Windows
Analysis Report
aOHLlvfakv.dll
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64native
- loaddll64.exe (PID: 8532 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\aOH Llvfakv.dl l" MD5: C676FC0263EDD17D4CE7D644B8F3FCD6) - conhost.exe (PID: 8560 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68) - cmd.exe (PID: 8704 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\aOH Llvfakv.dl l",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 7436 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\aOHL lvfakv.dll ",#1 MD5: EF3179D498793BF4234F708D3BE28633) - regsvr32.exe (PID: 8788 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\JAnzBe oSOFkqX\hU QcK.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E) - regsvr32.exe (PID: 8688 cmdline:
regsvr32.e xe /s C:\U sers\user\ Desktop\aO HLlvfakv.d ll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E) - regsvr32.exe (PID: 7592 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\SAolKO HOGzImreJl \DHZYcsMib MOGCXWD.dl l" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E) - rundll32.exe (PID: 7448 cmdline:
rundll32.e xe C:\User s\user\Des ktop\aOHLl vfakv.dll, DllRegiste rServer MD5: EF3179D498793BF4234F708D3BE28633) - regsvr32.exe (PID: 7460 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\FAAMB\ YSmuMEqbrr G.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E) - rundll32.exe (PID: 372 cmdline:
rundll32.e xe C:\User s\user\Des ktop\aOHLl vfakv.dll, __CPPdebug Hook MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Emotet | While Emotet historically was a banking malware organized in a botnet, nowadays Emotet is mostly seen as infrastructure as a service for content delivery. For example, since mid 2018 it is used by Trickbot for installs, which may also lead to ransomware attacks using Ryuk, a combination observed several times against high-profile targets.It is always stealing information from victims but what the criminal gang behind it did, was to open up another business channel by selling their infrastructure delivering additional malicious software. From malware analysts it has been classified into epochs depending on command and control, payloads, and delivery solutions which change over time.Emotet had been taken down by authorities in January 2021, though it appears to have sprung back to life in November 2021. |
{"C2 list": ["91.121.146.47:8080", "66.228.32.31:7080", "182.162.143.56:443", "187.63.160.88:80", "167.172.199.165:8080", "164.90.222.65:443", "104.168.155.143:8080", "91.207.28.33:8080", "72.15.201.15:8080", "183.111.227.137:8080", "103.132.242.26:8080", "159.65.88.10:8080", "173.212.193.249:8080", "82.223.21.224:8080", "172.105.226.75:8080", "103.43.75.120:443", "167.172.253.162:8080", "1.234.2.232:8080", "159.89.202.34:443", "186.194.240.217:443", "185.4.135.165:8080", "139.59.126.41:443", "164.68.99.3:8080", "95.217.221.146:8080", "129.232.188.93:443", "45.176.232.124:443", "163.44.196.120:8080", "79.137.35.198:8080", "153.92.5.27:8080", "160.16.142.56:8080", "202.129.205.3:8080", "201.94.166.162:443", "119.59.103.152:8080", "153.126.146.25:7080", "188.44.20.25:443", "115.68.227.76:8080", "147.139.166.154:8080", "149.56.131.28:8080", "107.170.39.149:8080", "213.239.212.5:443", "197.242.150.244:8080", "206.189.28.199:8080", "5.135.159.50:443", "169.57.156.166:8080", "103.75.201.2:443", "110.232.117.186:8080", "94.23.45.86:4143", "45.235.8.30:8080", "101.50.0.91:8080"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5n2amlQAjAIA=", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx22WZ4lQAVAJA="]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 4 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 3 entries |
Timestamp: | 192.168.11.2066.228.32.314982970802404330 03/17/23-17:55:08.721674 |
SID: | 2404330 |
Source Port: | 49829 |
Destination Port: | 7080 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20104.168.155.1434983880802404302 03/17/23-17:55:40.214505 |
SID: | 2404302 |
Source Port: | 49838 |
Destination Port: | 8080 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20167.172.199.1654983580802404308 03/17/23-17:55:30.717404 |
SID: | 2404308 |
Source Port: | 49835 |
Destination Port: | 8080 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20164.90.222.65498374432404308 03/17/23-17:55:36.091806 |
SID: | 2404308 |
Source Port: | 49837 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2091.121.146.474982780802404344 03/17/23-17:55:03.822964 |
SID: | 2404344 |
Source Port: | 49827 |
Destination Port: | 8080 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20182.162.143.56498314432404312 03/17/23-17:55:16.470008 |
SID: | 2404312 |
Source Port: | 49831 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 3_2_004040E5 | |
Source: | Code function: | 3_2_004088B7 | |
Source: | Code function: | 3_2_004088B9 | |
Source: | Code function: | 3_2_004111FA | |
Source: | Code function: | 3_2_004082D0 | |
Source: | Code function: | 3_2_00410D65 | |
Source: | Code function: | 3_2_00420D70 | |
Source: | Code function: | 3_2_004086C2 | |
Source: | Code function: | 3_2_004086C4 | |
Source: | Code function: | 3_2_004086C6 | |
Source: | Code function: | 3_2_004086DC | |
Source: | Code function: | 3_2_004086DE | |
Source: | Code function: | 3_2_004086E0 | |
Source: | Code function: | 3_2_00408704 | |
Source: | Code function: | 4_2_004040E5 | |
Source: | Code function: | 4_2_004088B7 | |
Source: | Code function: | 4_2_004088B9 | |
Source: | Code function: | 4_2_004111FA | |
Source: | Code function: | 4_2_004082D0 | |
Source: | Code function: | 4_2_00410D65 | |
Source: | Code function: | 4_2_00420D70 | |
Source: | Code function: | 4_2_004086C2 | |
Source: | Code function: | 4_2_004086C4 | |
Source: | Code function: | 4_2_004086C6 | |
Source: | Code function: | 4_2_004086DC | |
Source: | Code function: | 4_2_004086DE | |
Source: | Code function: | 4_2_004086E0 | |
Source: | Code function: | 4_2_00408704 |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Network traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File deleted: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 3_2_00401730 | |
Source: | Code function: | 3_2_0041D100 | |
Source: | Code function: | 3_2_0042E190 | |
Source: | Code function: | 3_2_004161A0 | |
Source: | Code function: | 3_2_0041F200 | |
Source: | Code function: | 3_2_00414AC0 | |
Source: | Code function: | 3_2_0044D278 | |
Source: | Code function: | 3_2_004172F0 | |
Source: | Code function: | 3_2_0044D278 | |
Source: | Code function: | 3_2_0044D278 | |
Source: | Code function: | 3_2_0044D278 | |
Source: | Code function: | 3_2_00440BD0 | |
Source: | Code function: | 3_2_0044D278 | |
Source: | Code function: | 3_2_0040A387 | |
Source: | Code function: | 3_2_00441BA0 | |
Source: | Code function: | 3_2_00424C40 | |
Source: | Code function: | 3_2_0044D3B8 | |
Source: | Code function: | 3_2_0044D3B8 | |
Source: | Code function: | 3_2_00414420 | |
Source: | Code function: | 3_2_0044D3B8 | |
Source: | Code function: | 3_2_0044D3B8 | |
Source: | Code function: | 3_2_0044D3B8 | |
Source: | Code function: | 3_2_0044D3B8 | |
Source: | Code function: | 3_2_0044D3B8 | |
Source: | Code function: | 3_2_004165D0 | |
Source: | Code function: | 3_2_004186C7 | |
Source: | Code function: | 3_2_004186C9 | |
Source: | Code function: | 3_2_004186ED | |
Source: | Code function: | 3_2_004186FB | |
Source: | Code function: | 3_2_004186FD | |
Source: | Code function: | 3_2_004186FF | |
Source: | Code function: | 3_2_0041869B | |
Source: | Code function: | 3_2_0041869D | |
Source: | Code function: | 3_2_0041869F | |
Source: | Code function: | 3_2_004186A1 | |
Source: | Code function: | 3_2_00439760 | |
Source: | Code function: | 3_2_00418701 | |
Source: | Code function: | 3_2_00418703 | |
Source: | Code function: | 3_2_00418705 | |
Source: | Code function: | 3_2_02D20000 | |
Source: | Code function: | 3_2_000000018001A000 | |
Source: | Code function: | 3_2_000000018000CC14 | |
Source: | Code function: | 3_2_000000018001709C | |
Source: | Code function: | 3_2_0000000180007D6C | |
Source: | Code function: | 3_2_000000018000263C | |
Source: | Code function: | 3_2_0000000180018FC8 | |
Source: | Code function: | 3_2_0000000180008BC8 | |
Source: | Code function: | 3_2_00000001800227EC | |
Source: | Code function: | 3_2_000000018000A7F0 | |
Source: | Code function: | 3_2_0000000180001000 | |
Source: | Code function: | 3_2_0000000180009408 | |
Source: | Code function: | 3_2_0000000180007C08 | |
Source: | Code function: | 3_2_000000018002181C | |
Source: | Code function: | 3_2_0000000180011030 | |
Source: | Code function: | 3_2_000000018001EC30 | |
Source: | Code function: | 3_2_000000018000B83C | |
Source: | Code function: | 3_2_0000000180007840 | |
Source: | Code function: | 3_2_000000018001C44C | |
Source: | Code function: | 3_2_0000000180025450 | |
Source: | Code function: | 3_2_000000018001C058 | |
Source: | Code function: | 3_2_000000018001B460 | |
Source: | Code function: | 3_2_0000000180016C70 | |
Source: | Code function: | 3_2_000000018000D474 | |
Source: | Code function: | 3_2_0000000180002C78 | |
Source: | Code function: | 3_2_000000018000C078 | |
Source: | Code function: | 3_2_000000018000B07C | |
Source: | Code function: | 3_2_0000000180015880 | |
Source: | Code function: | 3_2_000000018001CC84 | |
Source: | Code function: | 3_2_0000000180004C84 | |
Source: | Code function: | 3_2_000000018000AC94 | |
Source: | Code function: | 3_2_00000001800098AC | |
Source: | Code function: | 3_2_000000018001A8B0 | |
Source: | Code function: | 3_2_000000018000DCB8 | |
Source: | Code function: | 3_2_00000001800294BC | |
Source: | Code function: | 3_2_0000000180015CC4 | |
Source: | Code function: | 3_2_000000018000F8C4 | |
Source: | Code function: | 3_2_00000001800108CC | |
Source: | Code function: | 3_2_00000001800080CC | |
Source: | Code function: | 3_2_0000000180013CD4 | |
Source: | Code function: | 3_2_00000001800014D4 | |
Source: | Code function: | 3_2_00000001800018DC | |
Source: | Code function: | 3_2_00000001800120E0 | |
Source: | Code function: | 3_2_0000000180003CF4 | |
Source: | Code function: | 3_2_00000001800090F8 | |
Source: | Code function: | 3_2_00000001800048FC | |
Source: | Code function: | 3_2_0000000180028500 | |
Source: | Code function: | 3_2_000000018001610C | |
Source: | Code function: | 3_2_0000000180029910 | |
Source: | Code function: | 3_2_0000000180017518 | |
Source: | Code function: | 3_2_0000000180014D20 | |
Source: | Code function: | 3_2_0000000180011924 | |
Source: | Code function: | 3_2_000000018001AD28 | |
Source: | Code function: | 3_2_000000018001B130 | |
Source: | Code function: | 3_2_0000000180007530 | |
Source: | Code function: | 3_2_0000000180006138 | |
Source: | Code function: | 3_2_000000018001BDA0 | |
Source: | Code function: | 3_2_00000001800095BC | |
Source: | Code function: | 3_2_00000001800115C8 | |
Source: | Code function: | 3_2_000000018001D5F0 | |
Source: | Code function: | 3_2_0000000180028A00 | |
Source: | Code function: | 3_2_0000000180015A00 | |
Source: | Code function: | 3_2_0000000180018E08 | |
Source: | Code function: | 3_2_000000018001020C | |
Source: | Code function: | 3_2_0000000180003E0C | |
Source: | Code function: | 3_2_0000000180004214 | |
Source: | Code function: | 3_2_000000018000461C | |
Source: | Code function: | 3_2_0000000180018A2C | |
Source: | Code function: | 3_2_0000000180010E2C | |
Source: | Code function: | 3_2_000000018001662C | |
Source: | Code function: | 3_2_000000018000BA2C | |
Source: | Code function: | 3_2_000000018001A244 | |
Source: | Code function: | 3_2_000000018000B258 | |
Source: | Code function: | 3_2_000000018000F65C | |
Source: | Code function: | 3_2_000000018000A660 | |
Source: | Code function: | 3_2_0000000180010A70 | |
Source: | Code function: | 3_2_0000000180003274 | |
Source: | Code function: | 3_2_0000000180024E8C | |
Source: | Code function: | 3_2_0000000180008A8C | |
Source: | Code function: | 3_2_0000000180014A90 | |
Source: | Code function: | 3_2_000000018000BE90 | |
Source: | Code function: | 3_2_000000018000AAB8 | |
Source: | Code function: | 3_2_0000000180004EB8 | |
Source: | Code function: | 3_2_000000018001A6BC | |
Source: | Code function: | 3_2_0000000180003ABC | |
Source: | Code function: | 3_2_000000018001EAC0 | |
Source: | Code function: | 3_2_000000018000D6CC | |
Source: | Code function: | 3_2_00000001800196D4 | |
Source: | Code function: | 3_2_00000001800092F0 | |
Source: | Code function: | 3_2_000000018001E310 | |
Source: | Code function: | 3_2_0000000180013B14 | |
Source: | Code function: | 3_2_000000018000EF14 | |
Source: | Code function: | 3_2_0000000180014F18 | |
Source: | Code function: | 3_2_000000018000D33C | |
Source: | Code function: | 3_2_000000018001E750 | |
Source: | Code function: | 3_2_0000000180004758 | |
Source: | Code function: | 3_2_000000018000975C | |
Source: | Code function: | 3_2_000000018001D770 | |
Source: | Code function: | 3_2_000000018001CF70 | |
Source: | Code function: | 3_2_0000000180008378 | |
Source: | Code function: | 3_2_000000018000F77C | |
Source: | Code function: | 3_2_0000000180015384 | |
Source: | Code function: | 3_2_0000000180001B94 | |
Source: | Code function: | 3_2_000000018000DBA0 | |
Source: | Code function: | 3_2_0000000180008FB0 | |
Source: | Code function: | 3_2_0000000180018BB8 | |
Source: | Code function: | 3_2_000000018000FFB8 | |
Source: | Code function: | 3_2_00000001800197CC | |
Source: | Code function: | 3_2_0000000180013FD0 | |
Source: | Code function: | 3_2_0000000180002FD4 | |
Source: | Code function: | 3_2_00000001800033D4 | |
Source: | Code function: | 4_2_00401730 | |
Source: | Code function: | 4_2_0041D100 | |
Source: | Code function: | 4_2_0042E190 | |
Source: | Code function: | 4_2_004161A0 | |
Source: | Code function: | 4_2_0041F200 | |
Source: | Code function: | 4_2_00414AC0 | |
Source: | Code function: | 4_2_0044D278 | |
Source: | Code function: | 4_2_004172F0 | |
Source: | Code function: | 4_2_0044D278 | |
Source: | Code function: | 4_2_0044D278 | |
Source: | Code function: | 4_2_0044D278 | |
Source: | Code function: | 4_2_00440BD0 | |
Source: | Code function: | 4_2_0044D278 | |
Source: | Code function: | 4_2_0040A387 | |
Source: | Code function: | 4_2_00441BA0 | |
Source: | Code function: | 4_2_00424C40 | |
Source: | Code function: | 4_2_0044D3B8 | |
Source: | Code function: | 4_2_0044D3B8 | |
Source: | Code function: | 4_2_00414420 | |
Source: | Code function: | 4_2_0044D3B8 | |
Source: | Code function: | 4_2_0044D3B8 | |
Source: | Code function: | 4_2_0044D3B8 | |
Source: | Code function: | 4_2_0044D3B8 | |
Source: | Code function: | 4_2_0044D3B8 | |
Source: | Code function: | 4_2_004165D0 | |
Source: | Code function: | 4_2_004186C7 | |
Source: | Code function: | 4_2_004186C9 | |
Source: | Code function: | 4_2_004186ED | |
Source: | Code function: | 4_2_004186FB | |
Source: | Code function: | 4_2_004186FD | |
Source: | Code function: | 4_2_004186FF | |
Source: | Code function: | 4_2_0041869B | |
Source: | Code function: | 4_2_0041869D | |
Source: | Code function: | 4_2_0041869F | |
Source: | Code function: | 4_2_004186A1 | |
Source: | Code function: | 4_2_00439760 | |
Source: | Code function: | 4_2_00418701 | |
Source: | Code function: | 4_2_00418703 | |
Source: | Code function: | 4_2_00418705 | |
Source: | Code function: | 4_2_000000018001A000 | |
Source: | Code function: | 4_2_000000018001709C | |
Source: | Code function: | 4_2_0000000180008BC8 | |
Source: | Code function: | 4_2_000000018000CC14 | |
Source: | Code function: | 4_2_0000000180007D6C | |
Source: | Code function: | 4_2_000000018000263C | |
Source: | Code function: | 4_2_0000000180018FC8 | |
Source: | Code function: | 4_2_00000001800227EC | |
Source: | Code function: | 4_2_000000018000A7F0 | |
Source: | Code function: | 4_2_0000000180001000 | |
Source: | Code function: | 4_2_000000018002181C | |
Source: | Code function: | 4_2_0000000180011030 | |
Source: | Code function: | 4_2_000000018000B83C | |
Source: | Code function: | 4_2_0000000180007840 | |
Source: | Code function: | 4_2_000000018001C058 | |
Source: | Code function: | 4_2_000000018000C078 | |
Source: | Code function: | 4_2_000000018000B07C | |
Source: | Code function: | 4_2_0000000180015880 | |
Source: | Code function: | 4_2_00000001800098AC | |
Source: | Code function: | 4_2_000000018001A8B0 | |
Source: | Code function: | 4_2_000000018000F8C4 | |
Source: | Code function: | 4_2_00000001800108CC | |
Source: | Code function: | 4_2_00000001800080CC | |
Source: | Code function: | 4_2_00000001800018DC | |
Source: | Code function: | 4_2_00000001800120E0 | |
Source: | Code function: | 4_2_00000001800090F8 | |
Source: | Code function: | 4_2_00000001800048FC | |
Source: | Code function: | 4_2_000000018001610C | |
Source: | Code function: | 4_2_0000000180029910 | |
Source: | Code function: | 4_2_0000000180011924 | |
Source: | Code function: | 4_2_000000018001B130 | |
Source: | Code function: | 4_2_0000000180006138 | |
Source: | Code function: | 4_2_0000000180028A00 | |
Source: | Code function: | 4_2_0000000180015A00 | |
Source: | Code function: | 4_2_000000018001020C | |
Source: | Code function: | 4_2_0000000180004214 | |
Source: | Code function: | 4_2_0000000180018A2C | |
Source: | Code function: | 4_2_000000018000BA2C | |
Source: | Code function: | 4_2_000000018001A244 | |
Source: | Code function: | 4_2_000000018000B258 | |
Source: | Code function: | 4_2_0000000180010A70 | |
Source: | Code function: | 4_2_0000000180003274 | |
Source: | Code function: | 4_2_0000000180008A8C | |
Source: | Code function: | 4_2_0000000180014A90 | |
Source: | Code function: | 4_2_000000018000AAB8 | |
Source: | Code function: | 4_2_0000000180003ABC | |
Source: | Code function: | 4_2_000000018001EAC0 | |
Source: | Code function: | 4_2_00000001800092F0 | |
Source: | Code function: | 4_2_000000018001E310 | |
Source: | Code function: | 4_2_0000000180013B14 | |
Source: | Code function: | 4_2_000000018000D33C | |
Source: | Code function: | 4_2_0000000180008378 | |
Source: | Code function: | 4_2_0000000180015384 | |
Source: | Code function: | 4_2_0000000180001B94 | |
Source: | Code function: | 4_2_000000018000DBA0 | |
Source: | Code function: | 4_2_0000000180018BB8 | |
Source: | Code function: | 4_2_00000001800033D4 | |
Source: | Code function: | 4_2_0000000180009408 | |
Source: | Code function: | 4_2_0000000180007C08 | |
Source: | Code function: | 4_2_000000018001EC30 | |
Source: | Code function: | 4_2_000000018001C44C | |
Source: | Code function: | 4_2_0000000180025450 | |
Source: | Code function: | 4_2_000000018001B460 | |
Source: | Code function: | 4_2_0000000180016C70 | |
Source: | Code function: | 4_2_000000018000D474 | |
Source: | Code function: | 4_2_0000000180002C78 | |
Source: | Code function: | 4_2_000000018001CC84 | |
Source: | Code function: | 4_2_0000000180004C84 | |
Source: | Code function: | 4_2_000000018000AC94 | |
Source: | Code function: | 4_2_000000018000DCB8 | |
Source: | Code function: | 4_2_00000001800294BC | |
Source: | Code function: | 4_2_0000000180015CC4 | |
Source: | Code function: | 4_2_0000000180013CD4 | |
Source: | Code function: | 4_2_00000001800014D4 | |
Source: | Code function: | 4_2_0000000180003CF4 | |
Source: | Code function: | 4_2_0000000180028500 | |
Source: | Code function: | 4_2_0000000180017518 | |
Source: | Code function: | 4_2_0000000180014D20 | |
Source: | Code function: | 4_2_000000018001AD28 | |
Source: | Code function: | 4_2_0000000180007530 | |
Source: | Code function: | 4_2_000000018001BDA0 | |
Source: | Code function: | 4_2_00000001800095BC | |
Source: | Code function: | 4_2_00000001800115C8 | |
Source: | Code function: | 4_2_000000018001D5F0 | |
Source: | Code function: | 4_2_0000000180018E08 | |
Source: | Code function: | 4_2_0000000180003E0C | |
Source: | Code function: | 4_2_000000018000461C | |
Source: | Code function: | 4_2_0000000180010E2C | |
Source: | Code function: | 4_2_000000018001662C | |
Source: | Code function: | 4_2_000000018000F65C | |
Source: | Code function: | 4_2_000000018000A660 | |
Source: | Code function: | 4_2_0000000180024E8C | |
Source: | Code function: | 4_2_000000018000BE90 | |
Source: | Code function: | 4_2_0000000180004EB8 | |
Source: | Code function: | 4_2_000000018001A6BC | |
Source: | Code function: | 4_2_000000018000D6CC | |
Source: | Code function: | 4_2_00000001800196D4 | |
Source: | Code function: | 4_2_000000018000EF14 | |
Source: | Code function: | 4_2_0000000180014F18 | |
Source: | Code function: | 4_2_000000018001E750 | |
Source: | Code function: | 4_2_0000000180004758 | |
Source: | Code function: | 4_2_000000018000975C | |
Source: | Code function: | 4_2_000000018001D770 | |
Source: | Code function: | 4_2_000000018001CF70 | |
Source: | Code function: | 4_2_000000018000F77C | |
Source: | Code function: | 4_2_0000000180008FB0 | |
Source: | Code function: | 4_2_000000018000FFB8 | |
Source: | Code function: | 4_2_00000001800197CC | |
Source: | Code function: | 4_2_0000000180013FD0 | |
Source: | Code function: | 4_2_0000000180002FD4 | |
Source: | Code function: | 4_2_0000029592A10000 |
Source: | Code function: | ||
Source: | Code function: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Code function: | 3_2_0000000180008BC8 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static file information: |
Source: | Code function: | 3_2_0000000180006CAA | |
Source: | Code function: | 3_2_00000001800180D8 | |
Source: | Code function: | 3_2_0000000180006CDF | |
Source: | Code function: | 3_2_000000018000A0FD | |
Source: | Code function: | 3_2_0000000180017D2A | |
Source: | Code function: | 3_2_0000000180017D3D | |
Source: | Code function: | 3_2_0000000180017D4F | |
Source: | Code function: | 3_2_0000000180009D5A | |
Source: | Code function: | 3_2_0000000180018158 | |
Source: | Code function: | 3_2_000000018001798F | |
Source: | Code function: | 3_2_000000018000A1D3 | |
Source: | Code function: | 3_2_000000018000A26F | |
Source: | Code function: | 3_2_0000000180009E8E | |
Source: | Code function: | 3_2_0000000180017EBC | |
Source: | Code function: | 3_2_000000018001C732 | |
Source: | Code function: | 4_2_00000001800180D8 | |
Source: | Code function: | 4_2_000000018000A0FD | |
Source: | Code function: | 4_2_0000000180018158 | |
Source: | Code function: | 4_2_000000018001798F | |
Source: | Code function: | 4_2_000000018000A1D3 | |
Source: | Code function: | 4_2_000000018000A26F | |
Source: | Code function: | 4_2_0000000180006CAA | |
Source: | Code function: | 4_2_0000000180006CDF | |
Source: | Code function: | 4_2_0000000180017D2A | |
Source: | Code function: | 4_2_0000000180017D3D | |
Source: | Code function: | 4_2_0000000180017D4F | |
Source: | Code function: | 4_2_0000000180009D5A | |
Source: | Code function: | 4_2_0000000180009E8E | |
Source: | Code function: | 4_2_0000000180017EBC | |
Source: | Code function: | 4_2_000000018001C732 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 3_2_00401C80 |
Source: | Process created: |
Source: | PE file moved: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | API call chain: | graph_3-30108 | ||
Source: | API call chain: | graph_4-30115 |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 3_2_00401C80 |
Source: | Code function: | 3_2_0044D278 |
Source: | Process queried: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 3_2_0043F160 | |
Source: | Code function: | 3_2_0044D278 | |
Source: | Code function: | 3_2_0044D278 | |
Source: | Code function: | 3_2_0044D278 | |
Source: | Code function: | 3_2_0044D278 | |
Source: | Code function: | 3_2_00440BD0 | |
Source: | Code function: | 3_2_0044D278 | |
Source: | Code function: | 3_2_00441BA0 | |
Source: | Code function: | 3_2_0043FC60 | |
Source: | Code function: | 3_2_0043FDE0 | |
Source: | Code function: | 3_2_00440610 | |
Source: | Code function: | 4_2_0043F160 | |
Source: | Code function: | 4_2_0044D278 | |
Source: | Code function: | 4_2_0044D278 | |
Source: | Code function: | 4_2_0044D278 | |
Source: | Code function: | 4_2_0044D278 | |
Source: | Code function: | 4_2_00440BD0 | |
Source: | Code function: | 4_2_0044D278 | |
Source: | Code function: | 4_2_00441BA0 | |
Source: | Code function: | 4_2_0043FC60 | |
Source: | Code function: | 4_2_0043FDE0 | |
Source: | Code function: | 4_2_00440610 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 3_2_0044D278 |
Source: | Code function: | 3_2_00446AA0 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 DLL Side-Loading | 111 Process Injection | 2 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 2 Virtualization/Sandbox Evasion | LSASS Memory | 21 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 111 Process Injection | Security Account Manager | 2 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Deobfuscate/Decode Files or Information | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 12 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Hidden Files and Directories | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 3 Obfuscated Files or Information | Cached Domain Credentials | 25 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Regsvr32 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 DLL Side-Loading | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 1 File Deletion | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
28% | ReversingLabs | Win64.Trojan.Emotetcrypt | ||
54% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
110.232.117.186 | unknown | Australia | 56038 | RACKCORP-APRackCorpAU | true | |
103.132.242.26 | unknown | India | 45117 | INPL-IN-APIshansNetworkIN | true | |
104.168.155.143 | unknown | United States | 54290 | HOSTWINDSUS | true | |
79.137.35.198 | unknown | France | 16276 | OVHFR | true | |
115.68.227.76 | unknown | Korea Republic of | 38700 | SMILESERV-AS-KRSMILESERVKR | true | |
163.44.196.120 | unknown | Singapore | 135161 | GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG | true | |
206.189.28.199 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
107.170.39.149 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
66.228.32.31 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
185.4.135.165 | unknown | Greece | 199246 | TOPHOSTGR | true | |
197.242.150.244 | unknown | South Africa | 37611 | AfrihostZA | true | |
183.111.227.137 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | true | |
45.176.232.124 | unknown | Colombia | 267869 | CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOC | true | |
169.57.156.166 | unknown | United States | 36351 | SOFTLAYERUS | true | |
164.68.99.3 | unknown | Germany | 51167 | CONTABODE | true | |
139.59.126.41 | unknown | Singapore | 14061 | DIGITALOCEAN-ASNUS | true | |
167.172.253.162 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
167.172.199.165 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
202.129.205.3 | unknown | Thailand | 45328 | NIPA-AS-THNIPATECHNOLOGYCOLTDTH | true | |
147.139.166.154 | unknown | United States | 45102 | CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC | true | |
153.92.5.27 | unknown | Germany | 47583 | AS-HOSTINGERLT | true | |
159.65.88.10 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
172.105.226.75 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
101.50.0.91 | unknown | Indonesia | 55688 | BEON-AS-IDPTBeonIntermediaID | true | |
164.90.222.65 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
213.239.212.5 | unknown | Germany | 24940 | HETZNER-ASDE | true | |
5.135.159.50 | unknown | France | 16276 | OVHFR | true | |
186.194.240.217 | unknown | Brazil | 262733 | NetceteraTelecomunicacoesLtdaBR | true | |
119.59.103.152 | unknown | Thailand | 56067 | METRABYTE-TH453LadplacoutJorakhaebuaTH | true | |
159.89.202.34 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
91.121.146.47 | unknown | France | 16276 | OVHFR | true | |
160.16.142.56 | unknown | Japan | 9370 | SAKURA-BSAKURAInternetIncJP | true | |
201.94.166.162 | unknown | Brazil | 28573 | CLAROSABR | true | |
91.207.28.33 | unknown | Kyrgyzstan | 39819 | PROHOSTKG | true | |
103.75.201.2 | unknown | Thailand | 133496 | CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTH | true | |
103.43.75.120 | unknown | Japan | 20473 | AS-CHOOPAUS | true | |
188.44.20.25 | unknown | Macedonia | 57374 | GIV-ASMK | true | |
45.235.8.30 | unknown | Brazil | 267405 | WIKINETTELECOMUNICACOESBR | true | |
153.126.146.25 | unknown | Japan | 7684 | SAKURA-ASAKURAInternetIncJP | true | |
72.15.201.15 | unknown | United States | 13649 | ASN-VINSUS | true | |
187.63.160.88 | unknown | Brazil | 28169 | BITCOMPROVEDORDESERVICOSDEINTERNETLTDABR | true | |
173.212.193.249 | unknown | Germany | 51167 | CONTABODE | true | |
82.223.21.224 | unknown | Spain | 8560 | ONEANDONE-ASBrauerstrasse48DE | true | |
95.217.221.146 | unknown | Germany | 24940 | HETZNER-ASDE | true | |
149.56.131.28 | unknown | Canada | 16276 | OVHFR | true | |
182.162.143.56 | unknown | Korea Republic of | 3786 | LGDACOMLGDACOMCorporationKR | true | |
1.234.2.232 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true | |
129.232.188.93 | unknown | South Africa | 37153 | xneeloZA | true | |
94.23.45.86 | unknown | France | 16276 | OVHFR | true |
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 828936 |
Start date and time: | 2023-03-17 17:52:24 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | aOHLlvfakv.dll |
Detection: | MAL |
Classification: | mal96.troj.evad.winDLL@18/2@0/49 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe
- Excluded IPs from analysis (whitelisted): 2.16.241.12, 2.16.241.4, 209.197.3.8
- Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, login.live.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wdcp.microsoft.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
110.232.117.186 | Get hash | malicious | Emotet | Browse | ||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse | |||
Get hash | malicious | Emotet | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
RACKCORP-APRackCorpAU | Get hash | malicious | Emotet | Browse |
| |
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
72a589da586844d7f0818ce684948eea | Get hash | malicious | Emotet | Browse |
| |
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Trickbot | Browse |
| ||
Get hash | malicious | Trickbot | Browse |
| ||
Get hash | malicious | Trickbot | Browse |
| ||
Get hash | malicious | Trickbot | Browse |
| ||
Get hash | malicious | Trickbot | Browse |
| ||
Get hash | malicious | Trickbot | Browse |
| ||
Get hash | malicious | Trickbot | Browse |
| ||
Get hash | malicious | TrickBot | Browse |
| ||
Get hash | malicious | TrickBot | Browse |
| ||
Get hash | malicious | TrickBot | Browse |
| ||
Get hash | malicious | TrickBot | Browse |
| ||
Get hash | malicious | TrickBot | Browse |
| ||
Get hash | malicious | TrickBot | Browse |
| ||
Get hash | malicious | TrickBot | Browse |
| ||
Get hash | malicious | TrickBot | Browse |
| ||
Get hash | malicious | TrickBot | Browse |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 62582 |
Entropy (8bit): | 7.996063107774368 |
Encrypted: | true |
SSDEEP: | 1536:Jk3XPi43VgGp0gB2itudTSRAn/TWTdWftu:CHa43V5p022iZ4CgA |
MD5: | E71C8443AE0BC2E282C73FAEAD0A6DD3 |
SHA1: | 0C110C1B01E68EDFACAEAE64781A37B1995FA94B |
SHA-256: | 95B0A5ACC5BF70D3ABDFD091D0C9F9063AA4FDE65BD34DBF16786082E1992E72 |
SHA-512: | B38458C7FA2825AFB72794F374827403D5946B1132E136A0CE075DFD351277CF7D957C88DC8A1E4ADC3BCAE1FA8010DAE3831E268E910D517691DE24326391A6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.1213400513386125 |
Encrypted: | false |
SSDEEP: | 6:kKdjry/7UN+SkQlPlEGYRMY9z+4KlDA3RUecZUt:tCvkPlE99SNxAhUext |
MD5: | C9D0D1DB22CC93F91EA057685D74E8FA |
SHA1: | 35513EECACA0F029FCDFCEC79FA528B80B6F9C64 |
SHA-256: | 66E217986722B5CC1E3EA7051722144A610F33534D1AD7F9923AF0C149C8DF04 |
SHA-512: | 086A420A12949D721D1F798D4DE4CF4BE29652A282B4658FB256F6CC53D0686D15BBE2BA303F4A17266D713816DB8AB4BB14A7BCE1E3CB1D60F3F5564211B094 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 0.018845395989010114 |
TrID: |
|
File name: | aOHLlvfakv.dll |
File size: | 571122142 |
MD5: | 362f48619364efe57ecd00f83d1bca62 |
SHA1: | ae142315393512fe3f3e03dc07aed88428b6e29b |
SHA256: | a873911592c3ce95d36e009f40bb376f587ad0ba6971a150a2ac10c87a2465f5 |
SHA512: | 1ed6695b6bfdce048697963812deafcde28f7c4397af824fc6ffeda03c5ad282b52728620bb2b81a2caa782a8e91f1e888687aaf1727323d2c8365edf8c9a33a |
SSDEEP: | |
TLSH: | |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x401300 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED, DLL |
DLL Characteristics: | |
Time Stamp: | 0x64078C02 [Tue Mar 7 19:09:54 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 2 |
File Version Major: | 5 |
File Version Minor: | 2 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 2 |
Import Hash: | c73bbc818ceb2fafea2b25df17dec187 |
Instruction |
---|
dec eax |
sub esp, 28h |
dec eax |
mov eax, ecx |
mov dword ptr [00050D8Bh], edx |
dec esp |
mov dword ptr [00050D88h], eax |
dec eax |
mov dword ptr [00050D75h], eax |
dec eax |
cmp edx, 01h |
jne 00007FA2F0934601h |
call 00007FA2F096A13Fh |
call 00007FA2F0965CFAh |
call 00007FA2F096A145h |
dec eax |
lea eax, dword ptr [00050CC9h] |
dec eax |
lea ecx, dword ptr [00047372h] |
dec eax |
mov dword ptr [eax+30h], ecx |
dec eax |
lea ecx, dword ptr [FFFFFCB7h] |
dec eax |
mov dword ptr [eax], ecx |
dec eax |
lea ecx, dword ptr [FFFFFF59h] |
dec eax |
mov dword ptr [eax+08h], ecx |
dec eax |
lea ecx, dword ptr [FFFFFF4Eh] |
dec eax |
mov dword ptr [eax+10h], ecx |
dec eax |
lea ecx, dword ptr [FFFFFF8Bh] |
dec eax |
mov dword ptr [eax+18h], ecx |
dec eax |
lea ecx, dword ptr [0004617Ch] |
dec eax |
mov dword ptr [eax+68h], ecx |
dec eax |
lea ecx, dword ptr [00046571h] |
dec eax |
mov dword ptr [eax+70h], ecx |
dec eax |
lea ecx, dword ptr [00046596h] |
dec eax |
mov dword ptr [eax+78h], ecx |
dec eax |
lea ecx, dword ptr [00046B3Bh] |
dec eax |
mov dword ptr [eax+00000080h], ecx |
dec eax |
lea ecx, dword ptr [0005D2EDh] |
dec eax |
mov dword ptr [eax+50h], ecx |
mov dword ptr [eax+20h], 00000001h |
dec eax |
mov ecx, eax |
dec eax |
mov edx, dword ptr [00050CD8h] |
inc esp |
mov eax, dword ptr [00050CD9h] |
dec esp |
mov ecx, dword ptr [00050CD6h] |
call 00007FA2F09346AAh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x81000 | 0x69 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x80000 | 0xb38 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x82000 | 0x2be00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x76000 | 0x3a38 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xae000 | 0x11b4 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4c4c8 | 0x4c600 | False | 0.4390311732815057 | data | 6.348222298404593 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rodata | 0x4e000 | 0x3600 | 0x3600 | False | 0.3231336805555556 | data | 5.09617814286108 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.data | 0x52000 | 0x22de0 | 0xe400 | False | 0.17931058114035087 | data | 2.348309483365582 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x75000 | 0x5d0 | 0x600 | False | 0.013020833333333334 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x76000 | 0x3a38 | 0x3c00 | False | 0.4626953125 | data | 5.526910649754969 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.xdata | 0x7a000 | 0x5fd0 | 0x6000 | False | 0.14701334635416666 | shared library | 4.906149317469979 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.idata | 0x80000 | 0xb38 | 0xc00 | False | 0.2919921875 | data | 3.959226833867136 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.edata | 0x81000 | 0x69 | 0x200 | False | 0.181640625 | data | 1.2134297058839834 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x82000 | 0x2be00 | 0x2be00 | False | 0.8775151353276354 | data | 7.859341694371929 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xae000 | 0x11b4 | 0x1200 | False | 0.6178385416666666 | data | 5.813939662419332 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
VNRKGF | 0x82184 | 0xa2c | data | English | United States |
VNRKGF | 0x82bb0 | 0x2b000 | data | English | United States |
RT_RCDATA | 0xadbb0 | 0x10 | data | ||
RT_RCDATA | 0xadbc0 | 0x2 | data | English | United States |
RT_VERSION | 0xadbc4 | 0x1f4 | data | English | United States |
DLL | Import |
---|---|
KERNEL32 | AddVectoredExceptionHandler, CloseHandle, CreateDirectoryA, CreateFileA, CreateFileW, DeleteCriticalSection, DeleteFileA, EnterCriticalSection, ExitProcess, FreeEnvironmentStringsA, GetACP, GetCPInfo, GetCurrentProcessId, GetCurrentThreadId, GetDateFormatA, GetEnvironmentStrings, GetFileAttributesA, GetFileAttributesW, GetFileSize, GetFileType, GetLastError, GetLocalTime, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeA, GetStringTypeW, GetSystemDefaultLangID, GetSystemInfo, GetTickCount, GetTimeZoneInformation, GetUserDefaultLCID, GetVersion, GetVersionExA, HeapAlloc, HeapFree, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, IsDBCSLeadByteEx, IsDebuggerPresent, IsValidLocale, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadLibraryW, LocalFileTimeToFileTime, MultiByteToWideChar, RaiseException, ReadFile, RemoveDirectoryA, RemoveVectoredExceptionHandler, RtlCaptureContext, SetConsoleCtrlHandler, SetEndOfFile, SetFilePointer, SetFileTime, SetHandleCount, SetLastError, SetThreadLocale, Sleep, SleepEx, SystemTimeToFileTime, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, VirtualAlloc, VirtualFree, VirtualQuery, WideCharToMultiByte, WriteFile, RtlRestoreContext, RtlUnwindEx |
USER32 | EnumThreadWindows, MessageBoxA, wsprintfA |
Name | Ordinal | Address |
---|---|---|
DllRegisterServer | 1 | 0x401da0 |
__CPPdebugHook | 2 | 0x474aa0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.11.2066.228.32.314982970802404330 03/17/23-17:55:08.721674 | TCP | 2404330 | ET CNC Feodo Tracker Reported CnC Server TCP group 16 | 49829 | 7080 | 192.168.11.20 | 66.228.32.31 |
192.168.11.20104.168.155.1434983880802404302 03/17/23-17:55:40.214505 | TCP | 2404302 | ET CNC Feodo Tracker Reported CnC Server TCP group 2 | 49838 | 8080 | 192.168.11.20 | 104.168.155.143 |
192.168.11.20167.172.199.1654983580802404308 03/17/23-17:55:30.717404 | TCP | 2404308 | ET CNC Feodo Tracker Reported CnC Server TCP group 5 | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
192.168.11.20164.90.222.65498374432404308 03/17/23-17:55:36.091806 | TCP | 2404308 | ET CNC Feodo Tracker Reported CnC Server TCP group 5 | 49837 | 443 | 192.168.11.20 | 164.90.222.65 |
192.168.11.2091.121.146.474982780802404344 03/17/23-17:55:03.822964 | TCP | 2404344 | ET CNC Feodo Tracker Reported CnC Server TCP group 23 | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
192.168.11.20182.162.143.56498314432404312 03/17/23-17:55:16.470008 | TCP | 2404312 | ET CNC Feodo Tracker Reported CnC Server TCP group 7 | 49831 | 443 | 192.168.11.20 | 182.162.143.56 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2023 17:55:03.822963953 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:03.842253923 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:03.842469931 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:03.844355106 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:03.863508940 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:03.884574890 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:03.884633064 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:03.884812117 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:03.887244940 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:03.907407045 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:03.954986095 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:04.660682917 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:04.660682917 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:04.680037022 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:04.751033068 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:04.798549891 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:07.748513937 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:07.748599052 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:07.748816967 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:07.748817921 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:07.748817921 CET | 49827 | 8080 | 192.168.11.20 | 91.121.146.47 |
Mar 17, 2023 17:55:07.768208981 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:07.768244028 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:07.768269062 CET | 8080 | 49827 | 91.121.146.47 | 192.168.11.20 |
Mar 17, 2023 17:55:08.721673965 CET | 49829 | 7080 | 192.168.11.20 | 66.228.32.31 |
Mar 17, 2023 17:55:08.813566923 CET | 7080 | 49829 | 66.228.32.31 | 192.168.11.20 |
Mar 17, 2023 17:55:09.313343048 CET | 49829 | 7080 | 192.168.11.20 | 66.228.32.31 |
Mar 17, 2023 17:55:09.405122995 CET | 7080 | 49829 | 66.228.32.31 | 192.168.11.20 |
Mar 17, 2023 17:55:09.906966925 CET | 49829 | 7080 | 192.168.11.20 | 66.228.32.31 |
Mar 17, 2023 17:55:09.998740911 CET | 7080 | 49829 | 66.228.32.31 | 192.168.11.20 |
Mar 17, 2023 17:55:10.500451088 CET | 49829 | 7080 | 192.168.11.20 | 66.228.32.31 |
Mar 17, 2023 17:55:10.591742039 CET | 7080 | 49829 | 66.228.32.31 | 192.168.11.20 |
Mar 17, 2023 17:55:11.094125986 CET | 49829 | 7080 | 192.168.11.20 | 66.228.32.31 |
Mar 17, 2023 17:55:11.185641050 CET | 7080 | 49829 | 66.228.32.31 | 192.168.11.20 |
Mar 17, 2023 17:55:16.470007896 CET | 49831 | 443 | 192.168.11.20 | 182.162.143.56 |
Mar 17, 2023 17:55:16.470108032 CET | 443 | 49831 | 182.162.143.56 | 192.168.11.20 |
Mar 17, 2023 17:55:16.470316887 CET | 49831 | 443 | 192.168.11.20 | 182.162.143.56 |
Mar 17, 2023 17:55:16.470504045 CET | 49831 | 443 | 192.168.11.20 | 182.162.143.56 |
Mar 17, 2023 17:55:16.470545053 CET | 443 | 49831 | 182.162.143.56 | 192.168.11.20 |
Mar 17, 2023 17:55:16.705921888 CET | 443 | 49831 | 182.162.143.56 | 192.168.11.20 |
Mar 17, 2023 17:55:16.706535101 CET | 49832 | 443 | 192.168.11.20 | 182.162.143.56 |
Mar 17, 2023 17:55:16.706639051 CET | 443 | 49832 | 182.162.143.56 | 192.168.11.20 |
Mar 17, 2023 17:55:16.706866980 CET | 49832 | 443 | 192.168.11.20 | 182.162.143.56 |
Mar 17, 2023 17:55:16.707146883 CET | 49832 | 443 | 192.168.11.20 | 182.162.143.56 |
Mar 17, 2023 17:55:16.707223892 CET | 443 | 49832 | 182.162.143.56 | 192.168.11.20 |
Mar 17, 2023 17:55:16.945801020 CET | 443 | 49832 | 182.162.143.56 | 192.168.11.20 |
Mar 17, 2023 17:55:16.946307898 CET | 49833 | 443 | 192.168.11.20 | 182.162.143.56 |
Mar 17, 2023 17:55:16.946396112 CET | 443 | 49833 | 182.162.143.56 | 192.168.11.20 |
Mar 17, 2023 17:55:16.946610928 CET | 49833 | 443 | 192.168.11.20 | 182.162.143.56 |
Mar 17, 2023 17:55:16.946799040 CET | 49833 | 443 | 192.168.11.20 | 182.162.143.56 |
Mar 17, 2023 17:55:16.947004080 CET | 443 | 49833 | 182.162.143.56 | 192.168.11.20 |
Mar 17, 2023 17:55:16.947177887 CET | 49833 | 443 | 192.168.11.20 | 182.162.143.56 |
Mar 17, 2023 17:55:22.222096920 CET | 49834 | 80 | 192.168.11.20 | 187.63.160.88 |
Mar 17, 2023 17:55:22.442723036 CET | 80 | 49834 | 187.63.160.88 | 192.168.11.20 |
Mar 17, 2023 17:55:22.950834990 CET | 49834 | 80 | 192.168.11.20 | 187.63.160.88 |
Mar 17, 2023 17:55:23.171304941 CET | 80 | 49834 | 187.63.160.88 | 192.168.11.20 |
Mar 17, 2023 17:55:23.685240030 CET | 49834 | 80 | 192.168.11.20 | 187.63.160.88 |
Mar 17, 2023 17:55:23.905503988 CET | 80 | 49834 | 187.63.160.88 | 192.168.11.20 |
Mar 17, 2023 17:55:24.419260979 CET | 49834 | 80 | 192.168.11.20 | 187.63.160.88 |
Mar 17, 2023 17:55:24.639291048 CET | 80 | 49834 | 187.63.160.88 | 192.168.11.20 |
Mar 17, 2023 17:55:25.153383970 CET | 49834 | 80 | 192.168.11.20 | 187.63.160.88 |
Mar 17, 2023 17:55:25.373801947 CET | 80 | 49834 | 187.63.160.88 | 192.168.11.20 |
Mar 17, 2023 17:55:30.717403889 CET | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
Mar 17, 2023 17:55:30.877808094 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:30.878029108 CET | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
Mar 17, 2023 17:55:30.878396034 CET | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
Mar 17, 2023 17:55:31.038242102 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:31.048325062 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:31.048401117 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:31.048665047 CET | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
Mar 17, 2023 17:55:31.051322937 CET | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
Mar 17, 2023 17:55:31.212112904 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:31.213166952 CET | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
Mar 17, 2023 17:55:31.415318966 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:32.039026022 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:32.089509964 CET | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
Mar 17, 2023 17:55:35.039800882 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:35.039868116 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:35.040082932 CET | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
Mar 17, 2023 17:55:35.040082932 CET | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
Mar 17, 2023 17:55:35.040082932 CET | 49835 | 8080 | 192.168.11.20 | 167.172.199.165 |
Mar 17, 2023 17:55:35.199883938 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:35.199937105 CET | 8080 | 49835 | 167.172.199.165 | 192.168.11.20 |
Mar 17, 2023 17:55:35.966129065 CET | 49837 | 443 | 192.168.11.20 | 164.90.222.65 |
Mar 17, 2023 17:55:35.966291904 CET | 443 | 49837 | 164.90.222.65 | 192.168.11.20 |
Mar 17, 2023 17:55:35.966497898 CET | 49837 | 443 | 192.168.11.20 | 164.90.222.65 |
Mar 17, 2023 17:55:35.966687918 CET | 49837 | 443 | 192.168.11.20 | 164.90.222.65 |
Mar 17, 2023 17:55:35.966737032 CET | 443 | 49837 | 164.90.222.65 | 192.168.11.20 |
Mar 17, 2023 17:55:36.087966919 CET | 443 | 49837 | 164.90.222.65 | 192.168.11.20 |
Mar 17, 2023 17:55:36.088268042 CET | 49837 | 443 | 192.168.11.20 | 164.90.222.65 |
Mar 17, 2023 17:55:36.089459896 CET | 49837 | 443 | 192.168.11.20 | 164.90.222.65 |
Mar 17, 2023 17:55:36.089535952 CET | 443 | 49837 | 164.90.222.65 | 192.168.11.20 |
Mar 17, 2023 17:55:36.090668917 CET | 443 | 49837 | 164.90.222.65 | 192.168.11.20 |
Mar 17, 2023 17:55:36.091527939 CET | 49837 | 443 | 192.168.11.20 | 164.90.222.65 |
Mar 17, 2023 17:55:36.132508039 CET | 443 | 49837 | 164.90.222.65 | 192.168.11.20 |
Mar 17, 2023 17:55:36.291066885 CET | 443 | 49837 | 164.90.222.65 | 192.168.11.20 |
Mar 17, 2023 17:55:36.291352987 CET | 443 | 49837 | 164.90.222.65 | 192.168.11.20 |
Mar 17, 2023 17:55:36.291520119 CET | 49837 | 443 | 192.168.11.20 | 164.90.222.65 |
Mar 17, 2023 17:55:36.292974949 CET | 49837 | 443 | 192.168.11.20 | 164.90.222.65 |
Mar 17, 2023 17:55:36.292974949 CET | 49837 | 443 | 192.168.11.20 | 164.90.222.65 |
Mar 17, 2023 17:55:36.293045044 CET | 443 | 49837 | 164.90.222.65 | 192.168.11.20 |
Mar 17, 2023 17:55:36.293066978 CET | 443 | 49837 | 164.90.222.65 | 192.168.11.20 |
Mar 17, 2023 17:55:40.214504957 CET | 49838 | 8080 | 192.168.11.20 | 104.168.155.143 |
Mar 17, 2023 17:55:40.371361017 CET | 8080 | 49838 | 104.168.155.143 | 192.168.11.20 |
Mar 17, 2023 17:55:40.884457111 CET | 49838 | 8080 | 192.168.11.20 | 104.168.155.143 |
Mar 17, 2023 17:55:41.041522980 CET | 8080 | 49838 | 104.168.155.143 | 192.168.11.20 |
Mar 17, 2023 17:55:41.556155920 CET | 49838 | 8080 | 192.168.11.20 | 104.168.155.143 |
Mar 17, 2023 17:55:41.713120937 CET | 8080 | 49838 | 104.168.155.143 | 192.168.11.20 |
Mar 17, 2023 17:55:42.227844000 CET | 49838 | 8080 | 192.168.11.20 | 104.168.155.143 |
Mar 17, 2023 17:55:42.385135889 CET | 8080 | 49838 | 104.168.155.143 | 192.168.11.20 |
Mar 17, 2023 17:55:42.899537086 CET | 49838 | 8080 | 192.168.11.20 | 104.168.155.143 |
Mar 17, 2023 17:55:43.056380033 CET | 8080 | 49838 | 104.168.155.143 | 192.168.11.20 |
Mar 17, 2023 17:55:48.463207006 CET | 49839 | 8080 | 192.168.11.20 | 91.207.28.33 |
Mar 17, 2023 17:55:49.476475000 CET | 49839 | 8080 | 192.168.11.20 | 91.207.28.33 |
Mar 17, 2023 17:55:51.491552114 CET | 49839 | 8080 | 192.168.11.20 | 91.207.28.33 |
Mar 17, 2023 17:55:55.506303072 CET | 49839 | 8080 | 192.168.11.20 | 91.207.28.33 |
Mar 17, 2023 17:56:05.209115982 CET | 49841 | 8080 | 192.168.11.20 | 72.15.201.15 |
Mar 17, 2023 17:56:06.222544909 CET | 49841 | 8080 | 192.168.11.20 | 72.15.201.15 |
Mar 17, 2023 17:56:08.237816095 CET | 49841 | 8080 | 192.168.11.20 | 72.15.201.15 |
Mar 17, 2023 17:56:12.252496958 CET | 49841 | 8080 | 192.168.11.20 | 72.15.201.15 |
Mar 17, 2023 17:56:21.224081039 CET | 49842 | 8080 | 192.168.11.20 | 183.111.227.137 |
Mar 17, 2023 17:56:21.473206997 CET | 8080 | 49842 | 183.111.227.137 | 192.168.11.20 |
Mar 17, 2023 17:56:21.984700918 CET | 49842 | 8080 | 192.168.11.20 | 183.111.227.137 |
Mar 17, 2023 17:56:22.233786106 CET | 8080 | 49842 | 183.111.227.137 | 192.168.11.20 |
Mar 17, 2023 17:56:22.734503984 CET | 49842 | 8080 | 192.168.11.20 | 183.111.227.137 |
Mar 17, 2023 17:56:22.983175039 CET | 8080 | 49842 | 183.111.227.137 | 192.168.11.20 |
Mar 17, 2023 17:56:23.484471083 CET | 49842 | 8080 | 192.168.11.20 | 183.111.227.137 |
Mar 17, 2023 17:56:31.498373985 CET | 49842 | 8080 | 192.168.11.20 | 183.111.227.137 |
Mar 17, 2023 17:56:31.747179985 CET | 8080 | 49842 | 183.111.227.137 | 192.168.11.20 |
Mar 17, 2023 17:56:37.217686892 CET | 49844 | 8080 | 192.168.11.20 | 103.132.242.26 |
Mar 17, 2023 17:56:38.231113911 CET | 49844 | 8080 | 192.168.11.20 | 103.132.242.26 |
Mar 17, 2023 17:56:40.246740103 CET | 49844 | 8080 | 192.168.11.20 | 103.132.242.26 |
Mar 17, 2023 17:56:44.261094093 CET | 49844 | 8080 | 192.168.11.20 | 103.132.242.26 |
Mar 17, 2023 17:56:53.214862108 CET | 49845 | 8080 | 192.168.11.20 | 159.65.88.10 |
Mar 17, 2023 17:56:53.238240004 CET | 8080 | 49845 | 159.65.88.10 | 192.168.11.20 |
Mar 17, 2023 17:56:53.743458033 CET | 49845 | 8080 | 192.168.11.20 | 159.65.88.10 |
Mar 17, 2023 17:56:53.766810894 CET | 8080 | 49845 | 159.65.88.10 | 192.168.11.20 |
Mar 17, 2023 17:56:54.274444103 CET | 49845 | 8080 | 192.168.11.20 | 159.65.88.10 |
Mar 17, 2023 17:56:54.297533989 CET | 8080 | 49845 | 159.65.88.10 | 192.168.11.20 |
Mar 17, 2023 17:56:54.805639982 CET | 49845 | 8080 | 192.168.11.20 | 159.65.88.10 |
Mar 17, 2023 17:56:54.828557968 CET | 8080 | 49845 | 159.65.88.10 | 192.168.11.20 |
Mar 17, 2023 17:56:55.336703062 CET | 49845 | 8080 | 192.168.11.20 | 159.65.88.10 |
Mar 17, 2023 17:56:55.359790087 CET | 8080 | 49845 | 159.65.88.10 | 192.168.11.20 |
Mar 17, 2023 17:57:00.715739965 CET | 49847 | 8080 | 192.168.11.20 | 173.212.193.249 |
Mar 17, 2023 17:57:00.728647947 CET | 8080 | 49847 | 173.212.193.249 | 192.168.11.20 |
Mar 17, 2023 17:57:01.241731882 CET | 49847 | 8080 | 192.168.11.20 | 173.212.193.249 |
Mar 17, 2023 17:57:01.254630089 CET | 8080 | 49847 | 173.212.193.249 | 192.168.11.20 |
Mar 17, 2023 17:57:01.757257938 CET | 49847 | 8080 | 192.168.11.20 | 173.212.193.249 |
Mar 17, 2023 17:57:05.772061110 CET | 49847 | 8080 | 192.168.11.20 | 173.212.193.249 |
Mar 17, 2023 17:57:05.785279036 CET | 8080 | 49847 | 173.212.193.249 | 192.168.11.20 |
Mar 17, 2023 17:57:06.287431002 CET | 49847 | 8080 | 192.168.11.20 | 173.212.193.249 |
Mar 17, 2023 17:57:06.300117016 CET | 8080 | 49847 | 173.212.193.249 | 192.168.11.20 |
Mar 17, 2023 17:57:11.710352898 CET | 49848 | 8080 | 192.168.11.20 | 82.223.21.224 |
Mar 17, 2023 17:57:11.756433964 CET | 8080 | 49848 | 82.223.21.224 | 192.168.11.20 |
Mar 17, 2023 17:57:12.270498037 CET | 49848 | 8080 | 192.168.11.20 | 82.223.21.224 |
Mar 17, 2023 17:57:12.316184998 CET | 8080 | 49848 | 82.223.21.224 | 192.168.11.20 |
Mar 17, 2023 17:57:12.817295074 CET | 49848 | 8080 | 192.168.11.20 | 82.223.21.224 |
Mar 17, 2023 17:57:12.863404989 CET | 8080 | 49848 | 82.223.21.224 | 192.168.11.20 |
Mar 17, 2023 17:57:13.364262104 CET | 49848 | 8080 | 192.168.11.20 | 82.223.21.224 |
Mar 17, 2023 17:57:13.410521984 CET | 8080 | 49848 | 82.223.21.224 | 192.168.11.20 |
Mar 17, 2023 17:57:13.910753965 CET | 49848 | 8080 | 192.168.11.20 | 82.223.21.224 |
Mar 17, 2023 17:57:13.956427097 CET | 8080 | 49848 | 82.223.21.224 | 192.168.11.20 |
Mar 17, 2023 17:57:19.271894932 CET | 49849 | 8080 | 192.168.11.20 | 172.105.226.75 |
Mar 17, 2023 17:57:19.523993015 CET | 8080 | 49849 | 172.105.226.75 | 192.168.11.20 |
Mar 17, 2023 17:57:20.034790993 CET | 49849 | 8080 | 192.168.11.20 | 172.105.226.75 |
Mar 17, 2023 17:57:20.286341906 CET | 8080 | 49849 | 172.105.226.75 | 192.168.11.20 |
Mar 17, 2023 17:57:20.799974918 CET | 49849 | 8080 | 192.168.11.20 | 172.105.226.75 |
Mar 17, 2023 17:57:21.051470995 CET | 8080 | 49849 | 172.105.226.75 | 192.168.11.20 |
Mar 17, 2023 17:57:21.565464973 CET | 49849 | 8080 | 192.168.11.20 | 172.105.226.75 |
Mar 17, 2023 17:57:21.817554951 CET | 8080 | 49849 | 172.105.226.75 | 192.168.11.20 |
Mar 17, 2023 17:57:22.330940962 CET | 49849 | 8080 | 192.168.11.20 | 172.105.226.75 |
Mar 17, 2023 17:57:22.582799911 CET | 8080 | 49849 | 172.105.226.75 | 192.168.11.20 |
Mar 17, 2023 17:57:27.972085953 CET | 49850 | 443 | 192.168.11.20 | 103.43.75.120 |
Mar 17, 2023 17:57:27.972170115 CET | 443 | 49850 | 103.43.75.120 | 192.168.11.20 |
Mar 17, 2023 17:57:27.972752094 CET | 49850 | 443 | 192.168.11.20 | 103.43.75.120 |
Mar 17, 2023 17:57:27.972752094 CET | 49850 | 443 | 192.168.11.20 | 103.43.75.120 |
Mar 17, 2023 17:57:27.972878933 CET | 443 | 49850 | 103.43.75.120 | 192.168.11.20 |
Mar 17, 2023 17:57:28.255760908 CET | 443 | 49850 | 103.43.75.120 | 192.168.11.20 |
Mar 17, 2023 17:57:28.256366968 CET | 49851 | 443 | 192.168.11.20 | 103.43.75.120 |
Mar 17, 2023 17:57:28.256474972 CET | 443 | 49851 | 103.43.75.120 | 192.168.11.20 |
Mar 17, 2023 17:57:28.256699085 CET | 49851 | 443 | 192.168.11.20 | 103.43.75.120 |
Mar 17, 2023 17:57:28.256932974 CET | 49851 | 443 | 192.168.11.20 | 103.43.75.120 |
Mar 17, 2023 17:57:28.256997108 CET | 443 | 49851 | 103.43.75.120 | 192.168.11.20 |
Mar 17, 2023 17:57:28.537828922 CET | 443 | 49851 | 103.43.75.120 | 192.168.11.20 |
Mar 17, 2023 17:57:28.538410902 CET | 49852 | 443 | 192.168.11.20 | 103.43.75.120 |
Mar 17, 2023 17:57:28.538527966 CET | 443 | 49852 | 103.43.75.120 | 192.168.11.20 |
Mar 17, 2023 17:57:28.538723946 CET | 49852 | 443 | 192.168.11.20 | 103.43.75.120 |
Mar 17, 2023 17:57:28.538853884 CET | 49852 | 443 | 192.168.11.20 | 103.43.75.120 |
Mar 17, 2023 17:57:28.539140940 CET | 443 | 49852 | 103.43.75.120 | 192.168.11.20 |
Mar 17, 2023 17:57:28.539361954 CET | 49852 | 443 | 192.168.11.20 | 103.43.75.120 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Mar 17, 2023 17:56:37.473143101 CET | 103.132.242.26 | 192.168.11.20 | 2278 | (Unknown) | Destination Unreachable |
Mar 17, 2023 17:56:38.486097097 CET | 103.132.242.26 | 192.168.11.20 | 2278 | (Unknown) | Destination Unreachable |
Mar 17, 2023 17:56:40.502083063 CET | 103.132.242.26 | 192.168.11.20 | 2278 | (Unknown) | Destination Unreachable |
Mar 17, 2023 17:56:44.516495943 CET | 103.132.242.26 | 192.168.11.20 | 2278 | (Unknown) | Destination Unreachable |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49837 | 164.90.222.65 | 443 | C:\Windows\System32\regsvr32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-17 16:55:36 UTC | 0 | OUT | |
2023-03-17 16:55:36 UTC | 0 | IN | |
2023-03-17 16:55:36 UTC | 0 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:54:25 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64c450000 |
File size: | 139776 bytes |
MD5 hash: | C676FC0263EDD17D4CE7D644B8F3FCD6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 1 |
Start time: | 17:54:25 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6ca940000 |
File size: | 875008 bytes |
MD5 hash: | 81CA40085FC75BABD2C91D18AA9FFA68 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 17:54:26 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a07d0000 |
File size: | 289792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 3 |
Start time: | 17:54:26 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff642830000 |
File size: | 25088 bytes |
MD5 hash: | B0C2FA35D14A9FAD919E99D9D75E1B9E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 4 |
Start time: | 17:54:26 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff660480000 |
File size: | 71680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 5 |
Start time: | 17:54:26 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff660480000 |
File size: | 71680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 7 |
Start time: | 17:54:27 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff642830000 |
File size: | 25088 bytes |
MD5 hash: | B0C2FA35D14A9FAD919E99D9D75E1B9E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Target ID: | 8 |
Start time: | 17:54:27 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff642830000 |
File size: | 25088 bytes |
MD5 hash: | B0C2FA35D14A9FAD919E99D9D75E1B9E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 9 |
Start time: | 17:54:27 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff642830000 |
File size: | 25088 bytes |
MD5 hash: | B0C2FA35D14A9FAD919E99D9D75E1B9E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 10 |
Start time: | 17:54:29 |
Start date: | 17/03/2023 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff660480000 |
File size: | 71680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Execution Graph
Execution Coverage: | 3.5% |
Dynamic/Decrypted Code Coverage: | 16.4% |
Signature Coverage: | 19.9% |
Total number of Nodes: | 146 |
Total number of Limit Nodes: | 3 |
Graph
Function 02D20000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F160 Relevance: 45.9, APIs: 17, Strings: 9, Instructions: 387threadCOMMON
Control-flow Graph
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401C80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58libraryloaderCOMMON
Control-flow Graph
C-Code - Quality: 27% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013988 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448980 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440BD0 Relevance: 158.6, APIs: 105, Instructions: 1095COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440610 Relevance: 51.4, APIs: 34, Instructions: 414COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441BA0 Relevance: 19.6, APIs: 13, Instructions: 149COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00446AA0 Relevance: 9.1, APIs: 6, Instructions: 106filethreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420D70 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
C-Code - Quality: 67% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 99% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004082D0 Relevance: 1.7, Strings: 1, Instructions: 421COMMON
C-Code - Quality: 35% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043FC60 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004111FA Relevance: 1.3, Strings: 1, Instructions: 17COMMON
C-Code - Quality: 82% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000B258 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180001000 Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439760 Relevance: .2, Instructions: 233COMMONCrypto
C-Code - Quality: 58% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001020C Relevance: .2, Instructions: 230COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414420 Relevance: .2, Instructions: 213COMMONCrypto
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000BA2C Relevance: .2, Instructions: 192COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001D770 Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800227EC Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414AC0 Relevance: .2, Instructions: 183COMMONCrypto
C-Code - Quality: 96% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180003ABC Relevance: .2, Instructions: 173COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001E310 Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004086C2 Relevance: .1, Instructions: 139COMMON
C-Code - Quality: 33% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004086DC Relevance: .1, Instructions: 139COMMON
C-Code - Quality: 33% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004086DE Relevance: .1, Instructions: 139COMMON
C-Code - Quality: 33% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004086E0 Relevance: .1, Instructions: 139COMMON
C-Code - Quality: 33% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408704 Relevance: .1, Instructions: 139COMMON
C-Code - Quality: 33% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004088B9 Relevance: .1, Instructions: 138COMMON
C-Code - Quality: 30% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004086C4 Relevance: .1, Instructions: 136COMMON
C-Code - Quality: 26% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004086C6 Relevance: .1, Instructions: 136COMMON
C-Code - Quality: 26% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004088B7 Relevance: .1, Instructions: 129COMMON
C-Code - Quality: 28% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180002C78 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000B83C Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800090F8 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180015CC4 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180025450 Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001CC84 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044D278 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044D3B8 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180018E08 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180014F18 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800115C8 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040E5 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410D65 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448C90 Relevance: 5.0, APIs: 4, Instructions: 37memoryCOMMON
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 3.5% |
Dynamic/Decrypted Code Coverage: | 16.4% |
Signature Coverage: | 0% |
Total number of Nodes: | 146 |
Total number of Limit Nodes: | 3 |
Graph
Function 0000029592A10000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F160 Relevance: 45.9, APIs: 17, Strings: 9, Instructions: 387threadCOMMON
Control-flow Graph
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401C80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58libraryloaderCOMMON
Control-flow Graph
C-Code - Quality: 27% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013988 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448980 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440610 Relevance: 51.4, APIs: 34, Instructions: 414COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441BA0 Relevance: 19.6, APIs: 13, Instructions: 149COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00446AA0 Relevance: 9.1, APIs: 6, Instructions: 106filethreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448C90 Relevance: 5.0, APIs: 4, Instructions: 37memoryCOMMON
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |