Windows
Analysis Report
pzG0rkIchr.exe
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 492 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\pzG 0rkIchr.dl l" MD5: C676FC0263EDD17D4CE7D644B8F3FCD6) - conhost.exe (PID: 5284 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 5156 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\pzG 0rkIchr.dl l",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - rundll32.exe (PID: 1228 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\pzG0 rkIchr.dll ",#1 MD5: 73C519F050C20580F8A62C849D49215A) - regsvr32.exe (PID: 5172 cmdline:
regsvr32.e xe /s C:\U sers\user\ Desktop\pz G0rkIchr.d ll MD5: D78B75FC68247E8A63ACBA846182740E) - rundll32.exe (PID: 400 cmdline:
rundll32.e xe C:\User s\user\Des ktop\pzG0r kIchr.dll, DllRegiste rServer MD5: 73C519F050C20580F8A62C849D49215A) - rundll32.exe (PID: 2100 cmdline:
rundll32.e xe C:\User s\user\Des ktop\pzG0r kIchr.dll, ItsnPq5v MD5: 73C519F050C20580F8A62C849D49215A) - WerFault.exe (PID: 5904 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 2 100 -s 304 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0) - WerFault.exe (PID: 5968 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 2 100 -s 304 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0) - rundll32.exe (PID: 1308 cmdline:
rundll32.e xe C:\User s\user\Des ktop\pzG0r kIchr.dll, QlqYo259k MD5: 73C519F050C20580F8A62C849D49215A) - WerFault.exe (PID: 5188 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 1 308 -s 304 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0) - WerFault.exe (PID: 3260 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 1 308 -s 304 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
- cleanup
{"c2_domain": ["https://gigimas.xyz", "https://reaso.xyz"], "botnet": "202206061", "aes key": "eq2opFFpGzpd2p9t", "sleep time": "20", "request time": "30", "host keep time": "120", "host shift time": "120"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnifv4 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnifv4 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnifv4 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnifv4 | Yara detected Ursnif | Joe Security |
Timestamp: | 192.168.2.48.8.8.864906532039645 11/24/22-05:22:35.810533 |
SID: | 2039645 |
Source Port: | 64906 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.48.8.8.861007532039645 11/24/22-05:20:02.978332 |
SID: | 2039645 |
Source Port: | 61007 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.48.8.8.861124532039645 11/24/22-05:21:04.451832 |
SID: | 2039645 |
Source Port: | 61124 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.48.8.8.859444532039645 11/24/22-05:21:34.871041 |
SID: | 2039645 |
Source Port: | 59444 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.48.8.8.855570532039645 11/24/22-05:22:05.359167 |
SID: | 2039645 |
Source Port: | 55570 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.48.8.8.860686532039645 11/24/22-05:20:33.386749 |
SID: | 2039645 |
Source Port: | 60686 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.48.8.8.859446532039645 11/24/22-05:23:06.390786 |
SID: | 2039645 |
Source Port: | 59446 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00007FF88C07FB70 | |
Source: | Code function: | 3_2_00007FF88C07FB70 | |
Source: | Code function: | 6_2_00007FF88C07FB70 |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: |
Source: | Code function: | 0_2_0000027ED37137E0 | |
Source: | Code function: | 0_2_0000027ED3715638 | |
Source: | Code function: | 0_2_0000027ED371A918 | |
Source: | Code function: | 0_2_0000027ED3716DF0 | |
Source: | Code function: | 0_2_0000027ED3717FD4 | |
Source: | Code function: | 0_2_0000027ED3713CD8 | |
Source: | Code function: | 0_2_0000027ED37131C0 | |
Source: | Code function: | 0_2_0000027ED37134A4 | |
Source: | Code function: | 0_2_0000027ED3719D6C | |
Source: | Code function: | 0_2_0000027ED3714540 | |
Source: | Code function: | 0_2_0000027ED371204C | |
Source: | Code function: | 0_2_00007FF88C076D50 | |
Source: | Code function: | 0_2_00007FF88C075840 | |
Source: | Code function: | 0_2_00007FF88C071520 | |
Source: | Code function: | 0_2_00007FF88C088D50 | |
Source: | Code function: | 0_2_00007FF88C090D70 | |
Source: | Code function: | 0_2_00007FF88C07F964 | |
Source: | Code function: | 0_2_00007FF88C08B9B0 | |
Source: | Code function: | 0_2_00007FF88C0875E0 | |
Source: | Code function: | 0_2_00007FF88C081E14 | |
Source: | Code function: | 0_2_00007FF88C08F290 | |
Source: | Code function: | 0_2_00007FF88C0742A0 | |
Source: | Code function: | 0_2_00007FF88C0776E0 | |
Source: | Code function: | 0_2_00007FF88C071B10 | |
Source: | Code function: | 0_2_00007FF88C08B370 | |
Source: | Code function: | 0_2_00007FF88C079BA0 | |
Source: | Code function: | 0_2_00007FF88C0783C0 | |
Source: | Code function: | 0_2_00007FF88C086808 | |
Source: | Code function: | 0_2_00007FF88C076820 | |
Source: | Code function: | 0_2_00007FF88C074C80 | |
Source: | Code function: | 0_2_00007FF88C07DCAC | |
Source: | Code function: | 0_2_00007FF88C0790B0 | |
Source: | Code function: | 0_2_00007FF88C075CC0 | |
Source: | Code function: | 0_2_00007FF88C08F8F0 | |
Source: | Code function: | 0_2_00007FF88C0898F0 | |
Source: | Code function: | 3_2_003D37E0 | |
Source: | Code function: | 3_2_003D5638 | |
Source: | Code function: | 3_2_003DA918 | |
Source: | Code function: | 3_2_003D9D6C | |
Source: | Code function: | 3_2_003D204C | |
Source: | Code function: | 3_2_003D4540 | |
Source: | Code function: | 3_2_003D34A4 | |
Source: | Code function: | 3_2_003D6DF0 | |
Source: | Code function: | 3_2_003D3CD8 | |
Source: | Code function: | 3_2_003D7FD4 | |
Source: | Code function: | 3_2_003D31C0 | |
Source: | Code function: | 3_2_00007FF88C076D50 | |
Source: | Code function: | 3_2_00007FF88C075840 | |
Source: | Code function: | 3_2_00007FF88C071520 | |
Source: | Code function: | 3_2_00007FF88C088D50 | |
Source: | Code function: | 3_2_00007FF88C090D70 | |
Source: | Code function: | 3_2_00007FF88C07F964 | |
Source: | Code function: | 3_2_00007FF88C08B9B0 | |
Source: | Code function: | 3_2_00007FF88C0875E0 | |
Source: | Code function: | 3_2_00007FF88C081E14 | |
Source: | Code function: | 3_2_00007FF88C08F290 | |
Source: | Code function: | 3_2_00007FF88C0742A0 | |
Source: | Code function: | 3_2_00007FF88C0776E0 | |
Source: | Code function: | 3_2_00007FF88C071B10 | |
Source: | Code function: | 3_2_00007FF88C08B370 | |
Source: | Code function: | 3_2_00007FF88C079BA0 | |
Source: | Code function: | 3_2_00007FF88C0783C0 | |
Source: | Code function: | 3_2_00007FF88C086808 | |
Source: | Code function: | 3_2_00007FF88C076820 | |
Source: | Code function: | 3_2_00007FF88C074C80 | |
Source: | Code function: | 3_2_00007FF88C07DCAC | |
Source: | Code function: | 3_2_00007FF88C0790B0 | |
Source: | Code function: | 3_2_00007FF88C075CC0 | |
Source: | Code function: | 3_2_00007FF88C08F8F0 | |
Source: | Code function: | 3_2_00007FF88C0898F0 | |
Source: | Code function: | 4_2_0000021DD93337E0 | |
Source: | Code function: | 4_2_0000021DD9333CD8 | |
Source: | Code function: | 4_2_0000021DD93331C0 | |
Source: | Code function: | 4_2_0000021DD9335638 | |
Source: | Code function: | 4_2_0000021DD9339D6C | |
Source: | Code function: | 4_2_0000021DD93334A4 | |
Source: | Code function: | 4_2_0000021DD9336DF0 | |
Source: | Code function: | 4_2_0000021DD9337FD4 | |
Source: | Code function: | 4_2_0000021DD933A918 | |
Source: | Code function: | 4_2_0000021DD9334540 | |
Source: | Code function: | 4_2_0000021DD933204C | |
Source: | Code function: | 5_2_000001F71CC037E0 | |
Source: | Code function: | 5_2_000001F71CC03CD8 | |
Source: | Code function: | 5_2_000001F71CC06DF0 | |
Source: | Code function: | 5_2_000001F71CC034A4 | |
Source: | Code function: | 5_2_000001F71CC031C0 | |
Source: | Code function: | 5_2_000001F71CC07FD4 | |
Source: | Code function: | 5_2_000001F71CC09D6C | |
Source: | Code function: | 5_2_000001F71CC0A918 | |
Source: | Code function: | 5_2_000001F71CC05638 | |
Source: | Code function: | 5_2_000001F71CC04540 | |
Source: | Code function: | 5_2_000001F71CC0204C | |
Source: | Code function: | 6_2_00007FF88C071520 | |
Source: | Code function: | 6_2_00007FF88C088D50 | |
Source: | Code function: | 6_2_00007FF88C076D50 | |
Source: | Code function: | 6_2_00007FF88C090D70 | |
Source: | Code function: | 6_2_00007FF88C07F964 | |
Source: | Code function: | 6_2_00007FF88C08B9B0 | |
Source: | Code function: | 6_2_00007FF88C0875E0 | |
Source: | Code function: | 6_2_00007FF88C081E14 | |
Source: | Code function: | 6_2_00007FF88C08F290 | |
Source: | Code function: | 6_2_00007FF88C0742A0 | |
Source: | Code function: | 6_2_00007FF88C0776E0 | |
Source: | Code function: | 6_2_00007FF88C071B10 | |
Source: | Code function: | 6_2_00007FF88C08B370 | |
Source: | Code function: | 6_2_00007FF88C079BA0 | |
Source: | Code function: | 6_2_00007FF88C0783C0 | |
Source: | Code function: | 6_2_00007FF88C086808 | |
Source: | Code function: | 6_2_00007FF88C076820 | |
Source: | Code function: | 6_2_00007FF88C075840 | |
Source: | Code function: | 6_2_00007FF88C074C80 | |
Source: | Code function: | 6_2_00007FF88C07DCAC | |
Source: | Code function: | 6_2_00007FF88C0790B0 | |
Source: | Code function: | 6_2_00007FF88C075CC0 | |
Source: | Code function: | 6_2_00007FF88C08F8F0 | |
Source: | Code function: | 6_2_00007FF88C0898F0 |
Source: | Code function: | 0_2_0000027ED371A0AC | |
Source: | Code function: | 3_2_003DA0AC | |
Source: | Code function: | 4_2_0000021DD933A0AC | |
Source: | Code function: | 5_2_000001F71CC0A0AC |
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00007FF88C08B9B0 |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | API coverage: |
Source: | Code function: | 0_2_00007FF88C07FB70 | |
Source: | Code function: | 3_2_00007FF88C07FB70 | |
Source: | Code function: | 6_2_00007FF88C07FB70 |
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: | graph_0-10633 | ||
Source: | API call chain: | graph_0-10376 | ||
Source: | API call chain: | graph_0-10371 | ||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: | |||
Source: | API call chain: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF88C07E374 |
Source: | Code function: | 0_2_00007FF88C08B9B0 |
Source: | Code function: | 0_2_00007FF88C0711F0 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FF88C086DA4 | |
Source: | Code function: | 0_2_00007FF88C07E374 | |
Source: | Code function: | 0_2_00007FF88C07BC0C | |
Source: | Code function: | 3_2_00007FF88C086DA4 | |
Source: | Code function: | 3_2_00007FF88C07E374 | |
Source: | Code function: | 3_2_00007FF88C07BC0C | |
Source: | Code function: | 6_2_00007FF88C086DA4 | |
Source: | Code function: | 6_2_00007FF88C07E374 | |
Source: | Code function: | 6_2_00007FF88C07BC0C |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FF88C0865F0 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FF88C08ED60 |
Source: | Code function: | 0_2_00007FF88C07BB08 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 DLL Side-Loading | 112 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 12 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 21 Virtualization/Sandbox Evasion | LSASS Memory | 31 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 112 Process Injection | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Regsvr32 | NTDS | 1 Remote System Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Rundll32 | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 DLL Side-Loading | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
73% | ReversingLabs | Win64.Trojan.Tnega |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
gigimas.xyz | 185.250.148.35 | true | true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.250.148.35 | gigimas.xyz | Russian Federation | 48430 | FIRSTDC-ASRU | true |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 752975 |
Start date and time: | 2022-11-24 05:18:08 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 27s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | pzG0rkIchr.exe (renamed file extension from exe to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal84.troj.evad.winDLL@22/8@7/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WerFault.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212
- Excluded domains from analysis (whitelisted): onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, watson.telemetry.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: pzG0rkIchr.dll
Time | Type | Description |
---|---|---|
05:19:48 | API Interceptor | |
05:19:49 | API Interceptor | |
05:20:02 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.250.148.35 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
gigimas.xyz | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
FIRSTDC-ASRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pzG_5df03237c245e7792ae728ba7af47d1bed8c47f7_4f0e5919_16399239\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7600039551007107 |
Encrypted: | false |
SSDEEP: | 96:6TFZZFigJPnyqjs55P7HfipXIQcQHc6CcEm6cw3I/XaXz+HbHgSQgJPbpIDV9wO7:snigJKKH5Gs60j0I/u7swS274ltC |
MD5: | BD5C8925F7120E1292DBD4961E9F2AB2 |
SHA1: | 997623AC245EEC6535D175E199A180D43E9282FC |
SHA-256: | 0B242B11BC21F42FD27F1BDD633316DA3694606201E59C3C3CCC3593345C8B7A |
SHA-512: | 8075C625810E044C3224941D33DD97830E1EC5397E416AFC0DCCCB749580837F7629D7DDDCD531D39423195F82DCF2DF3060474F749789A977EF7DB655E65581 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pzG_f6b0ff3966a3d6c74191edf638977ebb42334d7_4f0e5919_156d919c\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7599992295897045 |
Encrypted: | false |
SSDEEP: | 96:icFXVFiXJPnybjs55P7Hf5pXIQcQdc6/RcEccw3+XaXz+HbHgSQgJPbpIDV9wOyk:71iXJKIHz9mAj0I/u7swS274ltC |
MD5: | 1E8445DB848C561B6CB8CBEF60359786 |
SHA1: | 00E829DA03ACB0B24004E2C2E45E7D439352BF8D |
SHA-256: | 8F94F06BC63F693379833D7156EC4C3E65788BD94BC7470C12EF985AED723EBD |
SHA-512: | 72C3DE3F22801E3947FDC86690B8A63175DC9EFCF7503AF898485A380B6941C42E55F965658B3F799051283C10C4823F5C0C2DE8EFE293C9904D117487FDA1D2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56070 |
Entropy (8bit): | 1.7075050210528775 |
Encrypted: | false |
SSDEEP: | 192:rlRq3OC5I6Pdfek5ka0LGuO3bcmXJBjz2RdYnUQDfERORDNKyB4RSOnR:pCDck5DbRD |
MD5: | 1A5AA058B4E8ACA002D6B153E7C3B88E |
SHA1: | B722FD3B879CCAD5D57716D5D375355C05AC1AA4 |
SHA-256: | 4C914A886A7765E4A814BD13405293A39423A4BB8A6EE712B7D48B0E3086A3F9 |
SHA-512: | 010E25A468C02F293CEBCAF7FA64CF746F6716571837CAD3BC35877EC74F8808B352E2DBC3CE080FF502E1CE8ED8EF02F69F4953C48FFC0537CC6363A68EA782 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54966 |
Entropy (8bit): | 1.7301605700636602 |
Encrypted: | false |
SSDEEP: | 192:kl9crsOC5We/Q7NLbBjD4z5s0mE6liAU3Oq:amC8e/Q7d1V0m |
MD5: | A57C13F28721473003BE444D7239D372 |
SHA1: | 10C6496461E1C6113B6FF62120CA7D83CC17216A |
SHA-256: | EBF7FC039C185490580CF4BB3044B63044A13DD5305F7755AC858779DDFCD9FA |
SHA-512: | 814B8BD3E2333F3084A46553787236EE0C5C0B71EA62B6636836254D80939B593CC3AE58EABC8CD3DDAE9620CAC53AF5550504734A192F8BADBE8BA98EEA582A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8526 |
Entropy (8bit): | 3.696693878810589 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiWpWiN6Y+TagmfQYSl2G+prD89b4oCafaIm:RrlsNiYWiN6YKagmfQYSlR4FafE |
MD5: | 891C13F961FC9780F58F08B88D03FE00 |
SHA1: | 7AC38531C1F3F85ED591B419A1C0C9D560DE4B1B |
SHA-256: | B04D603146FD1D2F17D6588066AA48A86D85B511E7D88380393C69F9BCC4575C |
SHA-512: | 3D766FCF4F2835FD6750E5BED7331A27EF548BB8C9D729E7B3D3AD8AA09677360AE67F5F2887B1D8057FEBFC622505A4A179A2F07B31E87FBDCEFD4B42C2B477 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8524 |
Entropy (8bit): | 3.6955697518324317 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNivSLis6Y+ZagmfQhSGG+pr889b4IOfxIm:RrlsNiqLis6YgagmfQhSM4Zfr |
MD5: | 64CB5AA88613858B4078E5BB14479AE6 |
SHA1: | 138C49AF256A227F26D86557778AADF52F016EFB |
SHA-256: | 1001101306104ACE07059DB78333327804781A7FBC4E59CBC7DEB3AC14A27E8E |
SHA-512: | 32B368E68F5C667FE75F2B36BECB8680A2D39960E69878D527CAC83B1356126C7BFA04C9645E17A0ACCC7482F244DC7A5571186F0B5F7371D39FF7579A2F5F69 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4733 |
Entropy (8bit): | 4.474599386008591 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsA+JgtBI9XlVWgc8sqYjRTq8fm8M4JCXCOFFVyq85m27UZESC5S+d:uITf3NGgrsqYlTfJ8xVv+d |
MD5: | CDE8A3EB67D3F603A55F6BCA1C15EA67 |
SHA1: | 9425363A7B60C24BB7466FEAA6C38D60B86C084D |
SHA-256: | F2E7CAB0595409E2A61035A46D0DF145C3CCCDC99C2FE8FDB7BBF04B590ED7F9 |
SHA-512: | BC28D09B0C638843187EDB12E207B49C15A1F99917950FC5E748FEC26F62376E8AFDA47C3BBBEDB80F52FC38BF4C8FE02AA0232816274B4B291A576CD030FACC |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4733 |
Entropy (8bit): | 4.478085829501657 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsA+JgtBI9XlVWgc8sqYjF8fm8M4JCXCOCFUyq85m2skUZESC5Sjd:uITf3NGgrsqYeJuzTVvjd |
MD5: | 0BD2A0E70F01F1D342661314591029DC |
SHA1: | CFA327EBD0E02AEAA2F23AB3EA938AA843FB71F5 |
SHA-256: | A8350E49452A0A6A302EF0A3BA63447E4F1C64FF6C2335E22D1B53DE654A27D5 |
SHA-512: | 6CA8CB1FA55453B637117B22CC0C474110CFE03BCFD602657AEE4F778B4072F8623D5CF32193183DF148F8A5630996B0926C499700F663552898C875774CD12A |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.637392883592079 |
TrID: |
|
File name: | pzG0rkIchr.dll |
File size: | 290568 |
MD5: | d6ef4778f7dc9c31a0a2a989ef42d2fd |
SHA1: | 5dad8394ef37d5a006674589754f7a3187d303b1 |
SHA256: | 54de1f2c26a63a8f6b7f8d5de99f8ebd4093959ab07f027db1985d0652258736 |
SHA512: | 997b57424364ff661d80ca6efc5b7e91f2204d1ed7c4d784ee7d6134bc06952c993de038d6a25c71a7949b08ddd8cc5d167f8c753379f69ee1b6b49342fafa63 |
SSDEEP: | 6144:wHyvumb1p7CC8VoxOJbceNOHI2Tse2RTggR/Znv+yit:Smbrgu2so2TVwcK/ZnG/t |
TLSH: | ED54BF41F3D904A6D9138D3D8857562BEBF13C212214DA5F8B50C36A6F37BA1E739B22 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!5..eT..eT..eT....Z.`T....X..T....Y.hT..^...bT..^...qT..^...uT....`.fT..eT...T......gT......dT......dT..RicheT..........PE..d.. |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x18000b6ec |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x62C42DD7 [Tue Jul 5 12:25:59 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 4270d9bbb54b179372d82277269282e6 |
Signature Valid: | true |
Signature Issuer: | CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 71834A68FD130C9D08796B4F19A6FC67 |
Thumbprint SHA-1: | CA69087AAAA087346202AD16228337130511C4C5 |
Thumbprint SHA-256: | F13E4801E13898E839183E3305E1DDA7F4C0EBF6EAF7553E18C1DDD4EDC94470 |
Serial: | 2F96A89BFEC6E44DD224E8FD7E72D9BB |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
mov edi, eax |
mov ebx, edx |
dec eax |
mov esi, ecx |
cmp edx, 01h |
jne 00007FE818B824F7h |
call 00007FE818B828F0h |
dec esp |
mov eax, edi |
mov edx, ebx |
dec eax |
mov ecx, esi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
mov esi, dword ptr [esp+38h] |
dec eax |
add esp, 20h |
pop edi |
jmp 00007FE818B8236Ch |
int3 |
int3 |
int3 |
dec eax |
sub esp, 28h |
call 00007FE818B82D88h |
test eax, eax |
je 00007FE818B82513h |
dec eax |
mov eax, dword ptr [00000030h] |
dec eax |
mov ecx, dword ptr [eax+08h] |
jmp 00007FE818B824F7h |
dec eax |
cmp ecx, eax |
je 00007FE818B82506h |
xor eax, eax |
dec eax |
cmpxchg dword ptr [00038A68h], ecx |
jne 00007FE818B824E0h |
xor al, al |
dec eax |
add esp, 28h |
ret |
mov al, 01h |
jmp 00007FE818B824E9h |
int3 |
int3 |
int3 |
dec eax |
sub esp, 28h |
call 00007FE818B82D4Ch |
test eax, eax |
je 00007FE818B824F9h |
call 00007FE818B82B6Fh |
jmp 00007FE818B8250Bh |
call 00007FE818B82D34h |
mov ecx, eax |
call 00007FE818B844A1h |
test eax, eax |
je 00007FE818B824F6h |
xor al, al |
jmp 00007FE818B824F9h |
call 00007FE818B84828h |
mov al, 01h |
dec eax |
add esp, 28h |
ret |
dec eax |
sub esp, 28h |
xor ecx, ecx |
call 00007FE818B82636h |
test al, al |
setne al |
dec eax |
add esp, 28h |
ret |
int3 |
int3 |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x371c0 | 0x94 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x37254 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x46000 | 0x15cc | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x44600 | 0x2908 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x49000 | 0x618 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x34dd0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x34df0 | 0x94 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x23000 | 0x2a8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x21390 | 0x21400 | False | 0.6091694078947368 | zlib compressed data | 6.321988758719223 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x23000 | 0x14b40 | 0x14c00 | False | 0.5551228350903614 | data | 5.589680054404924 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x38000 | 0xd378 | 0xc200 | False | 0.581286243556701 | data | 4.475772855701728 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x46000 | 0x15cc | 0x1600 | False | 0.49556107954545453 | data | 5.3249872988992655 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gfids | 0x48000 | 0x94 | 0x200 | False | 0.248046875 | data | 1.4095612964443904 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x49000 | 0x618 | 0x800 | False | 0.54150390625 | data | 4.760086879502757 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
KERNEL32.dll | CreateFileA, LockFile, ReadFile, SetEndOfFile, UnlockFile, CloseHandle, PeekNamedPipe, HeapCreate, HeapAlloc, HeapFree, GetProcessHeap, HeapWalk, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, WaitForSingleObject, ExitProcess, CreateThread, VirtualAlloc, GetProcAddress, CreateFileMappingA, LoadLibraryA, CreateNamedPipeA, CallNamedPipeA, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, RtlUnwindEx, InterlockedFlushSList, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetCurrentProcess, TerminateProcess, GetModuleHandleExW, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, LCMapStringW, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStdHandle, GetFileType, GetStringTypeW, CreateFileW, HeapSize, HeapReAlloc, SetStdHandle, FlushFileBuffers, WriteFile, GetConsoleCP, GetConsoleMode, ReadConsoleW, SetFilePointerEx, WriteConsoleW, RaiseException |
Name | Ordinal | Address |
---|---|---|
DllRegisterServer | 1 | 0x180002380 |
ItsnPq5v | 2 | 0x180002390 |
QlqYo259k | 3 | 0x180017c20 |
XeFnYZ409 | 4 | 0x1800175e0 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.48.8.8.864906532039645 11/24/22-05:22:35.810533 | UDP | 2039645 | ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) | 64906 | 53 | 192.168.2.4 | 8.8.8.8 |
192.168.2.48.8.8.861007532039645 11/24/22-05:20:02.978332 | UDP | 2039645 | ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) | 61007 | 53 | 192.168.2.4 | 8.8.8.8 |
192.168.2.48.8.8.861124532039645 11/24/22-05:21:04.451832 | UDP | 2039645 | ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) | 61124 | 53 | 192.168.2.4 | 8.8.8.8 |
192.168.2.48.8.8.859444532039645 11/24/22-05:21:34.871041 | UDP | 2039645 | ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) | 59444 | 53 | 192.168.2.4 | 8.8.8.8 |
192.168.2.48.8.8.855570532039645 11/24/22-05:22:05.359167 | UDP | 2039645 | ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) | 55570 | 53 | 192.168.2.4 | 8.8.8.8 |
192.168.2.48.8.8.860686532039645 11/24/22-05:20:33.386749 | UDP | 2039645 | ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) | 60686 | 53 | 192.168.2.4 | 8.8.8.8 |
192.168.2.48.8.8.859446532039645 11/24/22-05:23:06.390786 | UDP | 2039645 | ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) | 59446 | 53 | 192.168.2.4 | 8.8.8.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 24, 2022 05:20:03.012599945 CET | 49706 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.012650967 CET | 443 | 49706 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.012737036 CET | 49706 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.016460896 CET | 49706 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.016508102 CET | 443 | 49706 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.072525024 CET | 443 | 49706 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.074080944 CET | 49707 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.074155092 CET | 443 | 49707 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.074337959 CET | 49707 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.075628996 CET | 49707 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.075655937 CET | 443 | 49707 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.131845951 CET | 443 | 49707 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.133225918 CET | 49708 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.133289099 CET | 443 | 49708 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.133398056 CET | 49708 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.134278059 CET | 49708 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.134324074 CET | 443 | 49708 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.191957951 CET | 443 | 49708 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.193757057 CET | 49709 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.193816900 CET | 443 | 49709 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.193898916 CET | 49709 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.194484949 CET | 49709 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:03.194506884 CET | 443 | 49709 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:03.250332117 CET | 443 | 49709 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.407180071 CET | 49710 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.407258034 CET | 443 | 49710 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.407423019 CET | 49710 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.408660889 CET | 49710 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.408710957 CET | 443 | 49710 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.463525057 CET | 443 | 49710 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.465197086 CET | 49711 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.465265036 CET | 443 | 49711 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.465380907 CET | 49711 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.466645002 CET | 49711 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.466680050 CET | 443 | 49711 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.522078991 CET | 443 | 49711 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.525345087 CET | 49712 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.525413036 CET | 443 | 49712 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.525672913 CET | 49712 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.526755095 CET | 49712 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.526801109 CET | 443 | 49712 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.582118988 CET | 443 | 49712 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.585807085 CET | 49713 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.585897923 CET | 443 | 49713 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.586055040 CET | 49713 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.586787939 CET | 49713 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:20:33.586810112 CET | 443 | 49713 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:20:33.641958952 CET | 443 | 49713 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.485233068 CET | 49714 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.485310078 CET | 443 | 49714 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.485480070 CET | 49714 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.486561060 CET | 49714 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.486601114 CET | 443 | 49714 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.541218996 CET | 443 | 49714 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.542530060 CET | 49715 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.542584896 CET | 443 | 49715 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.542787075 CET | 49715 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.543291092 CET | 49715 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.543320894 CET | 443 | 49715 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.598916054 CET | 443 | 49715 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.600245953 CET | 49716 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.600316048 CET | 443 | 49716 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.600423098 CET | 49716 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.600950003 CET | 49716 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.600979090 CET | 443 | 49716 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.668997049 CET | 443 | 49716 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.685195923 CET | 49717 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.685261965 CET | 443 | 49717 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.685632944 CET | 49717 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.686243057 CET | 49717 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:04.686269045 CET | 443 | 49717 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:04.742952108 CET | 443 | 49717 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:34.890145063 CET | 49718 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:34.890221119 CET | 443 | 49718 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:34.890311956 CET | 49718 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:34.891124010 CET | 49718 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:34.891169071 CET | 443 | 49718 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:34.949980021 CET | 443 | 49718 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:34.951565027 CET | 49719 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:34.951642990 CET | 443 | 49719 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:34.951733112 CET | 49719 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:34.952301979 CET | 49719 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:34.952337027 CET | 443 | 49719 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:35.007440090 CET | 443 | 49719 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:35.008912086 CET | 49720 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:35.008971930 CET | 443 | 49720 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:35.009077072 CET | 49720 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:35.009592056 CET | 49720 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:35.009608984 CET | 443 | 49720 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:35.066533089 CET | 443 | 49720 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:35.083612919 CET | 49721 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:35.083692074 CET | 443 | 49721 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:35.083832026 CET | 49721 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:35.084454060 CET | 49721 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:21:35.084505081 CET | 443 | 49721 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:21:35.141772032 CET | 443 | 49721 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.380898952 CET | 49722 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.380964041 CET | 443 | 49722 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.381064892 CET | 49722 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.382277966 CET | 49722 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.382314920 CET | 443 | 49722 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.438138962 CET | 443 | 49722 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.455518007 CET | 49723 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.455600977 CET | 443 | 49723 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.455710888 CET | 49723 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.458941936 CET | 49723 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.458985090 CET | 443 | 49723 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.514117002 CET | 443 | 49723 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.520054102 CET | 49724 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.520131111 CET | 443 | 49724 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.520246029 CET | 49724 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.521112919 CET | 49724 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.521135092 CET | 443 | 49724 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.579657078 CET | 443 | 49724 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.581623077 CET | 49725 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.581677914 CET | 443 | 49725 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.581792116 CET | 49725 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.582617998 CET | 49725 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:05.582637072 CET | 443 | 49725 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:05.638403893 CET | 443 | 49725 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:35.831705093 CET | 49726 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:35.831753016 CET | 443 | 49726 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:35.831830025 CET | 49726 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:35.832879066 CET | 49726 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:35.832906008 CET | 443 | 49726 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:35.888338089 CET | 443 | 49726 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:35.889817953 CET | 49727 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:35.889899969 CET | 443 | 49727 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:35.890064955 CET | 49727 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:35.890661955 CET | 49727 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:35.890711069 CET | 443 | 49727 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:35.947293997 CET | 443 | 49727 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:35.948555946 CET | 49728 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:35.948637009 CET | 443 | 49728 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:35.948796034 CET | 49728 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:35.949640989 CET | 49728 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:35.949681997 CET | 443 | 49728 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:36.007163048 CET | 443 | 49728 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:36.023938894 CET | 49729 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:36.023996115 CET | 443 | 49729 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:36.024108887 CET | 49729 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:36.025345087 CET | 49729 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:22:36.025382042 CET | 443 | 49729 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:22:36.080106020 CET | 443 | 49729 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.409924984 CET | 49730 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.409976006 CET | 443 | 49730 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.410056114 CET | 49730 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.411086082 CET | 49730 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.411104918 CET | 443 | 49730 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.465995073 CET | 443 | 49730 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.469316959 CET | 49731 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.469379902 CET | 443 | 49731 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.469492912 CET | 49731 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.470561028 CET | 49731 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.470582008 CET | 443 | 49731 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.525172949 CET | 443 | 49731 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.530029058 CET | 49732 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.530122042 CET | 443 | 49732 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.530237913 CET | 49732 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.531049967 CET | 49732 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.531092882 CET | 443 | 49732 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.586215019 CET | 443 | 49732 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.591008902 CET | 49733 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.591080904 CET | 443 | 49733 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.591201067 CET | 49733 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.592061043 CET | 49733 | 443 | 192.168.2.4 | 185.250.148.35 |
Nov 24, 2022 05:23:06.592088938 CET | 443 | 49733 | 185.250.148.35 | 192.168.2.4 |
Nov 24, 2022 05:23:06.646756887 CET | 443 | 49733 | 185.250.148.35 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 24, 2022 05:20:02.978332043 CET | 61007 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 24, 2022 05:20:02.997380018 CET | 53 | 61007 | 8.8.8.8 | 192.168.2.4 |
Nov 24, 2022 05:20:33.386749029 CET | 60686 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 24, 2022 05:20:33.404028893 CET | 53 | 60686 | 8.8.8.8 | 192.168.2.4 |
Nov 24, 2022 05:21:04.451832056 CET | 61124 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 24, 2022 05:21:04.469230890 CET | 53 | 61124 | 8.8.8.8 | 192.168.2.4 |
Nov 24, 2022 05:21:34.871041059 CET | 59444 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 24, 2022 05:21:34.888430119 CET | 53 | 59444 | 8.8.8.8 | 192.168.2.4 |
Nov 24, 2022 05:22:05.359167099 CET | 55570 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 24, 2022 05:22:05.377713919 CET | 53 | 55570 | 8.8.8.8 | 192.168.2.4 |
Nov 24, 2022 05:22:35.810533047 CET | 64906 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 24, 2022 05:22:35.829649925 CET | 53 | 64906 | 8.8.8.8 | 192.168.2.4 |
Nov 24, 2022 05:23:06.390785933 CET | 59446 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 24, 2022 05:23:06.408032894 CET | 53 | 59446 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 24, 2022 05:20:02.978332043 CET | 192.168.2.4 | 8.8.8.8 | 0x362c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 24, 2022 05:20:33.386749029 CET | 192.168.2.4 | 8.8.8.8 | 0x306e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 24, 2022 05:21:04.451832056 CET | 192.168.2.4 | 8.8.8.8 | 0xfd4e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 24, 2022 05:21:34.871041059 CET | 192.168.2.4 | 8.8.8.8 | 0xbb49 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 24, 2022 05:22:05.359167099 CET | 192.168.2.4 | 8.8.8.8 | 0xe9a0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 24, 2022 05:22:35.810533047 CET | 192.168.2.4 | 8.8.8.8 | 0x374b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 24, 2022 05:23:06.390785933 CET | 192.168.2.4 | 8.8.8.8 | 0x8724 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 24, 2022 05:20:02.997380018 CET | 8.8.8.8 | 192.168.2.4 | 0x362c | No error (0) | 185.250.148.35 | A (IP address) | IN (0x0001) | false | ||
Nov 24, 2022 05:20:33.404028893 CET | 8.8.8.8 | 192.168.2.4 | 0x306e | No error (0) | 185.250.148.35 | A (IP address) | IN (0x0001) | false | ||
Nov 24, 2022 05:21:04.469230890 CET | 8.8.8.8 | 192.168.2.4 | 0xfd4e | No error (0) | 185.250.148.35 | A (IP address) | IN (0x0001) | false | ||
Nov 24, 2022 05:21:34.888430119 CET | 8.8.8.8 | 192.168.2.4 | 0xbb49 | No error (0) | 185.250.148.35 | A (IP address) | IN (0x0001) | false | ||
Nov 24, 2022 05:22:05.377713919 CET | 8.8.8.8 | 192.168.2.4 | 0xe9a0 | No error (0) | 185.250.148.35 | A (IP address) | IN (0x0001) | false | ||
Nov 24, 2022 05:22:35.829649925 CET | 8.8.8.8 | 192.168.2.4 | 0x374b | No error (0) | 185.250.148.35 | A (IP address) | IN (0x0001) | false | ||
Nov 24, 2022 05:23:06.408032894 CET | 8.8.8.8 | 192.168.2.4 | 0x8724 | No error (0) | 185.250.148.35 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:19:01 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b830000 |
File size: | 139776 bytes |
MD5 hash: | C676FC0263EDD17D4CE7D644B8F3FCD6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 1 |
Start time: | 05:19:02 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c72c0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 05:19:02 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff632260000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 05:19:02 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff762150000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 4 |
Start time: | 05:19:02 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff736ed0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 5 |
Start time: | 05:19:02 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff736ed0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 6 |
Start time: | 05:19:07 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff736ed0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 9 |
Start time: | 05:19:12 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff736ed0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 11 |
Start time: | 05:19:18 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69db50000 |
File size: | 494488 bytes |
MD5 hash: | 2AFFE478D86272288BBEF5A00BBEF6A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 12 |
Start time: | 05:19:23 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69db50000 |
File size: | 494488 bytes |
MD5 hash: | 2AFFE478D86272288BBEF5A00BBEF6A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 13 |
Start time: | 05:19:27 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69db50000 |
File size: | 494488 bytes |
MD5 hash: | 2AFFE478D86272288BBEF5A00BBEF6A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 14 |
Start time: | 05:19:42 |
Start date: | 24/11/2022 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69db50000 |
File size: | 494488 bytes |
MD5 hash: | 2AFFE478D86272288BBEF5A00BBEF6A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Execution Graph
Execution Coverage: | 10.1% |
Dynamic/Decrypted Code Coverage: | 43.7% |
Signature Coverage: | 24.5% |
Total number of Nodes: | 1467 |
Total number of Limit Nodes: | 28 |
Graph
Function 0000027ED37137E0 Relevance: 10.8, APIs: 7, Instructions: 333memoryregistryCOMMONCrypto
Control-flow Graph
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C0711F0 Relevance: 4.7, APIs: 3, Instructions: 157memoryfileCOMMON
Control-flow Graph
C-Code - Quality: 23% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED371A0AC Relevance: 3.1, APIs: 2, Instructions: 105filenativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C076D50 Relevance: 1.4, APIs: 1, Instructions: 190memoryCOMMONCrypto
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C075840 Relevance: .2, Instructions: 238COMMONCrypto
C-Code - Quality: 59% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C072380 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 434memoryCOMMON
Control-flow Graph
C-Code - Quality: 40% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED3714DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102memoryCOMMON
Control-flow Graph
C-Code - Quality: 34% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C087C20 Relevance: 7.7, APIs: 5, Instructions: 219memoryfileCOMMON
Control-flow Graph
C-Code - Quality: 35% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C08A4A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128memoryfileCOMMON
Control-flow Graph
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C072A70 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 159memoryCOMMON
Control-flow Graph
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED371A7A0 Relevance: 6.1, APIs: 4, Instructions: 88memorysynchronizationCOMMON
Control-flow Graph
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C089F80 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 248pipeCOMMON
Control-flow Graph
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C074820 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 221libraryCOMMON
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07D734 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
Control-flow Graph
C-Code - Quality: 52% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C080CF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07A970 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 247synchronizationCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07E154 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C074C80 Relevance: 19.8, APIs: 9, Strings: 2, Instructions: 565filelibrarymemoryCOMMONCrypto
C-Code - Quality: 76% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED3716DF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 303memoryCOMMONCrypto
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED3715638 Relevance: 11.5, APIs: 9, Instructions: 252memoryCOMMONCrypto
C-Code - Quality: 15% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07E374 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED3717FD4 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 170memoryCOMMONCrypto
C-Code - Quality: 38% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07F964 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMONCrypto
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED37131C0 Relevance: 3.9, APIs: 3, Instructions: 195memoryCOMMONCrypto
C-Code - Quality: 24% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED371204C Relevance: 3.9, APIs: 3, Instructions: 163memoryCOMMONCrypto
C-Code - Quality: 31% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED37134A4 Relevance: 3.9, APIs: 3, Instructions: 160memoryCOMMONCrypto
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C079BA0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 315threadCOMMONCrypto
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C0790B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 263COMMONCrypto
C-Code - Quality: 30% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07FB70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C08B9B0 Relevance: 3.3, APIs: 2, Instructions: 285libraryloaderCOMMONCrypto
C-Code - Quality: 56% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C08F8F0 Relevance: 3.2, Strings: 2, Instructions: 737COMMONCrypto
C-Code - Quality: 75% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C086808 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED3713CD8 Relevance: 2.7, Strings: 2, Instructions: 174COMMONCrypto
C-Code - Quality: 31% |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C0776E0 Relevance: 1.8, Strings: 1, Instructions: 555COMMONCrypto
C-Code - Quality: 75% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C0783C0 Relevance: 1.7, Strings: 1, Instructions: 408COMMONCrypto
C-Code - Quality: 23% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C090D70 Relevance: 1.6, Strings: 1, Instructions: 375COMMONCrypto
C-Code - Quality: 96% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C0898F0 Relevance: 1.6, Strings: 1, Instructions: 313COMMONCrypto
C-Code - Quality: 41% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED3719D6C Relevance: 1.5, APIs: 1, Instructions: 210memoryCOMMONCrypto
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07DCAC Relevance: 1.4, Strings: 1, Instructions: 139COMMONLIBRARYCODECrypto
C-Code - Quality: 53% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED371A918 Relevance: .6, Instructions: 616COMMONCrypto
C-Code - Quality: 56% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C075CC0 Relevance: .6, Instructions: 614COMMONCrypto
C-Code - Quality: 57% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C08B370 Relevance: .3, Instructions: 345COMMONCrypto
C-Code - Quality: 96% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C088D50 Relevance: .3, Instructions: 341COMMONCrypto
C-Code - Quality: 96% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C071520 Relevance: .3, Instructions: 330COMMONCrypto
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C0742A0 Relevance: .3, Instructions: 302COMMONCrypto
C-Code - Quality: 96% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C076820 Relevance: .3, Instructions: 259COMMONCrypto
C-Code - Quality: 57% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C08F290 Relevance: .2, Instructions: 221COMMONCrypto
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C071B10 Relevance: .2, Instructions: 200COMMONCrypto
C-Code - Quality: 35% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C0875E0 Relevance: .2, Instructions: 181COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED3714540 Relevance: .2, Instructions: 177COMMONCrypto
C-Code - Quality: 55% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C0865F0 Relevance: .0, Instructions: 32COMMON
C-Code - Quality: 86% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07E9E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197COMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED3711BFC Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 216memoryCOMMON
C-Code - Quality: 17% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07D47C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07F320 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 36% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 32% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C086400 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C084898 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
C-Code - Quality: 16% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 19% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000027ED3712DC4 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192memoryCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07F0D4 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D37E0 Relevance: 10.8, APIs: 7, Instructions: 333memoryregistryCOMMONCrypto
Control-flow Graph
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C076D50 Relevance: 1.4, APIs: 1, Instructions: 190memoryCOMMONCrypto
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C072380 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 434memoryCOMMON
Control-flow Graph
C-Code - Quality: 40% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D4DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102memoryCOMMON
Control-flow Graph
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C087C20 Relevance: 7.7, APIs: 5, Instructions: 219memoryfileCOMMON
Control-flow Graph
C-Code - Quality: 35% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C08A4A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128memoryfileCOMMON
Control-flow Graph
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C072A70 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 159memoryCOMMON
Control-flow Graph
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003DA7A0 Relevance: 6.1, APIs: 4, Instructions: 88memorysynchronizationCOMMON
Control-flow Graph
C-Code - Quality: 30% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C089F80 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 248pipeCOMMON
Control-flow Graph
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C074820 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 221libraryCOMMON
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C0711F0 Relevance: 4.7, APIs: 3, Instructions: 157filememoryCOMMON
Control-flow Graph
C-Code - Quality: 23% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07A970 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 247synchronizationCOMMON
Control-flow Graph
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D40F8 Relevance: 2.6, APIs: 2, Instructions: 131memoryCOMMON
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D5FC8 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
C-Code - Quality: 31% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07E26C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D6958 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
C-Code - Quality: 92% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D6DF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 303memoryCOMMONCrypto
C-Code - Quality: 36% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 28% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07E374 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D7FD4 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 170memoryCOMMONCrypto
C-Code - Quality: 46% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07F964 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMONCrypto
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07E9E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197COMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D1BFC Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 216memoryCOMMON
C-Code - Quality: 32% |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07D47C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07F320 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 36% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 32% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C086400 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C084898 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
C-Code - Quality: 16% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003DA238 Relevance: 6.4, APIs: 5, Instructions: 127memoryCOMMON
C-Code - Quality: 22% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D2DC4 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192memoryCOMMON
C-Code - Quality: 40% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07F0D4 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07D734 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
C-Code - Quality: 52% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C080CF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 003D5EE8 Relevance: 5.1, APIs: 4, Instructions: 64memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD9335638 Relevance: 15.3, APIs: 10, Instructions: 252memoryCOMMONCrypto
Control-flow Graph
C-Code - Quality: 17% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD93337E0 Relevance: 12.3, APIs: 8, Instructions: 333memoryregistryinjectionCOMMONCrypto
Control-flow Graph
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD93331C0 Relevance: 3.9, APIs: 3, Instructions: 195memoryCOMMONCrypto
Control-flow Graph
C-Code - Quality: 24% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD933A0AC Relevance: 3.1, APIs: 2, Instructions: 105filenativeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD9339D6C Relevance: 1.5, APIs: 1, Instructions: 210memoryCOMMONCrypto
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD9331BFC Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 216memoryCOMMON
Control-flow Graph
C-Code - Quality: 17% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD9334DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102memoryCOMMON
Control-flow Graph
C-Code - Quality: 34% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 19% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD9332DC4 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192memoryCOMMON
Control-flow Graph
C-Code - Quality: 41% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD9337CF4 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 94memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD933A7A0 Relevance: 4.6, APIs: 3, Instructions: 88memorysynchronizationCOMMON
Control-flow Graph
C-Code - Quality: 19% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 24% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 25% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD9336DF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 303memoryCOMMONCrypto
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000021DD9337FD4 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 170memoryCOMMONCrypto
C-Code - Quality: 38% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F71CC037E0 Relevance: 10.8, APIs: 7, Instructions: 333memoryregistryCOMMONCrypto
Control-flow Graph
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F71CC0A0AC Relevance: 3.1, APIs: 2, Instructions: 105filenativeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F71CC04DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102memoryCOMMON
Control-flow Graph
C-Code - Quality: 34% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F71CC0A7A0 Relevance: 6.1, APIs: 4, Instructions: 88memorysynchronizationCOMMON
Control-flow Graph
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F71CC06DF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 303memoryCOMMONCrypto
Control-flow Graph
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F71CC05638 Relevance: 11.5, APIs: 9, Instructions: 252memoryCOMMONCrypto
Control-flow Graph
C-Code - Quality: 15% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F71CC07FD4 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 170memoryCOMMONCrypto
Control-flow Graph
C-Code - Quality: 38% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F71CC01BFC Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 216memoryCOMMON
Control-flow Graph
C-Code - Quality: 17% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 19% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F71CC02DC4 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192memoryCOMMON
Control-flow Graph
C-Code - Quality: 41% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07D734 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
Control-flow Graph
C-Code - Quality: 52% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07E26C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07E374 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07F964 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMONCrypto
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07E9E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197COMMON
Control-flow Graph
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C072380 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 434memoryCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07D47C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07F320 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 36% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 32% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C086400 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C08A4A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128memoryfileCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C084898 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
C-Code - Quality: 16% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C072A70 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 159memoryCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C07F0D4 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C089F80 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 248pipeCOMMON
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C074820 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 221libraryCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF88C080CF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |