEventArgs 0x210f0:$m1: \| Snake Keylogger 0x21196:$m1: \| Snake Keylogger 0x212ea:$m1: \| Snake Keylogger 0x21410:$m1: \| Snake Keylogger 0x2156a:$m1: \| Snake Keylogger 0x284de8:$m1: \| Snake Keylogger 0x284e8e:$m1: \| Snake Keylogger 0x284fe2:$m1: \| Snake Keylogger 0x285108:$m1: \| Snake Keylogger
00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1c4db:$a1: get_encryptedPassword 0x2801d3:$a1: get_encryptedPassword 0x1c7c7:$a2: get_encryptedUsername 0x2804bf:$a2: get_encryptedUsername 0x1c2e7:$a3: get_timePasswordChanged 0x27ffdf:$a3: get_timePasswordChanged 0x1c3e2:$a4: get_passwordField 0x2800da:$a4: get_passwordField 0x1c4f1:$a5: set_encryptedPassword 0x2801e9:$a5: set_encryptedPassword 0x1db0c:$a7: get_logins 0x281804:$a7: get_logins 0x1da6f:$a10: KeyLoggerEventArgs 0x281767:$a10: KeyLoggerEventArgs 0x1d6d9:$a11: KeyLoggerEventArgsEventHandler 0x2813d1:$a11: KeyLoggerEventArgsEventHandler
00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18594:$x1: $%SMTPDV$ 0x17256:$x2: $#TheHashHere%& 0x1853c:$x3: %FTPDV$ 0x17238:$x4: $%TelegramDv$ 0x14ba9:$x5: KeyLoggerEventArgs 0x14f3f:$x5: KeyLoggerEventArgs 0x185c0:$m1: \| Snake Keylogger 0x18666:$m1: \| Snake Keylogger 0x187ba:$m1: \| Snake Keylogger 0x188e0:$m1: \| Snake Keylogger 0x18a3a:$m1: \| Snake Keylogger 0x18560:$m2: Clipboard Logs ID 0x18770:$m2: Screenshot Logs ID 0x18884:$m2: keystroke Logs ID 0x18a70:$m3: SnakePW 0x18748:$m4: \SnakeKeylogger\
00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x139ab:$a1: get_encryptedPassword 0x13c97:$a2: get_encryptedUsername 0x137b7:$a3: get_timePasswordChanged 0x138b2:$a4: get_passwordField 0x139c1:$a5: set_encryptedPassword 0x14fdc:$a7: get_logins 0x14f3f:$a10: KeyLoggerEventArgs 0x14ba9:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x3490:$x5: KeyLoggerEventArgs 0x3826:$x5: KeyLoggerEventArgs 0x434c:$x5: KeyLoggerEventArgs 0x46ad:$x5: KeyLoggerEventArgs 0x122806:$x5: KeyLoggerEventArgs 0x122b9c:$x5: KeyLoggerEventArgs 0x1236c2:$x5: KeyLoggerEventArgs 0x123a23:$x5: KeyLoggerEventArgs 0x5b56:$m1: \| Snake Keylogger 0x5ba5:$m1: \| Snake Keylogger 0x5c39:$m1: \| Snake Keylogger 0x5c9a:$m1: \| Snake Keylogger 0x5d0f:$m1: \| Snake Keylogger 0x124ecc:$m1: \| Snake Keylogger 0x124f1b:$m1: \| Snake Keylogger 0x124faf:$m1: \| Snake Keylogger 0x125010:$m1: \| Snake Keylogger 0x125085:$m1: \| Snake Keylogger 0x5b25:$m2: Clipboard Logs ID 0x5c14:$m2: Screenshot Logs ID 0x5c6c:$m2: keystroke Logs ID
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1697:$a1: get_encryptedPassword 0x120a0d:$a1: get_encryptedPassword 0x1979:$a2: get_encryptedUsername 0x120cef:$a2: get_encryptedUsername 0x14ad:$a3: get_timePasswordChanged 0x120823:$a3: get_timePasswordChanged 0x15a8:$a4: get_passwordField 0x12091e:$a4: get_passwordField 0x16ad:$a5: set_encryptedPassword 0x120a23:$a5: set_encryptedPassword 0x38c3:$a7: get_logins 0x122c39:$a7: get_logins 0x3826:$a10: KeyLoggerEventArgs 0x122b9c:$a10: KeyLoggerEventArgs 0x3490:$a11: KeyLoggerEventArgsEventHandler 0x122806:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x14c4b:$x5: KeyLoggerEventArgs 0x14fe1:$x5: KeyLoggerEventArgs 0x15b07:$x5: KeyLoggerEventArgs 0x15e68:$x5: KeyLoggerEventArgs 0x17311:$m1: \| Snake Keylogger 0x17360:$m1: \| Snake Keylogger 0x173f4:$m1: \| Snake Keylogger 0x17455:$m1: \| Snake Keylogger 0x174ca:$m1: \| Snake Keylogger 0x172e0:$m2: Clipboard Logs ID 0x173cf:$m2: Screenshot Logs ID 0x17427:$m2: keystroke Logs ID 0x174e5:$m3: SnakePW 0x173bb:$m4: \SnakeKeylogger\
Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12e52:$a1: get_encryptedPassword 0x13134:$a2: get_encryptedUsername 0x12c68:$a3: get_timePasswordChanged 0x12d63:$a4: get_passwordField 0x12e68:$a5: set_encryptedPassword 0x1507e:$a7: get_logins 0x14fe1:$a10: KeyLoggerEventArgs 0x14c4b:$a11: KeyLoggerEventArgsEventHandler
Click to see the 21 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x19294:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1847d:$a3: \Google\Chrome\User Data\Default\Login Data 0x188c4:$a4: \Orbitum\User Data\Default\Login Data 0x19a45:$a5: \Kometa\User Data\Default\Login Data
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x12925:$s1: UnHook 0x1292c:$s2: SetHook 0x12934:$s3: CallNextHook 0x12941:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x16994:$x1: $%SMTPDV$ 0x15656:$x2: $#TheHashHere%& 0x1693c:$x3: %FTPDV$ 0x15638:$x4: $%TelegramDv$ 0x12fa9:$x5: KeyLoggerEventArgs 0x1333f:$x5: KeyLoggerEventArgs 0x169c0:$m1: \| Snake Keylogger 0x16a66:$m1: \| Snake Keylogger 0x16bba:$m1: \| Snake Keylogger 0x16ce0:$m1: \| Snake Keylogger 0x16e3a:$m1: \| Snake Keylogger 0x16960:$m2: Clipboard Logs ID 0x16b70:$m2: Screenshot Logs ID 0x16c84:$m2: keystroke Logs ID 0x16e70:$m3: SnakePW 0x16b48:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x11dab:$a1: get_encryptedPassword 0x12097:$a2: get_encryptedUsername 0x11bb7:$a3: get_timePasswordChanged 0x11cb2:$a4: get_passwordField 0x11dc1:$a5: set_encryptedPassword 0x133dc:$a7: get_logins 0x1333f:$a10: KeyLoggerEventArgs 0x12fa9:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x19294:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1847d:$a3: \Google\Chrome\User Data\Default\Login Data 0x188c4:$a4: \Orbitum\User Data\Default\Login Data 0x19a45:$a5: \Kometa\User Data\Default\Login Data
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x12925:$s1: UnHook 0x1292c:$s2: SetHook 0x12934:$s3: CallNextHook 0x12941:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x16994:$x1: $%SMTPDV$ 0x15656:$x2: $#TheHashHere%& 0x1693c:$x3: %FTPDV$ 0x15638:$x4: $%TelegramDv$ 0x12fa9:$x5: KeyLoggerEventArgs 0x1333f:$x5: KeyLoggerEventArgs 0x169c0:$m1: \| Snake Keylogger 0x16a66:$m1: \| Snake Keylogger 0x16bba:$m1: \| Snake Keylogger 0x16ce0:$m1: \| Snake Keylogger 0x16e3a:$m1: \| Snake Keylogger 0x16960:$m2: Clipboard Logs ID 0x16b70:$m2: Screenshot Logs ID 0x16c84:$m2: keystroke Logs ID 0x16e70:$m3: SnakePW 0x16b48:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x11dab:$a1: get_encryptedPassword 0x12097:$a2: get_encryptedUsername 0x11bb7:$a3: get_timePasswordChanged 0x11cb2:$a4: get_passwordField 0x11dc1:$a5: set_encryptedPassword 0x133dc:$a7: get_logins 0x1333f:$a10: KeyLoggerEventArgs 0x12fa9:$a11: KeyLoggerEventArgsEventHandler
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b094:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a27d:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a6c4:$a4: \Orbitum\User Data\Default\Login Data 0x1b845:$a5: \Kometa\User Data\Default\Login Data
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14725:$s1: UnHook 0x1472c:$s2: SetHook 0x14734:$s3: CallNextHook 0x14741:$s4: _hook
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18794:$x1: $%SMTPDV$ 0x17456:$x2: $#TheHashHere%& 0x1873c:$x3: %FTPDV$ 0x17438:$x4: $%TelegramDv$ 0x14da9:$x5: KeyLoggerEventArgs 0x1513f:$x5: KeyLoggerEventArgs 0x187c0:$m1: \| Snake Keylogger 0x18866:$m1: \| Snake Keylogger 0x189ba:$m1: \| Snake Keylogger 0x18ae0:$m1: \| Snake Keylogger 0x18c3a:$m1: \| Snake Keylogger 0x18760:$m2: Clipboard Logs ID 0x18970:$m2: Screenshot Logs ID 0x18a84:$m2: keystroke Logs ID 0x18c70:$m3: SnakePW 0x18948:$m4: \SnakeKeylogger\
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x13bab:$a1: get_encryptedPassword 0x13e97:$a2: get_encryptedUsername 0x139b7:$a3: get_timePasswordChanged 0x13ab2:$a4: get_passwordField 0x13bc1:$a5: set_encryptedPassword 0x151dc:$a7: get_logins 0x1513f:$a10: KeyLoggerEventArgs 0x14da9:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1b094:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1a27d:$a3: \Google\Chrome\User Data\Default\Login Data 0x1a6c4:$a4: \Orbitum\User Data\Default\Login Data 0x1b845:$a5: \Kometa\User Data\Default\Login Data
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14725:$s1: UnHook 0x1472c:$s2: SetHook 0x14734:$s3: CallNextHook 0x14741:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18794:$x1: $%SMTPDV$ 0x17456:$x2: $#TheHashHere%& 0x1873c:$x3: %FTPDV$ 0x17438:$x4: $%TelegramDv$ 0x14da9:$x5: KeyLoggerEventArgs 0x1513f:$x5: KeyLoggerEventArgs 0x187c0:$m1: \| Snake Keylogger 0x18866:$m1: \| Snake Keylogger 0x189ba:$m1: \| Snake Keylogger 0x18ae0:$m1: \| Snake Keylogger 0x18c3a:$m1: \| Snake Keylogger 0x18760:$m2: Clipboard Logs ID 0x18970:$m2: Screenshot Logs ID 0x18a84:$m2: keystroke Logs ID 0x18c70:$m3: SnakePW 0x18948:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x13bab:$a1: get_encryptedPassword 0x13e97:$a2: get_encryptedUsername 0x139b7:$a3: get_timePasswordChanged 0x13ab2:$a4: get_passwordField 0x13bc1:$a5: set_encryptedPassword 0x151dc:$a7: get_logins 0x1513f:$a10: KeyLoggerEventArgs 0x14da9:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3e0b4:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3d29d:$a3: \Google\Chrome\User Data\Default\Login Data 0x3d6e4:$a4: \Orbitum\User Data\Default\Login Data 0x3e865:$a5: \Kometa\User Data\Default\Login Data
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x37745:$s1: UnHook 0x3774c:$s2: SetHook 0x37754:$s3: CallNextHook 0x37761:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x3b7b4:$x1: $%SMTPDV$ 0x3a476:$x2: $#TheHashHere%& 0x3b75c:$x3: %FTPDV$ 0x3a458:$x4: $%TelegramDv$ 0x37dc9:$x5: KeyLoggerEventArgs 0x3815f:$x5: KeyLoggerEventArgs 0x3b7e0:$m1: \| Snake Keylogger 0x3b886:$m1: \| Snake Keylogger 0x3b9da:$m1: \| Snake Keylogger 0x3bb00:$m1: \| Snake Keylogger 0x3bc5a:$m1: \| Snake Keylogger 0x3b780:$m2: Clipboard Logs ID 0x3b990:$m2: Screenshot Logs ID 0x3baa4:$m2: keystroke Logs ID 0x3bc90:$m3: SnakePW 0x3b968:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x36bcb:$a1: get_encryptedPassword 0x36eb7:$a2: get_encryptedUsername 0x369d7:$a3: get_timePasswordChanged 0x36ad2:$a4: get_passwordField 0x36be1:$a5: set_encryptedPassword 0x381fc:$a7: get_logins 0x3815f:$a10: KeyLoggerEventArgs 0x37dc9:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x7b6d4:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x7a8bd:$a3: \Google\Chrome\User Data\Default\Login Data 0x7ad04:$a4: \Orbitum\User Data\Default\Login Data 0x7be85:$a5: \Kometa\User Data\Default\Login Data
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x74d65:$s1: UnHook 0x74d6c:$s2: SetHook 0x74d74:$s3: CallNextHook 0x74d81:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x78dd4:$x1: $%SMTPDV$ 0x77a96:$x2: $#TheHashHere%& 0x78d7c:$x3: %FTPDV$ 0x77a78:$x4: $%TelegramDv$ 0x753e9:$x5: KeyLoggerEventArgs 0x7577f:$x5: KeyLoggerEventArgs 0x78e00:$m1: \| Snake Keylogger 0x78ea6:$m1: \| Snake Keylogger 0x78ffa:$m1: \| Snake Keylogger 0x79120:$m1: \| Snake Keylogger 0x7927a:$m1: \| Snake Keylogger 0x78da0:$m2: Clipboard Logs ID 0x78fb0:$m2: Screenshot Logs ID 0x790c4:$m2: keystroke Logs ID 0x792b0:$m3: SnakePW 0x78f88:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x741eb:$a1: get_encryptedPassword 0x744d7:$a2: get_encryptedUsername 0x73ff7:$a3: get_timePasswordChanged 0x740f2:$a4: get_passwordField 0x74201:$a5: set_encryptedPassword 0x7581c:$a7: get_logins 0x7577f:$a10: KeyLoggerEventArgs 0x753e9:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0xd4d85:$s1: UnHook 0xd4d8c:$s2: SetHook 0xd4d94:$s3: CallNextHook 0xd4da1:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0xd8df4:$x1: $%SMTPDV$ 0xd7ab6:$x2: $#TheHashHere%& 0xd8d9c:$x3: %FTPDV$ 0xd7a98:$x4: $%TelegramDv$ 0xd5409:$x5: KeyLoggerEventArgs 0xd579f:$x5: KeyLoggerEventArgs 0xd8e20:$m1: \| Snake Keylogger 0xd8ec6:$m1: \| Snake Keylogger 0xd901a:$m1: \| Snake Keylogger 0xd9140:$m1: \| Snake Keylogger 0xd929a:$m1: \| Snake Keylogger 0xd8dc0:$m2: Clipboard Logs ID 0xd8fd0:$m2: Screenshot Logs ID 0xd90e4:$m2: keystroke Logs ID 0xd92d0:$m3: SnakePW 0xd8fa8:$m4: \SnakeKeylogger\
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xd420b:$a1: get_encryptedPassword 0xd44f7:$a2: get_encryptedUsername 0xd4017:$a3: get_timePasswordChanged 0xd4112:$a4: get_passwordField 0xd4221:$a5: set_encryptedPassword 0xd583c:$a7: get_logins 0xd579f:$a10: KeyLoggerEventArgs 0xd5409:$a11: KeyLoggerEventArgsEventHandler
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x14725:$s1: UnHook 0x27841d:$s1: UnHook 0x1472c:$s2: SetHook 0x278424:$s2: SetHook 0x14734:$s3: CallNextHook 0x27842c:$s3: CallNextHook 0x14741:$s4: _hook 0x278439:$s4: _hook
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18794:$x1: $%SMTPDV$ 0x27c48c:$x1: $%SMTPDV$ 0x17456:$x2: $#TheHashHere%& 0x27b14e:$x2: $#TheHashHere%& 0x1873c:$x3: %FTPDV$ 0x27c434:$x3: %FTPDV$ 0x17438:$x4: $%TelegramDv$ 0x27b130:$x4: $%TelegramDv$ 0x14da9:$x5: KeyLoggerEventArgs 0x1513f:$x5: KeyLoggerEventArgs 0x278aa1:$x5: KeyLoggerEventArgs 0x278e37:$x5: KeyLoggerEventArgs 0x187c0:$m1: \| Snake Keylogger 0x18866:$m1: \| Snake Keylogger 0x189ba:$m1: \| Snake Keylogger 0x18ae0:$m1: \| Snake Keylogger 0x18c3a:$m1: \| Snake Keylogger 0x27c4b8:$m1: \| Snake Keylogger 0x27c55e:$m1: \| Snake Keylogger 0x27c6b2:$m1: \| Snake Keylogger 0x27c7d8:$m1: \| Snake Keylogger
0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x13bab:$a1: get_encryptedPassword 0x2778a3:$a1: get_encryptedPassword 0x13e97:$a2: get_encryptedUsername 0x277b8f:$a2: get_encryptedUsername 0x139b7:$a3: get_timePasswordChanged 0x2776af:$a3: get_timePasswordChanged 0x13ab2:$a4: get_passwordField 0x2777aa:$a4: get_passwordField 0x13bc1:$a5: set_encryptedPassword 0x2778b9:$a5: set_encryptedPassword 0x151dc:$a7: get_logins 0x278ed4:$a7: get_logins 0x1513f:$a10: KeyLoggerEventArgs 0x278e37:$a10: KeyLoggerEventArgs 0x14da9:$a11: KeyLoggerEventArgsEventHandler 0x278aa1:$a11: KeyLoggerEventArgsEventHandler
Click to see the 55 entries

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ETPRO TROJAN 404/Snake/Matiex Keylogger Style External IP Check - Source IP: 192.168.2.3 - Destination IP: 132.226.8.169

Timestamp:	192.168.2.3132.226.8.16949745802842536 08/11/22-05:32:21.323901
SID:	2842536
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Virustotal: Detection: 16%

Perma Link

Machine Learning detection for sample

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Joe Sandbox ML: detected

Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack

Avira: Label: TR/ATRAPS.Gen

Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram Token": "5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU", "Telegram ID": "5350445922"}

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E3319h	4_2_067E3070
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E7CF1h	4_2_067E7A48
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EFAE1h	4_2_067EF838
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E62E1h	4_2_067E6038
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E48D1h	4_2_067E4628
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EE0A9h	4_2_067EDE00
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E85A1h	4_2_067E82F8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E6B91h	4_2_067E68E8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E5181h	4_2_067E4ED8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EE981h	4_2_067EE6D8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E3771h	4_2_067E34C8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E8149h	4_2_067E7EA0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E6739h	4_2_067E6490
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E4D29h	4_2_067E4A80
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EE529h	4_2_067EE280
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E4021h	4_2_067E3D78
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E89F9h	4_2_067E8750
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E6FE9h	4_2_067E6D40
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E55D9h	4_2_067E5330
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EEDD9h	4_2_067EEB30
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E3BC9h	4_2_067E3920
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E7899h	4_2_067E75F0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EF689h	4_2_067EF3E0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E5E89h	4_2_067E5BE0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E4479h	4_2_067E41D0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E7441h	4_2_067E7198
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067E5A31h	4_2_067E5788
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then jmp 067EF231h	4_2_067EEF88
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	4_2_067EC020
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	4_2_067EC00F
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	4_2_067EC336

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2842536 ETPRO TROJAN 404/Snake/Matiex Keylogger Style External IP Check 192.168.2.3:49745 -> 132.226.8.169:80

May check the online IP address of the machine

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	DNS query: name: checkip.dyndns.org

Yara detected Generic Downloader

Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE

Source: Joe Sandbox View

ASN Name: UTMEMUS UTMEMUS

Source: Joe Sandbox View

IP Address: 132.226.8.169 132.226.8.169

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.507243389.0000000003314000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.507243389.0000000003314000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org4
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244944693.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://en.wT
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241548753.0000000005424000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241643484.0000000005424000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241515901.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241515901.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.comhcB
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	String found in binary or memory: http://philiphanson.org/medius/book/1.0
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	String found in binary or memory: http://philiphanson.org/medius/temp-transform
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244750060.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com.9
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com8
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comB
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comD
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comO
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comP
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comTC
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244750060.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comX
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coma
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comn-ug
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.como.
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comubh
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248292088.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247899736.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248013764.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249212196.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247599965.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248975877.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247971338.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249401879.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248316005.0000000005468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html(
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249124611.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249035342.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247971338.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers5
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248292088.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249401879.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249612104.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249521915.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersC
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248975877.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersV
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249347532.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersa
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254479324.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259791263.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255468860.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255512656.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259750301.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259972416.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254531502.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254663310.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255575317.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254568643.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260234535.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260027135.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260132985.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254400877.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259851842.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269537935.000000000544C000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254635868.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259562054.000000000544A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersico
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249035342.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersr
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248087830.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248047250.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248013764.000000000544D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designerss
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com0
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comC
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comFq
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comW.TTF.
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269568884.0000000005420000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.coma
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comalsm
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comdTTF
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269568884.0000000005420000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comgretaU
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comsiv
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243623220.0000000005425000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243492789.000000000545D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243660543.0000000005427000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243524363.000000000545D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243744160.000000000542B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.252246557.000000000542C000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.krF
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.240550270.000000000543B000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.240550270.000000000543B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.come
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr8
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krB
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krK
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krp
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243660543.0000000005427000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comY
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.nete
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netsiv
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnP
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnX
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cna
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnb
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cny
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot

Source: unknown

DNS traffic detected: queries for: checkip.dyndns.org

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250C214	0_2_0250C214
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250EBB2	0_2_0250EBB2
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250EBB8	0_2_0250EBB8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_04F006B4	0_2_04F006B4
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_04F037F1	0_2_04F037F1
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_06C96338	0_2_06C96338
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3070	4_2_067E3070
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7A48	4_2_067E7A48
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E0040	4_2_067E0040
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF838	4_2_067EF838
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6038	4_2_067E6038
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4628	4_2_067E4628
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EDE00	4_2_067EDE00
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E82F8	4_2_067E82F8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E68E8	4_2_067E68E8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4ED8	4_2_067E4ED8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE6D8	4_2_067EE6D8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E34C8	4_2_067E34C8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7EA0	4_2_067E7EA0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067ED098	4_2_067ED098
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6490	4_2_067E6490
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4A80	4_2_067E4A80
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE280	4_2_067EE280
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3D78	4_2_067E3D78
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EB770	4_2_067EB770
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E8750	4_2_067E8750
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6D40	4_2_067E6D40
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5330	4_2_067E5330
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEB30	4_2_067EEB30
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3920	4_2_067E3920
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E75F0	4_2_067E75F0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF3E0	4_2_067EF3E0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5BE0	4_2_067E5BE0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E41D0	4_2_067E41D0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E8BA8	4_2_067E8BA8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EC398	4_2_067EC398
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7198	4_2_067E7198
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5788	4_2_067E5788
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEF88	4_2_067EEF88
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4A70	4_2_067E4A70
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE271	4_2_067EE271
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3060	4_2_067E3060
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7A3A	4_2_067E7A3A
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E0033	4_2_067E0033
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E602A	4_2_067E602A
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF828	4_2_067EF828
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EC020	4_2_067EC020
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4618	4_2_067E4618
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EC00F	4_2_067EC00F
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E82E8	4_2_067E82E8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E68D8	4_2_067E68D8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E4EC8	4_2_067E4EC8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EE6C8	4_2_067EE6C8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EB6C9	4_2_067EB6C9
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E34B8	4_2_067E34B8
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7E90	4_2_067E7E90
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6482	4_2_067E6482
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5778	4_2_067E5778
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEF79	4_2_067EEF79
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3D68	4_2_067E3D68
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E8741	4_2_067E8741
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E6D30	4_2_067E6D30
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EEB20	4_2_067EEB20
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5321	4_2_067E5321
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E3910	4_2_067E3910
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EDDF0	4_2_067EDDF0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E75E0	4_2_067E75E0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E5BDA	4_2_067E5BDA
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067EF3D0	4_2_067EF3D0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E41C0	4_2_067E41C0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 4_2_067E7188	4_2_067E7188

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Virustotal: Detection: 16%

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe "C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe"
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@2/1

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, Main.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.f0000.0.unpack, Main.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, ??zu07b4?/zu060c???.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, u07bbufffd??ufffd/ufffd???ufffd.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static file information: File size 1129472 > 1048576

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, Main.cs	.Net Code: SafeHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 0.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.f0000.0.unpack, Main.cs	.Net Code: SafeHandle System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_0250DA13 push edi; retf	0_2_0250DA17
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_04F0D7A0 push es; ret	0_2_04F0D7B0
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Code function: 0_2_06C9B291 push D4070C25h; iretd	0_2_06C9B29D

Source: initial sample

Static PE information: section name: .text entropy: 7.350037504164019

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File created: \tufan yaz#u011ean - kredi kart#u0131 hesap #u00d6zeti - 45431108.exe
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File created: \tufan yaz#u011ean - kredi kart#u0131 hesap #u00d6zeti - 45431108.exe			Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe TID: 5680	Thread sleep time: -45877s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe TID: 6048	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Thread delayed: delay time: 45877			Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Code function: 4_2_067E2D81 LdrInitializeThunk,

4_2_067E2D81

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, u07bbufffd??ufffd/ufffd???ufffd.cs	Reference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
Source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, ????U/?????.cs	Reference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Memory written: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Process created: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3837e08.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3814de8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.374cfe8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.36ecfc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.3549930.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 5912, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe PID: 4592, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Native API	Path Interception	111 Process Injection	1 Masquerading	2 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	Exfiltration Over Bluetooth	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	21 Virtualization/Sandbox Evasion	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	111 Process Injection	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	12 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	3 Obfuscated Files or Information	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	12 Software Packing	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	17%	Virustotal		Browse
TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
4.0.TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.400000.0.unpack	100%	Avira	TR/ATRAPS.Gen		Download File

Domains

Source	Detection	Scanner	Label	Link
checkip.dyndns.com	0%	Virustotal		Browse
checkip.dyndns.org	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://www.sandoll.co.kr8	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://fontfabrik.comhcB	0%	Avira URL Cloud	safe
http://www.fontbureau.comsiv	0%	URL Reputation	safe
http://www.typography.netsiv	0%	Avira URL Cloud	safe
http://en.wT	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://checkip.dyndns.org4	0%	URL Reputation	safe
http://www.carterandcone.comB	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://checkip.dyndns.org/	0%	URL Reputation	safe
http://www.carterandcone.comD	0%	URL Reputation	safe
http://www.carterandcone.com8	0%	URL Reputation	safe
http://checkip.dyndns.org/q	0%	URL Reputation	safe
http://www.fontbureau.com0	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.krK	0%	Avira URL Cloud	safe
http://www.carterandcone.comP	0%	URL Reputation	safe
http://www.carterandcone.comO	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.fontbureau.comalsm	0%	Avira URL Cloud	safe
http://checkip.dyndns.com	0%	URL Reputation	safe
http://www.carterandcone.comn-ug	0%	Avira URL Cloud	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.carterandcone.como.	0%	URL Reputation	safe
http://www.sajatypeworks.come	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.sandoll.co.krB	0%	Avira URL Cloud	safe
http://www.fontbureau.comC	0%	Avira URL Cloud	safe
http://www.carterandcone.coma	0%	URL Reputation	safe
http://www.typography.nete	0%	URL Reputation	safe
http://philiphanson.org/medius/book/1.0	0%	Avira URL Cloud	safe
http://www.carterandcone.comTC	0%	URL Reputation	safe
http://www.carterandcone.comX	0%	URL Reputation	safe
http://philiphanson.org/medius/temp-transform	0%	Avira URL Cloud	safe
http://www.sandoll.co.krp	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cny	0%	Avira URL Cloud	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
http://www.fontbureau.coma	0%	URL Reputation	safe
http://www.goodfont.co.krF	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.carterandcone.comubh	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.zhongyicts.com.cnb	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cna	0%	URL Reputation	safe
http://www.fontbureau.comFq	0%	Avira URL Cloud	safe
http://www.tiro.comY	0%	Avira URL Cloud	safe
http://www.fontbureau.comdTTF	0%	URL Reputation	safe
http://www.zhongyicts.com.cnX	0%	Avira URL Cloud	safe
http://www.carterandcone.com.9	0%	Avira URL Cloud	safe
http://www.fontbureau.comgretaU	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.comW.TTF.	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cnP	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
checkip.dyndns.com	132.226.8.169	true	true	0%, Virustotal, Browse	unknown
checkip.dyndns.org	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	true	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.com/designersG	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/frere-jones.html(	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248316005.0000000005468000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr8	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.comhcB	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241515901.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.org/bot	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers?	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comsiv	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersC	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249401879.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249612104.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249521915.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.typography.netsiv	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://en.wT	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244944693.0000000005424000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersV	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248975877.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248292088.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247899736.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248013764.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249212196.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247599965.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248975877.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247971338.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244750060.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.240550270.000000000543B000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.org4	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comB	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.252246557.000000000542C000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241548753.0000000005424000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241643484.0000000005424000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241515901.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comD	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersa	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249347532.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.com8	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.org/q	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com0	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.krK	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.comP	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comO	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comalsm	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.507243389.0000000003314000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comn-ug	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.como.	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.come	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.240550270.000000000543B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.krB	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comC	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designerss	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248087830.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248047250.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248013764.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersr	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249035342.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.coma	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.typography.nete	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.241679238.0000000005424000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://philiphanson.org/medius/book/1.0	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.comTC	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244459998.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comX	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244575011.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244750060.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://philiphanson.org/medius/temp-transform	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	false	Avira URL Cloud: safe	unknown
http://www.sandoll.co.krp	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.zhongyicts.com.cny	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.507243389.0000000003314000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.506122339.0000000003271000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersico	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254479324.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259791263.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255468860.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255512656.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259750301.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259972416.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254531502.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254663310.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.255575317.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254568643.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260234535.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260027135.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260132985.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254400877.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259851842.000000000544A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269537935.000000000544C000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.254635868.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.259562054.000000000544A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.coma	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269568884.0000000005420000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.krF	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243244738.0000000005423000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.comubh	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244536800.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243623220.0000000005425000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243492789.000000000545D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243660543.0000000005427000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243524363.000000000545D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243744160.000000000542B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cnb	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.zhongyicts.com.cna	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244496679.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comFq	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.comY	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.243660543.0000000005427000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comdTTF	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cnX	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.com.9	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244697261.000000000542E000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244658087.000000000542E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.comgretaU	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.269568884.0000000005420000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comW.TTF.	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249479728.0000000005422000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers8	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.278030887.0000000006632000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.248292088.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cnP	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244406590.000000000542D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.244286104.000000000542A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249401879.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers5	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249124611.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.249035342.000000000544D000.00000004.00000800.00020000.00000000.sdmp, TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.247971338.000000000544D000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
132.226.8.169	checkip.dyndns.com	United States		16989	UTMEMUS	true

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	682142
Start date and time:	2022-08-11 05:31:06 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@2/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 104 Number of non-executed functions: 9
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 23.211.6.115
Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, fs.microsoft.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:32:16	API Interceptor	2x Sleep call for process: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
132.226.8.169	SecuriteInfo.com.Trojan.Olock.1.18653.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	MV Africanna.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	854F1E97-5DBB-4A87-A566-33D9012B05E2 pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	RFQ08102022.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Quotation Forms.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	M88jvQMmY6.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Si - HL pdf.scr	Get hash	malicious	Browse	checkip.dyndns.org/
	CfI7gIqXm0zAzJn.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	K1MFsDQpDtGYXhK.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	ScanDoc5311.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Shipment Particulars.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	AWB_Docs.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	DOC0808#QUO (990 KB) pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	56516426-056C-4DBA-984B-979F68AB8D188.scr	Get hash	malicious	Browse	checkip.dyndns.org/
	Remittance advice.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Payment 05-08-22.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	S345678900-87654080.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	proof of payment.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	854F1E97-5DBB-4A87-A566-33D9012B05E2 pdf.scr	Get hash	malicious	Browse	checkip.dyndns.org/
	IMG.006.exe	Get hash	malicious	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
checkip.dyndns.com	SecuriteInfo.com.Trojan.Olock.1.18653.exe	Get hash	malicious	Browse	132.226.8.169
	ScanDoc.exe	Get hash	malicious	Browse	158.101.44.242
	MV HONGSHENG 7 PDA.exe	Get hash	malicious	Browse	158.101.44.242
	3ap4uBA5Zc.exe	Get hash	malicious	Browse	158.101.44.242
	eHr1pMdB1PR9G6I.exe	Get hash	malicious	Browse	158.101.44.242
	4V5XtMQ6cN.exe	Get hash	malicious	Browse	193.122.130.0
	108-2955845-65.exe	Get hash	malicious	Browse	193.122.6.168
	w85qN6knFHYW5Iu.exe	Get hash	malicious	Browse	193.122.130.0
	Air-India-PO.exe	Get hash	malicious	Browse	193.122.130.0
	QUOTE.exe	Get hash	malicious	Browse	132.226.247.73
	BRNxvuDyo7.exe	Get hash	malicious	Browse	193.122.130.0
	NEW ENQUIRY.exe	Get hash	malicious	Browse	132.226.247.73
	PO.exe	Get hash	malicious	Browse	193.122.6.168
	55590-8880-5555-8888-9999-6000-44440-3333-2222-0000-0000.scr	Get hash	malicious	Browse	132.226.247.73
	MV Africanna.exe	Get hash	malicious	Browse	132.226.8.169
	invoice01352798.exe	Get hash	malicious	Browse	193.122.6.168
	854F1E97-5DBB-4A87-A566-33D9012B05E2 pdf.exe	Get hash	malicious	Browse	132.226.8.169
	SMK_QEW220810.exe	Get hash	malicious	Browse	193.122.6.168
	RFQ08102022.exe	Get hash	malicious	Browse	132.226.8.169
	854F1E97-5DBB-4A87-A566-33D9012B05E2 pdf.exe	Get hash	malicious	Browse	193.122.6.168

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
UTMEMUS	SecuriteInfo.com.Trojan.Olock.1.18653.exe	Get hash	malicious	Browse	132.226.8.169
	QUOTE.exe	Get hash	malicious	Browse	132.226.247.73
	NEW ENQUIRY.exe	Get hash	malicious	Browse	132.226.247.73
	55590-8880-5555-8888-9999-6000-44440-3333-2222-0000-0000.scr	Get hash	malicious	Browse	132.226.247.73
	MV Africanna.exe	Get hash	malicious	Browse	132.226.8.169
	854F1E97-5DBB-4A87-A566-33D9012B05E2 pdf.exe	Get hash	malicious	Browse	132.226.8.169
	RFQ08102022.exe	Get hash	malicious	Browse	132.226.8.169
	PO_290054.exe	Get hash	malicious	Browse	132.226.247.73
	7088-54625262-74635627333-233424255353-6474673684-1111.scr	Get hash	malicious	Browse	132.226.247.73
	Quotation Forms.exe	Get hash	malicious	Browse	132.226.8.169
	NEW_PO#671928273.exe	Get hash	malicious	Browse	132.226.247.73
	M88jvQMmY6.exe	Get hash	malicious	Browse	132.226.8.169
	Quotation.exe	Get hash	malicious	Browse	132.226.247.73
	Si - HL pdf.scr	Get hash	malicious	Browse	132.226.8.169
	Y6emamvi51.exe	Get hash	malicious	Browse	132.226.247.73
	CfI7gIqXm0zAzJn.exe	Get hash	malicious	Browse	132.226.8.169
	dS20e7SBuPzr0bn.exe	Get hash	malicious	Browse	132.226.247.73
	K1MFsDQpDtGYXhK.exe	Get hash	malicious	Browse	132.226.8.169
	LU72ENc81K.exe	Get hash	malicious	Browse	132.226.247.73
	SWIFT_26,360.00.exe	Get hash	malicious	Browse	132.226.247.73

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.log

Download File

Process:	C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1308
Entropy (8bit):	5.345811588615766
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
MD5:	2E016B886BDB8389D2DD0867BE55F87B
SHA1:	25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
SHA-256:	1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
SHA-512:	C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.932869956848806
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
File size:	1129472
MD5:	687eaf8fd9a58cf46574aef19dafc169
SHA1:	cd557296fdbb180f7ff621740194358c35f40df2
SHA256:	29dde4dac348711a623a7a26f912d95fa2049f8853fa60b2dc4b2ab1fa977302
SHA512:	f1890e2bb4c5b551a450f1c8a9affd63f26f9ecda9e0465aa8829e872b177219317b9afae6b32a4b8be244b243b2c68bdcb7cfcded0ed31f027e302986718c8f
SSDEEP:	24576:MvM4vwHmQl8DmpSsbcnT9FlpvurMm8go/2gi:M/D6bcjrWrfo/
TLSH:	0F355CDEB194C89BDD6606B1FC1A54F02593BD98F060C40F699B7E2676B334E205FE0A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y.b..............0.................. ........@.. ....................................@................................

File Icon


Icon Hash:	aeacae8eb6a2be00

Static PE Info

General

Entrypoint:	0x4cca82
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x62F45915 [Thu Aug 11 01:19:17 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xcca30	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xce000	0x48b24	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x118000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xcaa88	0xcac00	False	0.6428550786066585	data	7.350037504164019	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xce000	0x48b24	0x48c00	False	0.06349669780927836	data	4.768917727242542	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x118000	0xc	0x200	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0xce310	0x668	data
RT_ICON	0xce978	0x2e8	data
RT_ICON	0xcec60	0x128	GLS_BINARY_LSB_FIRST
RT_ICON	0xced88	0xea8	data
RT_ICON	0xcfc30	0x8a8	dBase III DBT, version number 0, next free block index 40
RT_ICON	0xd04d8	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0xd0a40	0x42028	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x112a68	0x25a8	data
RT_ICON	0x115010	0x10a8	data
RT_ICON	0x1160b8	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x116520	0x92	data
RT_GROUP_ICON	0x1165b4	0x14	data
RT_VERSION	0x1165c8	0x370	data
RT_MANIFEST	0x116938	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.3132.226.8.16949745802842536 08/11/22-05:32:21.323901	TCP	2842536	ETPRO TROJAN 404/Snake/Matiex Keylogger Style External IP Check	49745	80	192.168.2.3	132.226.8.169

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 11, 2022 05:32:21.021357059 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:32:21.323322058 CEST	80	49745	132.226.8.169	192.168.2.3
Aug 11, 2022 05:32:21.323407888 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:32:21.323900938 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:32:21.626029968 CEST	80	49745	132.226.8.169	192.168.2.3
Aug 11, 2022 05:32:21.626570940 CEST	80	49745	132.226.8.169	192.168.2.3
Aug 11, 2022 05:32:21.686259031 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:33:26.626835108 CEST	80	49745	132.226.8.169	192.168.2.3
Aug 11, 2022 05:33:26.626939058 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:34:01.650320053 CEST	49745	80	192.168.2.3	132.226.8.169
Aug 11, 2022 05:34:01.952864885 CEST	80	49745	132.226.8.169	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 11, 2022 05:32:20.940514088 CEST	49316	53	192.168.2.3	8.8.8.8
Aug 11, 2022 05:32:20.958225965 CEST	53	49316	8.8.8.8	192.168.2.3
Aug 11, 2022 05:32:20.976407051 CEST	56417	53	192.168.2.3	8.8.8.8
Aug 11, 2022 05:32:20.995256901 CEST	53	56417	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 11, 2022 05:32:20.940514088 CEST	192.168.2.3	8.8.8.8	0xa1fa	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.976407051 CEST	192.168.2.3	8.8.8.8	0x12bc	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.958225965 CEST	8.8.8.8	192.168.2.3	0xa1fa	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)
Aug 11, 2022 05:32:20.995256901 CEST	8.8.8.8	192.168.2.3	0x12bc	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49745	132.226.8.169	80	C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Timestamp	kBytes transferred	Direction	Data
Aug 11, 2022 05:32:21.323900938 CEST	1026	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Aug 11, 2022 05:32:21.626570940 CEST	1026	IN	HTTP/1.1 200 OK Date: Thu, 11 Aug 2022 03:32:21 GMT Content-Type: text/html Content-Length: 105 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 30 32 2e 31 32 39 2e 31 34 33 2e 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 102.129.143.3</body></html>

Target ID:	0
Start time:	05:32:03
Start date:	11/08/2022
Path:	C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe"
Imagebase:	0xf0000
File size:	1129472 bytes
MD5 hash:	687EAF8FD9A58CF46574AEF19DAFC169
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.272962473.000000000280A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Target ID:	4
Start time:	05:32:17
Start date:	11/08/2022
Path:	C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Imagebase:	0xdd0000
File size:	1129472 bytes
MD5 hash:	687EAF8FD9A58CF46574AEF19DAFC169
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000000.266954343.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Execution Graph

Execution Coverage:	10.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	129
Total number of Limit Nodes:	4

Executed Functions

Function 06C96338 Relevance: .6, Instructions: 626COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.280697583.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c90000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d55712e797669897ca40380171f686bfc0b49483489f3bab9ce9cd9fb6dc848
Instruction ID: d0cff0cddebbb57b161c8e3c32608e8e41e56cd0035fe612df8ae32634d0e2fd
Opcode Fuzzy Hash: 6d55712e797669897ca40380171f686bfc0b49483489f3bab9ce9cd9fb6dc848
Instruction Fuzzy Hash: 36329230E112189FEF54DF79C8947AEB7F2AF89304F1481A9D409AB385DB389D45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04F0B8C8 Relevance: 24.4, Strings: 19, Instructions: 651
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$%k, xrefs: 04F0BC7A
$%k, xrefs: 04F0BB8A
$%k, xrefs: 04F0BE2A
$%k, xrefs: 04F0BA6A
$%k, xrefs: 04F0BDFA
$%k, xrefs: 04F0BE7E
$%k, xrefs: 04F0BEC6
$%k, xrefs: 04F0B94A
$%k, xrefs: 04F0BAFA
$%k, xrefs: 04F0B8EA
$%k, xrefs: 04F0BA3A
$%k, xrefs: 04F0BB2A
$%k, xrefs: 04F0BCAA
$%k, xrefs: 04F0BE5A
$%k, xrefs: 04F0B9DA
$%k, xrefs: 04F0BA9A
$%k, xrefs: 04F0B91A
$%k, xrefs: 04F0BB5A
$%k, xrefs: 04F0BCDA

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID: $%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k
API String ID: 0-2385108095
Opcode ID: 458924850f29cd5ce6f081077c17e71d65b31f13e2adc983eaf8da6affdd5ae6
Instruction ID: c45ffe084e07785faaf4af9d3ab7e9538f220e41a05d7529e1a9637b9cceecba
Opcode Fuzzy Hash: 458924850f29cd5ce6f081077c17e71d65b31f13e2adc983eaf8da6affdd5ae6
Instruction Fuzzy Hash: C4324D70B006018BDF15FFB8989059DB3A39FC5308754C969980AAF396EF78FD499B90

Uniqueness

Uniqueness Score: -1.00%

Function 025099E8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02509C2E

Strings

8P|, xrefs: 02509B8B
8P|, xrefs: 02509B66

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: HandleModule
String ID: 8P|$8P|
API String ID: 4139908857-3496795504
Opcode ID: 4db8f3efe5616025e8f6167830f4f6db9c84b12184d88833b20593f3aaa2bd08
Instruction ID: a05b9ec2f2a0de65cd26f5128fa0cb4f4b95be837feb9116fa99334499f071c8
Opcode Fuzzy Hash: 4db8f3efe5616025e8f6167830f4f6db9c84b12184d88833b20593f3aaa2bd08
Instruction Fuzzy Hash: 02713470A00B058FD724DF2AD88479ABBF1BF88704F10892DD44ADBA94D735E845CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02505364 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02505421

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: fe4a922ac97cf908dc5313e7359b2ac233aeb163f79ed77bfba675ea5ce2b19a
Instruction ID: 4288ea3503852eb517c057e8573be86d6d8da14a0e7e81a7dd34ba6f57118ffb
Opcode Fuzzy Hash: fe4a922ac97cf908dc5313e7359b2ac233aeb163f79ed77bfba675ea5ce2b19a
Instruction Fuzzy Hash: A441C1B1D00618CEDB24DFA9D984BCEBBB1FF48308F60806AD408AB651D775694ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 02503EA0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02505421

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 25e1366ccf67772012309829779db514e10defe87f9001e933f7365096919201
Instruction ID: 4f685bcd83c415735dc178a109c610d7929fd54f91f69279091dbec979ed530c
Opcode Fuzzy Hash: 25e1366ccf67772012309829779db514e10defe87f9001e933f7365096919201
Instruction Fuzzy Hash: 3741B2B1C00618CBDB24DFA9C984BDEBBB5FF48308F608469D409BB651D7756949CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0250A754 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0250BEBE,?,?,?,?,?), ref: 0250C387

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 0b9d19ee2f6f8c1071ab18bcaa450313e6f46a3de7c259751940460b413f73c8
Instruction ID: 543a8c425c14a5162fd0490311764d0934d000cd3fa899cea90d1806f8e57473
Opcode Fuzzy Hash: 0b9d19ee2f6f8c1071ab18bcaa450313e6f46a3de7c259751940460b413f73c8
Instruction Fuzzy Hash: E521E5B5910208AFDB10CF99D984BDEBBF4FB48324F14841AE914A7750D374A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0250C2F8 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0250BEBE,?,?,?,?,?), ref: 0250C387

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 64789d3376ae2ca0c43b738b13eb87abcfd3aeb0e46f4968a0a44394cd51a6ef
Instruction ID: b5b6f7c1c7ecaad89573f4bb743a93636e6b1c5c531d568b6174f8af23222b71
Opcode Fuzzy Hash: 64789d3376ae2ca0c43b738b13eb87abcfd3aeb0e46f4968a0a44394cd51a6ef
Instruction Fuzzy Hash: E321E4B5D11208AFDB10CFA9D984ADEBBF4FF48324F14801AE918A7750D374A955CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02508D38 Relevance: 1.6, APIs: 1, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02509CA9,00000800,00000000,00000000), ref: 02509EBA

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5a9ff83bca8392dffd540cad84381504b45a237fbdcc20fb729fee1844187d39
Instruction ID: dddbf693806484c0404ef23f40f75409e917f00bd708ff40b4aac29dcb53d74e
Opcode Fuzzy Hash: 5a9ff83bca8392dffd540cad84381504b45a237fbdcc20fb729fee1844187d39
Instruction Fuzzy Hash: D32148B28053489FCB11CFA9D944BDABFF4AB49324F14846ED455A7641C374A908CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02508D50 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02509CA9,00000800,00000000,00000000), ref: 02509EBA

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8da120b43d8b93af20f2d5ba2518ad833b1b5fd5b3d52f8d3b7de213e1b3ed24
Instruction ID: 98bc361afaeb0a4d86600702b7453c8f3dc4c26f2737a44498d779cb1a3cb37d
Opcode Fuzzy Hash: 8da120b43d8b93af20f2d5ba2518ad833b1b5fd5b3d52f8d3b7de213e1b3ed24
Instruction Fuzzy Hash: 8211F2B29002099FDB10CF9AD984BDEFBF4AB88724F14842AE419A7640C374A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02509E48 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02509CA9,00000800,00000000,00000000), ref: 02509EBA

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3112437e87f68eed1c8b46fcc860d35b9e63ef6a49e0791d254e1ac441c4c7c1
Instruction ID: 6be718a3d7502afae3f8289a6405d621ff3df5ee05d6df2cd9098b490aa62011
Opcode Fuzzy Hash: 3112437e87f68eed1c8b46fcc860d35b9e63ef6a49e0791d254e1ac441c4c7c1
Instruction Fuzzy Hash: 2D1136B69002488FCB10CFA9D984BDEFBF4AF88314F14842ED415A7640C374A949CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 06C95458 Relevance: 1.5, APIs: 1, Instructions: 48timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,049E6190,?,?,?,?,?,?,?,06C95338,00000000,?,00000000), ref: 06C954BD

Memory Dump Source

Source File: 00000000.00000002.280697583.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c90000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: 5c4f3c0664b42394932dfb77f882e9119eb0c10978ef7bd2ecd26ff45caaf5a1
Instruction ID: 187938a3a21320ecfd7dc9d874e6fc3913209726839fedafd460df2a840c6bc4
Opcode Fuzzy Hash: 5c4f3c0664b42394932dfb77f882e9119eb0c10978ef7bd2ecd26ff45caaf5a1
Instruction Fuzzy Hash: 9111F2B58003489FDB60DF99D889BDEFBF8EB48324F20841AE555A7610D374AA44CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 06C91B44 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,049E6190,?,?,?,?,?,?,?,06C95338,00000000,?,00000000), ref: 06C954BD

Memory Dump Source

Source File: 00000000.00000002.280697583.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c90000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: abc077311710d4f2eb2c793520131865b2c6bf5877d21420e48b9ffdb13db06c
Instruction ID: a142f5a8e3474e7b4818e2dc179d9adf6740dcd62fdb90307513edc820f3586e
Opcode Fuzzy Hash: abc077311710d4f2eb2c793520131865b2c6bf5877d21420e48b9ffdb13db06c
Instruction Fuzzy Hash: B71103B58003499FDB50DF9AD889BDEBBF8EB48324F50841AE519A7700C378A954CFB1

Uniqueness

Uniqueness Score: -1.00%

Function 02509BC8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02509C2E

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b17ae1832e67f5f6d73b421121d09aeb1e2238f5eac535de5ed0e0fc164395db
Instruction ID: 70055fa48076f56a899cad4cd9f701cb19ef1ef0e83762b1e438d98aa542ceb4
Opcode Fuzzy Hash: b17ae1832e67f5f6d73b421121d09aeb1e2238f5eac535de5ed0e0fc164395db
Instruction Fuzzy Hash: 661102B2D002498FCB10CF9AC844BDEFBF4BF88224F14842AD419A7610C374A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 04F0E528 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba178db22f5a9916787aec58636cd223cb65060a2e84e98e2d65957efef19d7c
Instruction ID: 0a1af30eb364cfc1d1ed4d3e428d8d8e2d32b25a4dbeee0a1a3f095a6211cc2d
Opcode Fuzzy Hash: ba178db22f5a9916787aec58636cd223cb65060a2e84e98e2d65957efef19d7c
Instruction Fuzzy Hash: 5681FB31E2070A8FCB10DF69C980999F7F1FF99300F21C756E519BB251EB70AA958B80

Uniqueness

Uniqueness Score: -1.00%

Function 04F0B8B4 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf348918a61615fddc402d7d907e8334b5918088d9a346c1e05c7155398a3c0b
Instruction ID: 04e830c1c48d81444f373c9633c985b0a63c8d22066050823f80328ad62d90b6
Opcode Fuzzy Hash: bf348918a61615fddc402d7d907e8334b5918088d9a346c1e05c7155398a3c0b
Instruction Fuzzy Hash: D381EE31E2070A8FCB14DF69C990599F7B1FF99300F21C756E519BB251EB70AA95CB80

Uniqueness

Uniqueness Score: -1.00%

Function 04F0EAF0 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b574db27fd30228b7a1bff918b1c86c0f239e944e9752bb4129d5933712da5a
Instruction ID: c22f2f1069740b9f072ff6e4512adc4f951841f97c0553f875e36802bfbc222d
Opcode Fuzzy Hash: 0b574db27fd30228b7a1bff918b1c86c0f239e944e9752bb4129d5933712da5a
Instruction Fuzzy Hash: 9171E474E002099FDB14DFA9D484ADEBBF1FF88315F14C469E415A7390DB35A84ADB50

Uniqueness

Uniqueness Score: -1.00%

Function 04F0E311 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 673b96f930636ecfc136631e5ac69d9d96bbb26e27db85ce3fcae51cc345b4d8
Instruction ID: a9daa475aa4b29a45d5c22c2a652f05379109689e668cc9e02c779040ed6fa43
Opcode Fuzzy Hash: 673b96f930636ecfc136631e5ac69d9d96bbb26e27db85ce3fcae51cc345b4d8
Instruction Fuzzy Hash: EB610635D00609DEDB05EFA8C8509EDFBB1FF89300F00C65AE5556B265EB70AA86DB81

Uniqueness

Uniqueness Score: -1.00%

Function 04F0E320 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6633d4dc90e6402b9bfad47ec2740dc1d147cd4df053d33066e35c22e683f82
Instruction ID: 9a52bdf22cf7853d2304517c2b769c88bde461eba76fc2d13d86a14690280c64
Opcode Fuzzy Hash: b6633d4dc90e6402b9bfad47ec2740dc1d147cd4df053d33066e35c22e683f82
Instruction Fuzzy Hash: A6610635D00609DEDB05EFE8C8449EEFBB1FF89300F00C65AE5556B265EB70AA85DB81

Uniqueness

Uniqueness Score: -1.00%

Function 04F0E100 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a87496a6816704a16d55c271713449fe9b9502263ce0eafe70b051564854086c
Instruction ID: 529c5fdd91dbdeb64a4c9020d51b95dbf27fef8e5dd904fae359ca80464bdde6
Opcode Fuzzy Hash: a87496a6816704a16d55c271713449fe9b9502263ce0eafe70b051564854086c
Instruction Fuzzy Hash: 3A514C35F006088FDB14DFA8C88499DBBF6FF89704B148569E509AB361DB71ED46DB40

Uniqueness

Uniqueness Score: -1.00%

Function 04F0E0F1 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d688147debf63cf9f08145360d2b67058f2d0fe67026179ad5a4e1ee9b0406f
Instruction ID: 502d0d05fb3d4380638a675bce9ea6b5527dcf35cdd2e9f157121c0a59d4e625
Opcode Fuzzy Hash: 1d688147debf63cf9f08145360d2b67058f2d0fe67026179ad5a4e1ee9b0406f
Instruction Fuzzy Hash: 01515A35F006048FDB14EFA8C88499DBBF6FF89304B1585A9E509AB361EB71ED46DB40

Uniqueness

Uniqueness Score: -1.00%

Function 04F0B8A4 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c8259787bb2adb9f85c9370f4e3bd3a22b88c3a23cb0235da4eae346615f321
Instruction ID: 372b5cfaec986728eefc89fbc805bd43896023ecaac1f217730c274ce39ee43d
Opcode Fuzzy Hash: 8c8259787bb2adb9f85c9370f4e3bd3a22b88c3a23cb0235da4eae346615f321
Instruction Fuzzy Hash: F051C375E0020ADFCF14DFA8D58099EB7F1FF89314F10C96AE815AB240E730A955DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04F0D4A8 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8e9fbe2d701a5f4fd1127923da586bf483f12bcf5cd12b75753cf900397b308
Instruction ID: 943a021c1e144f7da3c3caa1cedbda768c719ebf0881de7af9d0e53867fa4a22
Opcode Fuzzy Hash: b8e9fbe2d701a5f4fd1127923da586bf483f12bcf5cd12b75753cf900397b308
Instruction Fuzzy Hash: 573159307006109FDB24EB79C8549AE7BF9EFC6664B1044A9E406CB3A1DF74EC06D761

Uniqueness

Uniqueness Score: -1.00%

Function 04F0F1E0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dab2c32f4a58e7511c4ccb20f2858650a0646af113b30c3630947ccdf90abee0
Instruction ID: ad8676ea168b6d05d27fdfebdf1fb0809a1661c484290808af48fb12d4dc5785
Opcode Fuzzy Hash: dab2c32f4a58e7511c4ccb20f2858650a0646af113b30c3630947ccdf90abee0
Instruction Fuzzy Hash: 9F319034B001018FDB64EF69C894A6AB7F6FFC5308B648569D905CB3A5DB71EC06CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04F0F1D0 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbc05cda41993e69cf019897df430537e29ee790d47e4b0a0cbf183b5664b8fc
Instruction ID: f366eb9fab3e57d9a53766e7b6b617029168ce893da8a1b1caaedde6fc6d423b
Opcode Fuzzy Hash: fbc05cda41993e69cf019897df430537e29ee790d47e4b0a0cbf183b5664b8fc
Instruction Fuzzy Hash: 6931B339700201CFDB24EF68C894A69B7B6FFC5308B1485B9D405CB2A2CB71EC06DB60

Uniqueness

Uniqueness Score: -1.00%

Function 04F0EA30 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb75d7f717061ba153c45dd6597f54f3b1d24d1e744af7ff73eeedea83850b4b
Instruction ID: 07d58711c7c889ded9b0595c78d97d9277e54dcebb9c1a5a49ed3e9ce21f6e89
Opcode Fuzzy Hash: eb75d7f717061ba153c45dd6597f54f3b1d24d1e744af7ff73eeedea83850b4b
Instruction Fuzzy Hash: 84119435B005108BDB149B6DE44446DB3D7EFC8626718887AD00AC73A0CF35EC83E741

Uniqueness

Uniqueness Score: -1.00%

Function 04F0F6E0 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d82fbb163d69cdd38a57b79f9dc9b1ee130e62e0e517d7fa24e93ea148d05d2d
Instruction ID: 9d54c1fd2b8de529c359544cffb5b6cf6b8866806f25c95cad39967c07a39bb9
Opcode Fuzzy Hash: d82fbb163d69cdd38a57b79f9dc9b1ee130e62e0e517d7fa24e93ea148d05d2d
Instruction Fuzzy Hash: 1D21C3302053808FE724EB34C454ADA77E1AF8A269F0484ADD54E8B361CF75FC4AD7A1

Uniqueness

Uniqueness Score: -1.00%

Function 04F0FE00 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a22a8fe29e725339ba9ed7bd65a7d5367b6c3bdb4456495b6f05c728bf7956c2
Instruction ID: 6466eb0498ad42e577826397b6e7d1dcea43428f1c1eb38dfa462ad5e788cc96
Opcode Fuzzy Hash: a22a8fe29e725339ba9ed7bd65a7d5367b6c3bdb4456495b6f05c728bf7956c2
Instruction Fuzzy Hash: 0C01C032B0112687DB26B6A989601EEB3B79FC8710F14446ACA01A7380DEB96D8347A5

Uniqueness

Uniqueness Score: -1.00%

Function 04F0FE10 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccce585615286ad402894b31e7f5982cf78db29ef11e1f05cef62915c1818d5a
Instruction ID: 01c39a17efcd2d2c8b0c89580f6a8a6c0a344441fe95d4baa23ec3e8c6217202
Opcode Fuzzy Hash: ccce585615286ad402894b31e7f5982cf78db29ef11e1f05cef62915c1818d5a
Instruction Fuzzy Hash: AC01D432B0122487DF2566A985205EFB6BB9FC8601F14406ACA01A73C0DFB56D4246A5

Uniqueness

Uniqueness Score: -1.00%

Function 04F0ED38 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06572fe6649ad5dfe88d477ce63dfbad10da08c0c7cc3f5a4f2042be33e36f74
Instruction ID: a0501cdd4cea421ebc83b2553dda5622331d66d7a6683ac7f17d98d9604c3fd9
Opcode Fuzzy Hash: 06572fe6649ad5dfe88d477ce63dfbad10da08c0c7cc3f5a4f2042be33e36f74
Instruction Fuzzy Hash: 6FF0F63378192747FB3976AC79840ED77C5CBC1776344896AD10DC64D1CA09A9836282

Uniqueness

Uniqueness Score: -1.00%

Function 04F0E940 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3a9e2ffa954a497cd28504e8dc966f189e6754e51cf7abf9bed0dcc01fb947e
Instruction ID: 07edb68609d17aead0a7bd2db8f5135bcc72b0f2b65e2c6f3a2dc4c9d3fa7078
Opcode Fuzzy Hash: d3a9e2ffa954a497cd28504e8dc966f189e6754e51cf7abf9bed0dcc01fb947e
Instruction Fuzzy Hash: 240169B9208601AFE710EF59D88099ABBE6EB8D224310C42AE44EC7762D634E8128790

Uniqueness

Uniqueness Score: -1.00%

Function 04F0E9A8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c3b9f3032ad3113b89a5ef2cfde3ea714468d8a6beef12adab58b8d469e6958
Instruction ID: 87c7d9d322e4a49bfd9c54c9d58282f678cb117cbd733b7b42e39decb8bf2811
Opcode Fuzzy Hash: 9c3b9f3032ad3113b89a5ef2cfde3ea714468d8a6beef12adab58b8d469e6958
Instruction Fuzzy Hash: 17F02B2074837217FB2926A6AC113AE379A5FC5708F04841EC582C71C3CF58B843A7CB

Uniqueness

Uniqueness Score: -1.00%

Function 04F0D3D4 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f943f23830a8472c671c5b0e5cc342d43b076ff0451f4f738cf8c474e6b8a4cd
Instruction ID: 087ee7342601a7c400effd03dd05342a6400ef58b69d78e29c2030cb3d822dc2
Opcode Fuzzy Hash: f943f23830a8472c671c5b0e5cc342d43b076ff0451f4f738cf8c474e6b8a4cd
Instruction Fuzzy Hash: ECF06D7A300600AFA714EF5ED88095BBBEAEF88328310C82AF54ED7760D630FC119790

Uniqueness

Uniqueness Score: -1.00%

Function 04F0EDA8 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec621478a2321de823715f5a57e8f9ecdb079e897724333a27273e18e0c93ae0
Instruction ID: 350cfaea156b6d7094ec38232165ff0ed6739c3d07701ab75f13e6ac5637c30e
Opcode Fuzzy Hash: ec621478a2321de823715f5a57e8f9ecdb079e897724333a27273e18e0c93ae0
Instruction Fuzzy Hash: C0F027383541504FD305A72CD84CC9C77EAEFCAA7471980BAE409CB363CE64AC038790

Uniqueness

Uniqueness Score: -1.00%

Function 04F0E9B8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d78357b531082361c24c2d81c7a96ef6dd61523720ba31da417e92087f53459
Instruction ID: 4113d960553aebd5febc22f01f2c94ffe210bd63656fe0e36c6e0318999c9e69
Opcode Fuzzy Hash: 7d78357b531082361c24c2d81c7a96ef6dd61523720ba31da417e92087f53459
Instruction Fuzzy Hash: AEF0A72070462257EB6926AA9C1536F318A5FC5704F04C81DD546866C1DF58BC43A7DB

Uniqueness

Uniqueness Score: -1.00%

Function 04F0D3F0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 357f52bd49dba5749d351bbec190a935220182383a50f1766edb89be4ecdddfa
Instruction ID: 241b53b601a947f0e070c881750561f56f3cf3da686d5b3b6515db944491c610
Opcode Fuzzy Hash: 357f52bd49dba5749d351bbec190a935220182383a50f1766edb89be4ecdddfa
Instruction Fuzzy Hash: D0F065763441106F9514A76DD888D6BB7EDEFC9A7931105AAF609C73B1CA60AC01C6B4

Uniqueness

Uniqueness Score: -1.00%

Function 04F0F6F0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d158e921ea1e328ea30d75765b99445f4806888c267f57b53c930ff1207288f
Instruction ID: 78afd6d3c03b06997aeb45e6b0412f5e95f7c35b0a4010144b835cad92774169
Opcode Fuzzy Hash: 7d158e921ea1e328ea30d75765b99445f4806888c267f57b53c930ff1207288f
Instruction Fuzzy Hash: 73F049342006108FD764DF38D444B9A73E6EF89728F008868E51E9B360CF71FC498B91

Uniqueness

Uniqueness Score: -1.00%

Function 04F0F7A0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5abcd22f000d2a3d4be6e9ba368b59c456a029f0f1791f4b640ea7fd0391a72a
Instruction ID: 758516ab2a516a1853c6dc0014d386d0b797e74187be0b8ffdc2ee0aa50001e7
Opcode Fuzzy Hash: 5abcd22f000d2a3d4be6e9ba368b59c456a029f0f1791f4b640ea7fd0391a72a
Instruction Fuzzy Hash: 8AE04C4169E6D34FE30273AA19951C45FE249734A039D409BC141CB157E84D49879313

Uniqueness

Uniqueness Score: -1.00%

Function 04F0F688 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2498a2b7b1a09a41f98efcd5627b88c923121f33782cc3f5433274f7422ca79
Instruction ID: d1715e6a97b44532730a51502978fc4a6a33ce004d01d1f6c7142cc7eab6223a
Opcode Fuzzy Hash: b2498a2b7b1a09a41f98efcd5627b88c923121f33782cc3f5433274f7422ca79
Instruction Fuzzy Hash: 3DF0A0306493018FE724AB7490545D837E19F4A259B0840BEC40ACB276DAB6AC42D751

Uniqueness

Uniqueness Score: -1.00%

Function 04F0F698 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba0d33e417d43f198292909b33a03ad7b7acb0ab518a2c7260b5c458245715ec
Instruction ID: 695ce1d215f53e0c4e40445ef12b7450ed0721dad19334934fcd9154b31bdc73
Opcode Fuzzy Hash: ba0d33e417d43f198292909b33a03ad7b7acb0ab518a2c7260b5c458245715ec
Instruction Fuzzy Hash: 1EE092303403008BDB28AB78E0549E973E5EF8835AF0400BED40EC7260CF71AC41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 04F0EDB8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4264490d64bb92f48384161ceae3ea941b9cbd0770699c3b82c3fbb80a3f877
Instruction ID: 3b0ca2940735638c9d1246ddf3ddaa559725805c46dfe869e14de1178262025e
Opcode Fuzzy Hash: e4264490d64bb92f48384161ceae3ea941b9cbd0770699c3b82c3fbb80a3f877
Instruction Fuzzy Hash: 1BE012393104108FC704AB5DD448C69B7EAEBCD63571580BAE509C7361CE70AC028B90

Uniqueness

Uniqueness Score: -1.00%

Function 04F0FF4D Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925da474ebcb7c6df7b2e922fc6374dac4993fe3532a40f3f20661738404ea73
Instruction ID: 9b39f84bcc52efce7406584bc155854d960f44ba070de7e29bb44dd75cca79be
Opcode Fuzzy Hash: 925da474ebcb7c6df7b2e922fc6374dac4993fe3532a40f3f20661738404ea73
Instruction Fuzzy Hash: 21E0EC35248691CFD705DB28E49CF647F91EFC2229F1941FED1488B66BCB26640AC704

Uniqueness

Uniqueness Score: -1.00%

Function 04F0FC51 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e8c30e9a713d52c59cc7c0c1eaad14f81aa1d6765829efb0098d4f2c0287dd7
Instruction ID: fb23df363cec10e3ec5ee4a5c694f8d571ae246af6f86a79ec33ae57054d4814
Opcode Fuzzy Hash: 5e8c30e9a713d52c59cc7c0c1eaad14f81aa1d6765829efb0098d4f2c0287dd7
Instruction Fuzzy Hash: 80C04C4559D7831AF71276A16C612A07B516B52149BCD00A580D14545BD84C12464211

Uniqueness

Uniqueness Score: -1.00%

Function 04F0F1B0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8df5117e4f9d18334eb873454a3bf914d14251f87346d3b792824faa9ec06c4c
Instruction ID: 2d322dccd9a46f44e6b7727a397ab6e2c3905229b95ce7999904896bbb765bc6
Opcode Fuzzy Hash: 8df5117e4f9d18334eb873454a3bf914d14251f87346d3b792824faa9ec06c4c
Instruction Fuzzy Hash: 88B092204082C2CAFE1066E1E4982C92BA1DBD0388F545131C543905908E2FA843C085

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 04F006B4 Relevance: .9, Instructions: 931COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ac676cdc2f0f34a853016d28e6aadbcd249dab923288d57f879f86a98f21d1a
Instruction ID: 02d0f1537d1f46dc7ab36d72b68026054d2621576a7bc58d71fade00ab4b8767
Opcode Fuzzy Hash: 4ac676cdc2f0f34a853016d28e6aadbcd249dab923288d57f879f86a98f21d1a
Instruction Fuzzy Hash: 54A21A31E006198FDB15EF68C8546EDB7B2FF89304F1482A9D90AB7251EB74AE85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04F037F1 Relevance: .8, Instructions: 783COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 871ec05a1d1b7ff9e9e6d0368cfa56cf41e3ba5e03cd4e015872ac3321d97c2f
Instruction ID: b985143bb65e89925956ad21805c7e0f42aa391ccfdc57294dff78985e876884
Opcode Fuzzy Hash: 871ec05a1d1b7ff9e9e6d0368cfa56cf41e3ba5e03cd4e015872ac3321d97c2f
Instruction Fuzzy Hash: EE822931E002598FDB15EF68C8546EDB7B2FF89304F1482A9D90AB7291EB746E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0250EBB8 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8cfb35ed01b22d76d2e4ebee5aa9c1cbe4a09da7539b7980a2767551201233b
Instruction ID: 6bb85341705f96eb5dd1244d395893d8142ca53b910c64c2402104721a9595db
Opcode Fuzzy Hash: e8cfb35ed01b22d76d2e4ebee5aa9c1cbe4a09da7539b7980a2767551201233b
Instruction Fuzzy Hash: A512D4F141A746EBD310CFA6E9882893FA1F74433CB964228D2611FAD1D7BC194AEF54

Uniqueness

Uniqueness Score: -1.00%

Function 0250C214 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83b64dcf98a681172b97a8f8a9b6d4b1530ff29563410adbd71c95078ee3267e
Instruction ID: 7ad3c74bf4f8318f8d997553e25b7eeb6ee8a140f040e72469ecd2e4277729a4
Opcode Fuzzy Hash: 83b64dcf98a681172b97a8f8a9b6d4b1530ff29563410adbd71c95078ee3267e
Instruction Fuzzy Hash: E2A14F32E0061ACFCF05DFA5C8845DDBBB2FF89304B25856AE905AB2A1DB35E955CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0250EBB2 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.271027413.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2500000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ebb6460a07548fdb1da1f5dbfc8eac3feb11ca729ec4c03b8fb8d8f835657c3
Instruction ID: 9b46c5c68da21865ddc36ea343b50c797933d1d0933e44f27a8c200d9a26a3b3
Opcode Fuzzy Hash: 4ebb6460a07548fdb1da1f5dbfc8eac3feb11ca729ec4c03b8fb8d8f835657c3
Instruction Fuzzy Hash: 71C118B181A746EBD710CFA6E8881893F61FB8433CF524228D2616F6D0D7BC194ADF54

Uniqueness

Uniqueness Score: -1.00%

Function 04F0B8D8 Relevance: 24.2, Strings: 19, Instructions: 464COMMON

Download Yara Rule

Strings

$%k, xrefs: 04F0BC7A
$%k, xrefs: 04F0BB8A
$%k, xrefs: 04F0BE2A
$%k, xrefs: 04F0BA6A
$%k, xrefs: 04F0BDFA
$%k, xrefs: 04F0BE7E
$%k, xrefs: 04F0BEC6
$%k, xrefs: 04F0B94A
$%k, xrefs: 04F0BAFA
$%k, xrefs: 04F0B8EA
$%k, xrefs: 04F0BA3A
$%k, xrefs: 04F0BB2A
$%k, xrefs: 04F0BCAA
$%k, xrefs: 04F0BE5A
$%k, xrefs: 04F0B9DA
$%k, xrefs: 04F0BA9A
$%k, xrefs: 04F0B91A
$%k, xrefs: 04F0BB5A
$%k, xrefs: 04F0BCDA

Memory Dump Source

Source File: 00000000.00000002.277571508.0000000004F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4f00000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID: $%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k$$%k
API String ID: 0-2385108095
Opcode ID: 02d26d1c09f19e13675d26ef8c1192d51dde76a967423863832e15426bcddb9e
Instruction ID: 296800e4d9b44fcc5b71409445a678f68606d82df9ccb666f21a67173ebc07e1
Opcode Fuzzy Hash: 02d26d1c09f19e13675d26ef8c1192d51dde76a967423863832e15426bcddb9e
Instruction Fuzzy Hash: 0EE12F70B006019B9F15BFB958A11ADA2938FC0348354C87D980AAF7CBDF78FD0A9791

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exePID: 4592, Parent PID: 5912COMMON

Execution Graph

Execution Coverage:	11.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	15%
Total number of Nodes:	20
Total number of Limit Nodes:	1

Executed Functions

Function 067E3070 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E313B

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 4d197f6cf6168484a1d56a4e99412880f241fe4a254966924ee39e2126d26171
Instruction ID: c2eb6ba486f4fd658b9878593969379f853b373aac377917ddec494f59b844a5
Opcode Fuzzy Hash: 4d197f6cf6168484a1d56a4e99412880f241fe4a254966924ee39e2126d26171
Instruction Fuzzy Hash: 1DC1B174E00218CFDB64DFA5D884BADBBB2FB89304F2080A9D409AB354DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E7A48 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E7B13

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 793a6042e9c14a6112947101c81a24be0a936b3a1635777b94737bad894f36c0
Instruction ID: c99ce0db57769e836610be3dd301879c259a8e630747a5b3960cfd9e01f6ef74
Opcode Fuzzy Hash: 793a6042e9c14a6112947101c81a24be0a936b3a1635777b94737bad894f36c0
Instruction Fuzzy Hash: 8CC1A074E01218CFDB64DFA9D994B9DBBB2FB89304F2080A9D409AB355DB385E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E6038 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E6103

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 9a8d6d82a79cd7ca83f7aa55091d6ed30de5d60cf407d77d4a47e4fd317232e5
Instruction ID: 887396c0f8ab4ce52349c5fddd99aa499f27181e3a03b9f4d0783d1edb8c8bd1
Opcode Fuzzy Hash: 9a8d6d82a79cd7ca83f7aa55091d6ed30de5d60cf407d77d4a47e4fd317232e5
Instruction Fuzzy Hash: C1C19F74E01218CFDB64DFA5D994BADBBB2EF89304F2080A9D409AB355DB385E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067EF838 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EF903

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 39161982d17fa0beb720552aa6e761b8886b6f09e7ce221831e9d6be140455fc
Instruction ID: cf01bdd5b35559b445bd0c79959ae047d25f63daa860641c3bced55a4173d8e8
Opcode Fuzzy Hash: 39161982d17fa0beb720552aa6e761b8886b6f09e7ce221831e9d6be140455fc
Instruction Fuzzy Hash: EFC1A174E01218CFDB64DFA5D984B9DBBB2FB89304F2081A9D809AB355DB385E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E4628 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E46F3

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: fd247f1782d762d6028516fc4cf0c13ff5533b16e161bf589687127d1080d20a
Instruction ID: 89b1d3b8c8b1ef92e8badbde6da83b330d5ad50e1a7b86bb07d1b86fca390e48
Opcode Fuzzy Hash: fd247f1782d762d6028516fc4cf0c13ff5533b16e161bf589687127d1080d20a
Instruction Fuzzy Hash: 36C19F74E01218CFDB64DFA5D994BADBBB2FB89304F2080A9D419AB355DB385E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067EDE00 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EDECB

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: e33eec0de464726a6a990cdb4c6fd340fde918de388d488e1b9fe30597174966
Instruction ID: 2b2f408b3c88e19f3e59fd9584ffd1939164b277836b3e5fd428c4a2c67868e6
Opcode Fuzzy Hash: e33eec0de464726a6a990cdb4c6fd340fde918de388d488e1b9fe30597174966
Instruction Fuzzy Hash: 93C19F74E00218CFDB64DFA5D994B9DBBB2EF89304F2080A9D419AB355DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E82F8 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E83C3

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 8f9dbe652913dc3bc7ceb18950409a79255ed7ccf1fce45e0313cb9dc0c05f2b
Instruction ID: 89f059ad381e1614fa5150a968e31b23f5d37f4094462f235806e8cef13a6b6d
Opcode Fuzzy Hash: 8f9dbe652913dc3bc7ceb18950409a79255ed7ccf1fce45e0313cb9dc0c05f2b
Instruction Fuzzy Hash: ACC1B074E00218CFDB64DFA5D994BADBBB2FB89304F2080A9D409AB355DB385E85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 067E68E8 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E69B3

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 24cffde6cc475b1412f0fd622cc61cf529746f75b41e5e3244a783b07f1e07d4
Instruction ID: 91a94d3ce91858b0ac980888af1b738f1d828728c71a8fd1e812c70ae31fd2b3
Opcode Fuzzy Hash: 24cffde6cc475b1412f0fd622cc61cf529746f75b41e5e3244a783b07f1e07d4
Instruction Fuzzy Hash: 60C1A074E01218CFDB64DFA5D994BADBBB2FB89304F2081A9D409AB355DB385E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067EE6D8 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EE7A3

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 7508a746a0b17662c48f0b8a23d6e489428a0bd11c15a8e9648f3e6f200ea99e
Instruction ID: bbfb8da8a503c09a51bd2f62a1fb4e345c58a39ed9e38a3357e5a472ff00ccf4
Opcode Fuzzy Hash: 7508a746a0b17662c48f0b8a23d6e489428a0bd11c15a8e9648f3e6f200ea99e
Instruction Fuzzy Hash: 14C19174E01218CFDB64DFA5D984BADBBB2FB89304F2080A9D409AB355DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E4ED8 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E4FA3

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 7945fc2d86d124967bdcc10664cabe64cb667f41ab33275a51c9289dc30f75df
Instruction ID: 61f55889a5b22ca04a6732817e7f60ee982555bb951caadc3e73918b714a2352
Opcode Fuzzy Hash: 7945fc2d86d124967bdcc10664cabe64cb667f41ab33275a51c9289dc30f75df
Instruction Fuzzy Hash: 95C1AF74E01218CFDB64DFA5D994BADBBB2FB89304F2080A9D409AB355DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E34C8 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E3593

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 1c75d5b5b9b19ead98cfb3cca85d8009789886f72fb27cc8ebb2b4993054d7ae
Instruction ID: 5f5ad8d37d2270a6a9a0fcf55b3cad7098ff352c84bd048a3b68808be5361a97
Opcode Fuzzy Hash: 1c75d5b5b9b19ead98cfb3cca85d8009789886f72fb27cc8ebb2b4993054d7ae
Instruction Fuzzy Hash: 88C1B274E00218CFDB64DFA5D884BADBBB2FB89314F2080A9D409AB355DB345E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E7EA0 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E7F6B

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 7d67da203f2df9c5528e5d43fd9e67609918ed26b2187b206dcf051e2550d6b5
Instruction ID: ad6eebae492e9f00b1c5b49892ef09dc8eddc18899a4423459c055171e203321
Opcode Fuzzy Hash: 7d67da203f2df9c5528e5d43fd9e67609918ed26b2187b206dcf051e2550d6b5
Instruction Fuzzy Hash: 90C1A074E01218CFDB64DFA5D994BADBBB2FB89304F2080A9D419AB354DB385E85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 067E6490 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E655B

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 42b8ce640d2b5938a2bccb6ccd8e8af0d33e3f6803149e7c7db0bca2628f50b7
Instruction ID: d88b4f8ad0df871091996881f7b5c7e24e98422d1f619a1ebfd7ae1bd2b2551c
Opcode Fuzzy Hash: 42b8ce640d2b5938a2bccb6ccd8e8af0d33e3f6803149e7c7db0bca2628f50b7
Instruction Fuzzy Hash: 02C1AF74E00218CFDB64DFA5D994B9DBBB2FB89304F2080A9D419AB355DB385E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E4A80 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E4B4B

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 5c8e710a193c94ab423ded37e6be8adc9ad25bc7518bfece501f5dfce1a8be93
Instruction ID: 9daca1817f67b29bc4a6cc609e47b12e7f3218783c745af1438823ed2810f1a3
Opcode Fuzzy Hash: 5c8e710a193c94ab423ded37e6be8adc9ad25bc7518bfece501f5dfce1a8be93
Instruction Fuzzy Hash: A9C1AF74E00218CFDB64DFA5D994BADBBB2FB89304F2081A9D409AB355DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067EE280 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EE34B

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 6e48345751a6d44d026201c469e3b20572148b5368650e9a4d6e9206eda832b9
Instruction ID: 371869892646aa1e11b94474154b827e435d710ea5cbb985feceddc8304941d6
Opcode Fuzzy Hash: 6e48345751a6d44d026201c469e3b20572148b5368650e9a4d6e9206eda832b9
Instruction Fuzzy Hash: 7BC1A074E01218CFDB64DFA5D994B9DBBB2FB89304F2080A9D409AB354DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E3D78 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E3E43

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: c126ac5531e2b02497ed7a07c2b495f333c6b63b523e46f195d764f1827accab
Instruction ID: be00464f1a4b5c5fc4eba2a529c6d82542b3164f246c504f753a99e2aa622fe9
Opcode Fuzzy Hash: c126ac5531e2b02497ed7a07c2b495f333c6b63b523e46f195d764f1827accab
Instruction Fuzzy Hash: 33C19F74E00218CFDB64DFA9D994B9DBBB2FB89304F2080A9D419AB355DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E8750 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E881B

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: b6409e06ac93fcb12c97970a83d6c61ca090d3eee70b9d3cbba0535e45995dde
Instruction ID: b030f7e3be365cef1dbe406585ab7a22595720ee8b0121a88d93c867610f954e
Opcode Fuzzy Hash: b6409e06ac93fcb12c97970a83d6c61ca090d3eee70b9d3cbba0535e45995dde
Instruction Fuzzy Hash: 37C1A074E01218CFDB64DFA9D894B9DBBB2FB89304F2081A9D409AB354DB395E85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 067E6D40 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E6E0B

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: b6200029fbabac936e9c1feee9c73bc7d46434b9ea6bead659d925ba4bd89e93
Instruction ID: 555aaeb3aa9fa70d01886d1386791d8ca3be454ee5bcba7cea121ae2b05b66a6
Opcode Fuzzy Hash: b6200029fbabac936e9c1feee9c73bc7d46434b9ea6bead659d925ba4bd89e93
Instruction Fuzzy Hash: E4C1A074E00218CFDB64DFA5D894B9DBBB2FB89304F2080A9D419AB355DB385E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E5330 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E53FB

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: ddeec232463fb9f328c8c442b1e017617d00721474379bfbc9e4a45797e5bb78
Instruction ID: c7cc39a391ea88bf530d5e60fe3607721c8c49e55b340aaecd7a5321c948fcb8
Opcode Fuzzy Hash: ddeec232463fb9f328c8c442b1e017617d00721474379bfbc9e4a45797e5bb78
Instruction Fuzzy Hash: 77C1AF74E00218CFDB64DFA5D994BADBBB2FB89304F2080A9D419AB354DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067EEB30 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EEBFB

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: d94776f663ea16fd50cf00b733a97dfd4152c754df8c84ff3a0a4ba425d1c392
Instruction ID: 9fe2e01366058599f5550a550dfbc1f5eb949b4421a8ca4de8d71d672a5d37ca
Opcode Fuzzy Hash: d94776f663ea16fd50cf00b733a97dfd4152c754df8c84ff3a0a4ba425d1c392
Instruction Fuzzy Hash: F1C19F74E01218CFDB64DFA9D984B9DBBB2EB89304F2080A9D419AB355DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E3920 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E39EB

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 1fa7c6c1c134c4861a9386f2e727153cdcae14866d85f727592cf540c45b6411
Instruction ID: 320daf8567a6c56c3163cca20234bf51001440859aa7ae87df93e3a2bf891dd5
Opcode Fuzzy Hash: 1fa7c6c1c134c4861a9386f2e727153cdcae14866d85f727592cf540c45b6411
Instruction Fuzzy Hash: 6FC1A074E00218CFDB64DFA5D994BADBBB2FB89314F2080A9D409AB355DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E75F0 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E76BB

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: b4aa473db0e9d2e88a6ccb3d07792f50991c77e2440e12144546bc167edd9c3d
Instruction ID: 8f1eddedea8a8ffeb53b4205ac00beb8a162379b2ea02e2f778157be45a3e935
Opcode Fuzzy Hash: b4aa473db0e9d2e88a6ccb3d07792f50991c77e2440e12144546bc167edd9c3d
Instruction Fuzzy Hash: 59C1A074E01218CFDB64DFA9D894B9DBBB2EF89304F2080A9D409AB354DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E5BE0 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E5CAB

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: f44a7c310d9d8b36778f7aa70422e76f844896db36dc5d2bf524d94d06c91f1b
Instruction ID: 7b7f956fb789e9ec4dcfd4391b5c1fa0aa2e0aedca76d6445dfd324e3630c901
Opcode Fuzzy Hash: f44a7c310d9d8b36778f7aa70422e76f844896db36dc5d2bf524d94d06c91f1b
Instruction Fuzzy Hash: FEC19074E00218CFDB64DFA5D994BADBBB2FB89304F2080A9D409AB355DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067EF3E0 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EF4AB

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 380c5996135e8436b872172716a1b2374d631c5ca70202c663c502020efa952b
Instruction ID: 14a29a5d1ca31d513b2aee7abc27fe0cbec4190e4129c3e87aaa080b4490483b
Opcode Fuzzy Hash: 380c5996135e8436b872172716a1b2374d631c5ca70202c663c502020efa952b
Instruction Fuzzy Hash: BBC1A074E01218CFDB64DFA9D994B9DBBB2FB89304F2080A9D409AB354DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E41D0 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E429B

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 2873bdb09d0d7a1f2bfaa31e2e65e5d9c2163bd16e40cf12fc6e54377e1de4e4
Instruction ID: 2d3c8ee0fea823ad3b3ce80c08019b7df4f1451becbff7bbd6f4ee411a47aaa2
Opcode Fuzzy Hash: 2873bdb09d0d7a1f2bfaa31e2e65e5d9c2163bd16e40cf12fc6e54377e1de4e4
Instruction Fuzzy Hash: 22C1AF74E00218CFDB64DFA5D994BADBBB2FB89304F2081A9D419AB355DB385E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E7198 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E7263

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 75dbd6b5ec54d0eda7d9811f8c39d5fa1d48fcd5197e06c6911ae499959ed08c
Instruction ID: 24f09ecb3502bf21b58abfdce5a28170124f66857b1aa5785282b54d3771d7bd
Opcode Fuzzy Hash: 75dbd6b5ec54d0eda7d9811f8c39d5fa1d48fcd5197e06c6911ae499959ed08c
Instruction Fuzzy Hash: 58C1A074E01218CFDB64DFA5D994B9DBBB2FB89304F2080A9D419AB355DB385E85CF20

Uniqueness

Uniqueness Score: -1.00%

Function 067EEF88 Relevance: 1.8, APIs: 1, Instructions: 268COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EF053

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 1e5cb796b25381cac3c3fa7bfe7feab994269b6a8215d72be969e6981ea29f4a
Instruction ID: f267b3dd18c89986c282bcc7202bda9a177db85406097157fd984dab27f7d582
Opcode Fuzzy Hash: 1e5cb796b25381cac3c3fa7bfe7feab994269b6a8215d72be969e6981ea29f4a
Instruction Fuzzy Hash: F8C1AF74E01218CFDB64DFA5D984B9DBBB2FB89304F2080A9D409AB355DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E5788 Relevance: 1.8, APIs: 1, Instructions: 268
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E5853

Part of subcall function 067E2AD8: KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 60512b4ca31b45d4bb67af3b2868948a1020efbaf390f97f901ae908f0438b4b
Instruction ID: abae89a38cbc2559efcbb039e25869194a91becade50831c4da217b4d859e8b1
Opcode Fuzzy Hash: 60512b4ca31b45d4bb67af3b2868948a1020efbaf390f97f901ae908f0438b4b
Instruction Fuzzy Hash: B6C19F74E01218CFDB64DFA9D994B9DBBB2FB89304F2080A9D409AB355DB395E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067EF828 Relevance: 1.6, APIs: 1, Instructions: 107COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EF903

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 2423c6b156cd0c69f11484b3a4faede4c29af2f56f0fa62feb70f6fceea7b255
Instruction ID: df3fd45309339dd4bd47cdc6df2a0b45649196f665feec92cc908a497522ce1a
Opcode Fuzzy Hash: 2423c6b156cd0c69f11484b3a4faede4c29af2f56f0fa62feb70f6fceea7b255
Instruction Fuzzy Hash: 28410570E01208CBDB58DFAAD8446EEFBB2BF89300F20D12AC414BB254DB395946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067EE6C8 Relevance: 1.6, APIs: 1, Instructions: 107COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EE7A3

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: a7a6fd0d31239c877ef23b3a7d79eebcfa33b31147ec9dcd6befb412943005ca
Instruction ID: a156549645d355e12fb4969787c9ea749d1940996f083d907661f0967503ac78
Opcode Fuzzy Hash: a7a6fd0d31239c877ef23b3a7d79eebcfa33b31147ec9dcd6befb412943005ca
Instruction Fuzzy Hash: 2141F470E00208CBDB58DFAAD8446EEFBB2BF89304F20C13AC514AB254EB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067EEF79 Relevance: 1.6, APIs: 1, Instructions: 105COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EF053

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: b2ee6c30a8c8d957c9ec95f7c8af6e9f8c530ca273ef52a378ce9bae76a85825
Instruction ID: 8758018f6dfbc945bc8787b6d8e761759407bfa9b97211f36781713f53958846
Opcode Fuzzy Hash: b2ee6c30a8c8d957c9ec95f7c8af6e9f8c530ca273ef52a378ce9bae76a85825
Instruction Fuzzy Hash: FD41F574E012488BDB58DFBAD4446EEFBB2AF89300F24C12AC414BB255DB385946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067EDDF0 Relevance: 1.6, APIs: 1, Instructions: 104COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EDECB

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: f22d0c4fcdea87fd03f0def8706e4024dea86bfd85e68116da99e8bc15ec5e89
Instruction ID: 933a721203b3e3d4c7a086646a1c4febb1fa044a2246ad86a28195dfc336bedf
Opcode Fuzzy Hash: f22d0c4fcdea87fd03f0def8706e4024dea86bfd85e68116da99e8bc15ec5e89
Instruction Fuzzy Hash: 9441E270E01648CBDB58DFAAD9446EEFBF2BF89304F24C12AC414AB259DB395946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067EF3D0 Relevance: 1.6, APIs: 1, Instructions: 104COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EF4AB

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 23a4c80d192b06b6f23f4b09671bc7573eccb92a21206d2b0699eb90ddfe74a8
Instruction ID: 84a183a03152f0f63ce9d5e1023f8420e7136b6d399f4448cdc742ed158134fb
Opcode Fuzzy Hash: 23a4c80d192b06b6f23f4b09671bc7573eccb92a21206d2b0699eb90ddfe74a8
Instruction Fuzzy Hash: 5941E370E01208CBDB58DFAAD55469EFBF2BF89304F20D12AC414AB255DB395906CF51

Uniqueness

Uniqueness Score: -1.00%

Function 067EE271 Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EE34B

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: dc78ec047a2f1b3bbcbb8c5e4cd0461cc95808b857e8f544923e4bccbfcd768a
Instruction ID: 584f3a51621a397b1f4303a772e7ce66ba32bb493c4a780de8e42f5168b880db
Opcode Fuzzy Hash: dc78ec047a2f1b3bbcbb8c5e4cd0461cc95808b857e8f544923e4bccbfcd768a
Instruction Fuzzy Hash: 5741E271E01608CBDB58DFAAD9446AEFBB2BF89304F20C12AC414BB254EB385906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E82E8 Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E83C3

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 28082f24bd76078cfeba7186707e9283fd948972934e1f1b1c59d551153a2f02
Instruction ID: f94a48a55cbcc27e65aa4af239a1d43fceaec2dd8b81dea204413c98ac031981
Opcode Fuzzy Hash: 28082f24bd76078cfeba7186707e9283fd948972934e1f1b1c59d551153a2f02
Instruction Fuzzy Hash: 9841E570E00208CBDB58DFEAD9546DDFBB2AF89304F24C12AC414BB255EB355906CF55

Uniqueness

Uniqueness Score: -1.00%

Function 067EEB20 Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067EEBFB

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: b17db22838926e9b25f8e4c845b5805b920cabe4c926d7424a4e774a101ec2f9
Instruction ID: 078a3d2a6eb77431c70c2163b3e8809662ba772a7ed690fd590b44b7b30df756
Opcode Fuzzy Hash: b17db22838926e9b25f8e4c845b5805b920cabe4c926d7424a4e774a101ec2f9
Instruction Fuzzy Hash: 9B41E270E01208CFEB58DFBAD9546EEBBB2BF89300F24C12AC414AB255DB394946CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E41C0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E429B

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: b853879ba28fe096617a5c540c769022e65527bf820f1db407f771b868b6335e
Instruction ID: f5e1e4ba39ce40cff301c54c840dbed97d6a1de2e10ce63d2b6d287bb56d68d7
Opcode Fuzzy Hash: b853879ba28fe096617a5c540c769022e65527bf820f1db407f771b868b6335e
Instruction Fuzzy Hash: E841C371E01208CBDB58DFEAD95569EFBF6AF89300F24D12AC414BB258DB385945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E2D81 Relevance: 1.6, APIs: 1, Instructions: 102libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 067E2DE1

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9a094f4ac2554511d58aa893af809b2d1ec1447a0a5cb7b5bc97e05edf48defa
Instruction ID: a46a0e3a6ab95f2148581e9e630d1eaf75b89345fb8956a658b1b1f36a689e50
Opcode Fuzzy Hash: 9a094f4ac2554511d58aa893af809b2d1ec1447a0a5cb7b5bc97e05edf48defa
Instruction Fuzzy Hash: CB416AB4E00119DFDB14CFA9D484AEDFBB6BF88304F258119D4046B286C775AA8ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 067E68D8 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E69B3

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 8afa271d118d125b436b3f3c3e60e1706ebeca70b6247fc03aa7025a154c2f4d
Instruction ID: de253863e70a5e207b30239c624a884040ad3c0991bc4577482da92aece67124
Opcode Fuzzy Hash: 8afa271d118d125b436b3f3c3e60e1706ebeca70b6247fc03aa7025a154c2f4d
Instruction Fuzzy Hash: 1C41F8B1E01208CBDB58DFEAD5546EEFBB2BF99304F24C12AC414AB254DB385946CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E3D68 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E3E43

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 8420d27234373f4eef13097c827c3742ad2b8f580d1c92e90e90208b85f5339d
Instruction ID: b641669d42368a1296d10ec1a0ade5da4715b249841d0611b1608bd70b2cd1ef
Opcode Fuzzy Hash: 8420d27234373f4eef13097c827c3742ad2b8f580d1c92e90e90208b85f5339d
Instruction Fuzzy Hash: 7F41E771D01208CBDB58DFEAD8556DDFBF2AF89300F24C12AC414AB254DB384906CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E4A70 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E4B4B

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: f402b7094d7311b8abf6acf1fe8caf8e0010c3d90e99e0ce165de768ffbb55ef
Instruction ID: 2e30a3abc28190328f0104cb726defa63b8d9ee759d480df3d2a1f9cc737d2d0
Opcode Fuzzy Hash: f402b7094d7311b8abf6acf1fe8caf8e0010c3d90e99e0ce165de768ffbb55ef
Instruction Fuzzy Hash: 8241CF71E01648CBDB58DFAAD8546EEBBF2BF89304F24D12AC414AB258EB385945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E602A Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E6103

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 939c4fb21701d840d8ed8e3691140673a4cdd5c598cc8c9c9b0535b5f24de82c
Instruction ID: 375af5b5d612392c29e0283031200d483a7c6d1154d773d9d18cb9798988fd1e
Opcode Fuzzy Hash: 939c4fb21701d840d8ed8e3691140673a4cdd5c598cc8c9c9b0535b5f24de82c
Instruction Fuzzy Hash: 8341E470E01208CBDB58DFAAD9546EEFBF2BF99304F24C12AC414AB259DB385946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E34B8 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E3593

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 59aeac201248240a7839e3cde3f6d3eb8cd7b38bb048e260a9f9ff61a990e5f3
Instruction ID: e64eccd03ea05824072391748ff23c166832ddbb077c87de215f84a43a65fc21
Opcode Fuzzy Hash: 59aeac201248240a7839e3cde3f6d3eb8cd7b38bb048e260a9f9ff61a990e5f3
Instruction Fuzzy Hash: FD41E370E01208CBDB58CFAAD9546EEFBF2BF89310F24C12AC414AB254DB395946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E7E90 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E7F6B

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: e1ad7c6bdfbee695d89f748b548c0041dcf01e7b59c501223492c7a67b1a44d8
Instruction ID: 040230f08686ffa6b310c5651d5983a775426b487e53b4ee2b5fbe734a122527
Opcode Fuzzy Hash: e1ad7c6bdfbee695d89f748b548c0041dcf01e7b59c501223492c7a67b1a44d8
Instruction Fuzzy Hash: EC41C170E016088BEB58DFFAD9546EEBBB2AF89300F24C12AC414AB254DB384946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E5778 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E5853

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 9c3c39d3d52c4c5824d81639fb78091f34645645ae4e08366263a5c9459d331d
Instruction ID: bb0344159b648b1f4c26e0aea976d7e879bf16aaf16d25893dc2d26ec7eda5b0
Opcode Fuzzy Hash: 9c3c39d3d52c4c5824d81639fb78091f34645645ae4e08366263a5c9459d331d
Instruction Fuzzy Hash: 4A41C570E01208CFEB58DFAAD9546EEBBB2BF89304F20D12AC414AB255DB395946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E8741 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E881B

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 2a0fa3f8ae96b6ee8b304288c4ee476d4894c58f22e7524cbaa9a5bd957707f4
Instruction ID: 22f52c39f8afdcc325fe3b21fd3910ff01405a394f598834f7d3d35344327215
Opcode Fuzzy Hash: 2a0fa3f8ae96b6ee8b304288c4ee476d4894c58f22e7524cbaa9a5bd957707f4
Instruction Fuzzy Hash: F141C571E01208CBEB58DFEAD84569DBBB2BF89300F24C12AC414AB254DB355945CF51

Uniqueness

Uniqueness Score: -1.00%

Function 067E6D30 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E6E0B

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 4e6f82dbd3ab15e5089951aaf0265d078a836058d260352202bce4cc8c4039ee
Instruction ID: 03dde35dd36d4f74f715ddcc707298db4b1177eaea574c028780b495e98592c9
Opcode Fuzzy Hash: 4e6f82dbd3ab15e5089951aaf0265d078a836058d260352202bce4cc8c4039ee
Instruction Fuzzy Hash: AB41C370E01608CBDB58DFFAD9556ADBBB2BF89300F24C12AC415AB294DB385946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E75E0 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E76BB

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 04a3b4452e96f4eee7497c02bedcd8a9c43da5681bbc418db0047d9d744dd305
Instruction ID: 9e60a19081083a52c001b19cd1182048b262c2b2c4d1e55d20ba15e626c3eb73
Opcode Fuzzy Hash: 04a3b4452e96f4eee7497c02bedcd8a9c43da5681bbc418db0047d9d744dd305
Instruction Fuzzy Hash: 8241C371E01208CBDB58DFAAD9546EEFBB2BF89304F24C12AC415BB258DB385945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 067E7188 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E7263

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: c3f5f14adbc9992354d96f982d90dc179493e887abba3bc92838f2fa748ac9dd
Instruction ID: c4b039a3ff3a096b722ad364d0b271ca6e942a966266359ce22cf6bf52fd5089
Opcode Fuzzy Hash: c3f5f14adbc9992354d96f982d90dc179493e887abba3bc92838f2fa748ac9dd
Instruction Fuzzy Hash: B041D471E01248CBDB58DFEAD8546EDBBB2BF89300F24D12AC414AB258DB385946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E3060 Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E313B

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 06386d06f87c364df746a3ea2d3200c2549d8bd1906b5a8688546f0546c2e58b
Instruction ID: 477267d54f9ce9b823d12ac0e6fff68c9b8f7db762bf1a75362f8cb62639e177
Opcode Fuzzy Hash: 06386d06f87c364df746a3ea2d3200c2549d8bd1906b5a8688546f0546c2e58b
Instruction Fuzzy Hash: DE41E270E012488BEB58DFEAD9546EEFBB2BF89314F24C12AC414BB258DB395945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E7A3A Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E7B13

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 482511d8011ba229834fb0873d7cc2a427c61792926e3734f1df05ef6cc6c64b
Instruction ID: 96221dc3f8159b6f2bc8502d95cd20cbf89a50a8ce32db41f969347e1ae46079
Opcode Fuzzy Hash: 482511d8011ba229834fb0873d7cc2a427c61792926e3734f1df05ef6cc6c64b
Instruction Fuzzy Hash: AC41C270E01608CBDB58DFEAD8556DDBBB2BF89304F24D12AC414AB258EB385A46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E4618 Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E46F3

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: df74cb5dc9c197530ca53d8b76974e8bcef5cbf1eda2d06b975d8dd1d7dc2adc
Instruction ID: 19aefffe7c299f98ab0e6a45906e9331eaebdbe1b2c9503bff6a5593111ac4c9
Opcode Fuzzy Hash: df74cb5dc9c197530ca53d8b76974e8bcef5cbf1eda2d06b975d8dd1d7dc2adc
Instruction Fuzzy Hash: 0141E470E00248CBDB58DFAAD9446EEBBF2BF89300F24D12AC414BB258DB385946CF54

Uniqueness

Uniqueness Score: -1.00%

Function 067E4EC8 Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E4FA3

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 96f31e7e7e3ec17a168e41165247971cbedcc3204f6b88dc97f9b22319f8b852
Instruction ID: 0e3849eecb9be6d3c5c9f09c2caa3835e02dcb8b8664fc90fa3798ccc9e722dd
Opcode Fuzzy Hash: 96f31e7e7e3ec17a168e41165247971cbedcc3204f6b88dc97f9b22319f8b852
Instruction Fuzzy Hash: 5841D270E01648CFEB58DFAAD8546EDBBF2AF99304F24C12AC414BB258DB395946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E6482 Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E655B

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: d148043b47f3a846e18ccddea3f8212ac8f63e883f202275f646b22a5dc35e99
Instruction ID: 5701a6c3cd5e65832fd1ca6885f44d7e15977c369203b7b09e61029560666174
Opcode Fuzzy Hash: d148043b47f3a846e18ccddea3f8212ac8f63e883f202275f646b22a5dc35e99
Instruction Fuzzy Hash: 4741B471E01208CBDB58DFAAD9546EEFBB2BF99300F24C12AC414BB255EB385946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E3910 Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E39EB

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 46010d3cec7235ed1fc61b099b6f932831d672419439c995413f64418f84691f
Instruction ID: a6743f0e85e2141fdf59dd3db6c75cadcd4c6bcc4bad3161191bcd51c29cf5fc
Opcode Fuzzy Hash: 46010d3cec7235ed1fc61b099b6f932831d672419439c995413f64418f84691f
Instruction Fuzzy Hash: D441D470E01208CBEB58DFAAD5447EEBBB2BF89310F20D12AC414BB255DB385945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E5321 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E53FB

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 5b045ba2f4c05e0908a79c96af5844e149c683eafcd41a678c1594b5441d203a
Instruction ID: be5ec9ad64c1eb6b439479c1bdf4c9e1924b93a6448148e0be9e350f0dfbac09
Opcode Fuzzy Hash: 5b045ba2f4c05e0908a79c96af5844e149c683eafcd41a678c1594b5441d203a
Instruction Fuzzy Hash: 3141D374E01208CFEB18DFAAD85469EFBB2BF89304F24D12AC414AB254EB395945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E5BDA Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 067E5CAB

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 99f7c9944b6e1974c741613a7aa260fefce2bb1c8fafbab1766d98c1c74e6e96
Instruction ID: accfde37d099053a900d952e7b9d085577144f83469f1283854befef50aa4b88
Opcode Fuzzy Hash: 99f7c9944b6e1974c741613a7aa260fefce2bb1c8fafbab1766d98c1c74e6e96
Instruction Fuzzy Hash: 1441A270E01208CBEB58DFAAD5546EEFBB2BF89304F24D12AC414AB254DB395946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E2AD8 Relevance: 1.6, APIs: 1, Instructions: 124COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL(000000FF), ref: 067E2C3A

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 0976ed2db4b2d0ee7844deaa2e46e94033ab77ed8fdac4fe492599d73ef7e06a
Instruction ID: b039320695ac8cc0fc8f376a53806faf3f9f60a15b0918003abde243c3bf329f
Opcode Fuzzy Hash: 0976ed2db4b2d0ee7844deaa2e46e94033ab77ed8fdac4fe492599d73ef7e06a
Instruction Fuzzy Hash: 725113B4E00218CFDB18DFAAD8446DEBBB6BF88314F14C129D424AB295DB749949CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E2C73 Relevance: 1.6, APIs: 1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 129f3334a8b90273863d1e3a21d4ba3649b25836ccce4f13398f8ac54e909299
Instruction ID: 11c0c15c2bbb99cce4841f0540154d8d147e1c0d1b4fa4feffb2589953a38ec1
Opcode Fuzzy Hash: 129f3334a8b90273863d1e3a21d4ba3649b25836ccce4f13398f8ac54e909299
Instruction Fuzzy Hash: 48513374E00208CFDB54DFA8D4846EDBBB6BF49324F208229D425BB2A1D7749A89CF10

Uniqueness

Uniqueness Score: -1.00%

Function 067E2F2C Relevance: 1.6, APIs: 1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72d6670cf286515316ab06ecc1d02d7f842911d9659aa554ba0c16b3913fe344
Instruction ID: 42450c89e3c36e64ede5b778a389fac2a166821a4f4ed0f5e8fdbc6a5fa65f37
Opcode Fuzzy Hash: 72d6670cf286515316ab06ecc1d02d7f842911d9659aa554ba0c16b3913fe344
Instruction Fuzzy Hash: 0E418E74A04519CFDB14CFA8D484ADCF7B6FF4C314F649119E029AB282C7359A8ACF50

Uniqueness

Uniqueness Score: -1.00%

Function 067E2ECC Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfcce8ae9f7d78aa0da5673a441ca5c5241132ccff01972bbdc8d6451e6941ac
Instruction ID: 624753b05faeda9973b1a1e251924d8739e0f98e6a31deb22815b255747b9a19
Opcode Fuzzy Hash: bfcce8ae9f7d78aa0da5673a441ca5c5241132ccff01972bbdc8d6451e6941ac
Instruction Fuzzy Hash: 44412774E04519CFDB54CFA8D484AECF7B6FB4C314F258158E425AB282C7359A8ACF50

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 067EC020 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc7d3eb9f824faaefe10d2057cacd6d39bda003ad0b633e12191b8fa26b923d0
Instruction ID: fbe7d18a3f5694629feebc91de872e74c09ad0941042c8fb824b9f16d79f0f66
Opcode Fuzzy Hash: cc7d3eb9f824faaefe10d2057cacd6d39bda003ad0b633e12191b8fa26b923d0
Instruction Fuzzy Hash: 49B1A674E00218CFDB54DFA9D884A9DBBB2FF89314F2081A9D819AB365DB34AD45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 067EC00F Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01cfa96f84c5626a32bc95c0c608888377b3d5791ea795e08c0b082964d03ebb
Instruction ID: 17dfc09a3a6141ff48c1428155b1b72c9da7b69c51e4a7fb4f6e318af7d93970
Opcode Fuzzy Hash: 01cfa96f84c5626a32bc95c0c608888377b3d5791ea795e08c0b082964d03ebb
Instruction Fuzzy Hash: 2251A474E006088FDB58DFAAD984A9DBBF2FF8D300F248169D418AB365DB349946CF51

Uniqueness

Uniqueness Score: -1.00%

Function 067EC336 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.509360964.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67e0000_TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfaae5db4ec23fa266b1e7210a02653da59f80b7f816cff7e5f9f39b65664d25
Instruction ID: 6c7d73fa57df2543a861fc664edd011bd5f0aaaa58b09fb517dfd86ff8b9c3f9
Opcode Fuzzy Hash: bfaae5db4ec23fa266b1e7210a02653da59f80b7f816cff7e5f9f39b65664d25
Instruction Fuzzy Hash: B6D09E34D4425A8ECB21EFA4D9503EDB776BBD6200F0061D5811DB7250D7305E548E96

Uniqueness

Uniqueness Score: -1.00%

Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKeysNormalize.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.273267189.0000000003541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDoncepre.dll@ vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271717491.0000000002626000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWebName.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271410326.00000000025A7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWebName.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.280763595.0000000006EF0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameKeysNormalize.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.275679814.0000000003814000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000000.236415106.00000000001C2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameELEMD.exe. vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.281062016.0000000007250000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDoncepre.dll@ vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.281037436.0000000007110000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameWebName.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000002.271499452.00000000025DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000000.00000003.260670018.0000000006B92000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKeysNormalize.dll4 vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000000.267300036.0000000000422000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameYFGGCVyufgtwfyuTGFWTVFAUYVF.exeX vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe, 00000004.00000002.502317619.00000000012F7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe
Source: TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe	Binary or memory string: OriginalFilenameELEMD.exe. vs TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
TUFAN YAZ#U011eAN - Kredi Kart#U0131 Hesap #U00d6zeti - 45431108.exe

Function 04F0B8C8 Relevance: 24.4, Strings: 19, Instructions: 651
COMMON

Function 025099E8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194
COMMON

Function 02505364 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 02503EA0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 0250A754 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 0250C2F8 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Function 02508D38 Relevance: 1.6, APIs: 1, Instructions: 63
libraryCOMMON

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre