Windows
Analysis Report
TET8iWY1w4.exe
Overview
General Information
Sample name: | TET8iWY1w4.exerenamed because original name is a hash value |
Original sample name: | 80e061a430c34b66003b1394c8b3b2b1.exe |
Analysis ID: | 1434700 |
MD5: | 80e061a430c34b66003b1394c8b3b2b1 |
SHA1: | 353c728399a03396a287182d04766f4f80838d9a |
SHA256: | 78927bd59e674eb5f331d92aef902ee34c24cf8479f9b69fbd4a4140ab6228f3 |
Tags: | exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- TET8iWY1w4.exe (PID: 2132 cmdline:
"C:\Users\ user\Deskt op\TET8iWY 1w4.exe" MD5: 80E061A430C34B66003B1394C8B3B2B1) - WerFault.exe (PID: 6392 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 132 -s 152 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["demonstationfukewko.shop", "liabilitynighstjsko.shop", "alcojoldwograpciw.shop", "incredibleextedwj.shop", "shortsvelventysjo.shop", "shatterbreathepsw.shop", "tolerateilusidjukl.shop", "productivelookewr.shop", "accountasifkwosov.shop"], "Build id": "P6Mk0M--superstar"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 4 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 0_2_00416645 |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Source: | Code function: | 0_2_0041601F | |
Source: | Code function: | 0_2_004362F2 | |
Source: | Code function: | 0_2_00415340 | |
Source: | Code function: | 0_2_004363FF | |
Source: | Code function: | 0_2_00415470 | |
Source: | Code function: | 0_2_00409970 | |
Source: | Code function: | 0_2_00431DE0 | |
Source: | Code function: | 0_2_00420D80 | |
Source: | Code function: | 0_2_00420D80 | |
Source: | Code function: | 0_2_00420D80 | |
Source: | Code function: | 0_2_00416EA6 | |
Source: | Code function: | 0_2_00425082 | |
Source: | Code function: | 0_2_00424FB4 | |
Source: | Code function: | 0_2_00422090 | |
Source: | Code function: | 0_2_0043617A | |
Source: | Code function: | 0_2_004381B9 | |
Source: | Code function: | 0_2_00424AAE | |
Source: | Code function: | 0_2_0040D2A0 | |
Source: | Code function: | 0_2_00411361 | |
Source: | Code function: | 0_2_00411361 | |
Source: | Code function: | 0_2_004234EC | |
Source: | Code function: | 0_2_004094F0 | |
Source: | Code function: | 0_2_00437499 | |
Source: | Code function: | 0_2_0041A5E0 | |
Source: | Code function: | 0_2_0041A5E0 | |
Source: | Code function: | 0_2_004025A0 | |
Source: | Code function: | 0_2_0041761C | |
Source: | Code function: | 0_2_004166E7 | |
Source: | Code function: | 0_2_0042672D | |
Source: | Code function: | 0_2_004267C9 | |
Source: | Code function: | 0_2_0041C798 | |
Source: | Code function: | 0_2_004267BA | |
Source: | Code function: | 0_2_00416A89 | |
Source: | Code function: | 0_2_00416A89 | |
Source: | Code function: | 0_2_00423444 | |
Source: | Code function: | 0_2_0041AAB0 | |
Source: | Code function: | 0_2_0042FCC0 | |
Source: | Code function: | 0_2_00413DC7 | |
Source: | Code function: | 0_2_00420DF0 | |
Source: | Code function: | 0_2_00414EC0 | |
Source: | Code function: | 0_2_00425EDD | |
Source: | Code function: | 0_2_00425EDD | |
Source: | Code function: | 0_2_0040FFA2 | |
Source: | Code function: | 0_2_036A63E1 | |
Source: | Code function: | 0_2_03680209 | |
Source: | Code function: | 0_2_036952E9 | |
Source: | Code function: | 0_2_0369521B | |
Source: | Code function: | 0_2_036922F7 | |
Source: | Code function: | 0_2_03686286 | |
Source: | Code function: | 0_2_03696144 | |
Source: | Code function: | 0_2_03696144 | |
Source: | Code function: | 0_2_03685127 | |
Source: | Code function: | 0_2_0368710D | |
Source: | Code function: | 0_2_036A2192 | |
Source: | Code function: | 0_2_0368402E | |
Source: | Code function: | 0_2_036780A7 | |
Source: | Code function: | 0_2_036780A7 | |
Source: | Code function: | 0_2_03679757 | |
Source: | Code function: | 0_2_03693753 | |
Source: | Code function: | 0_2_036A7700 | |
Source: | Code function: | 0_2_036A6666 | |
Source: | Code function: | 0_2_036856D7 | |
Source: | Code function: | 0_2_036A6559 | |
Source: | Code function: | 0_2_0367D507 | |
Source: | Code function: | 0_2_036815C8 | |
Source: | Code function: | 0_2_036815C8 | |
Source: | Code function: | 0_2_036855A7 | |
Source: | Code function: | 0_2_036A8420 | |
Source: | Code function: | 0_2_03694D15 | |
Source: | Code function: | 0_2_03691497 | |
Source: | Code function: | 0_2_0368CB0E | |
Source: | Code function: | 0_2_03679BD7 | |
Source: | Code function: | 0_2_03696A21 | |
Source: | Code function: | 0_2_03696A30 | |
Source: | Code function: | 0_2_0368694E | |
Source: | Code function: | 0_2_03696994 | |
Source: | Code function: | 0_2_0368A847 | |
Source: | Code function: | 0_2_0368A847 | |
Source: | Code function: | 0_2_03672807 | |
Source: | Code function: | 0_2_03687883 | |
Source: | Code function: | 0_2_0369FF27 | |
Source: | Code function: | 0_2_036936AB | |
Source: | Code function: | 0_2_0368AD17 | |
Source: | Code function: | 0_2_03686CF0 | |
Source: | Code function: | 0_2_03686CF0 |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0042C8C0 |
Source: | Code function: | 0_2_0042C8C0 |
Source: | Code function: | 0_2_0042CA80 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00421740 | |
Source: | Code function: | 0_2_004049B0 | |
Source: | Code function: | 0_2_00420D80 | |
Source: | Code function: | 0_2_00410180 | |
Source: | Code function: | 0_2_00403270 | |
Source: | Code function: | 0_2_004392B0 | |
Source: | Code function: | 0_2_00406350 | |
Source: | Code function: | 0_2_00405570 | |
Source: | Code function: | 0_2_004395F0 | |
Source: | Code function: | 0_2_00403660 | |
Source: | Code function: | 0_2_0042672D | |
Source: | Code function: | 0_2_004267C9 | |
Source: | Code function: | 0_2_0041C798 | |
Source: | Code function: | 0_2_00431810 | |
Source: | Code function: | 0_2_00406960 | |
Source: | Code function: | 0_2_00416A89 | |
Source: | Code function: | 0_2_00420DF0 | |
Source: | Code function: | 0_2_0043DEDF | |
Source: | Code function: | 0_2_00425EDD | |
Source: | Code function: | 0_2_0043DF5C | |
Source: | Code function: | 0_2_036803E7 | |
Source: | Code function: | 0_2_03671267 | |
Source: | Code function: | 0_2_03696144 | |
Source: | Code function: | 0_2_036780A7 | |
Source: | Code function: | 0_2_036757D7 | |
Source: | Code function: | 0_2_036A9517 | |
Source: | Code function: | 0_2_036765B7 | |
Source: | Code function: | 0_2_036734D7 | |
Source: | Code function: | 0_2_03676BC7 | |
Source: | Code function: | 0_2_036A1A77 | |
Source: | Code function: | 0_2_03696A30 | |
Source: | Code function: | 0_2_036919A7 | |
Source: | Code function: | 0_2_03696994 | |
Source: | Code function: | 0_2_036A9857 | |
Source: | Code function: | 0_2_036738C7 | |
Source: | Code function: | 0_2_03674C17 | |
Source: | Code function: | 0_2_03686CF0 |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_01AD678E |
Source: | Code function: | 0_2_0042B228 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_01ADA311 | |
Source: | Code function: | 0_2_01ADBA8D | |
Source: | Code function: | 0_2_01ADB5CF | |
Source: | Code function: | 0_2_01AD7800 | |
Source: | Code function: | 0_2_01AD7780 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00435970 |
Source: | Code function: | 0_2_01AD606B | |
Source: | Code function: | 0_2_0367092B | |
Source: | Code function: | 0_2_03670D90 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | 31 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
76% | ReversingLabs | Win32.Spyware.Lummastealer | ||
100% | Avira | HEUR/AGEN.1310434 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accountasifkwosov.shop | 172.67.141.11 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.141.11 | accountasifkwosov.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1434700 |
Start date and time: | 2024-05-01 16:38:24 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | TET8iWY1w4.exerenamed because original name is a hash value |
Original Sample Name: | 80e061a430c34b66003b1394c8b3b2b1.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@2/5@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.21
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: TET8iWY1w4.exe
Time | Type | Description |
---|---|---|
16:39:16 | API Interceptor | |
16:39:47 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | RisePro Stealer | Browse |
| |
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_TET8iWY1w4.exe_baf128c5aa94d11fcb5d518c1b53c94826195_ff764eae_7b82c7fd-01a7-4d29-b0e1-e1815c3e2fbd\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9964978135043593 |
Encrypted: | false |
SSDEEP: | 96:1PQNYTwKasFQqto67JnwQXIDcQ9c6kGcEscw3ma+HbHg/wWGTf3hOycISWLTvSEH:12zZAP0TJWSDjsKF7zuiFAZ24IO8L |
MD5: | 57E0CC9613AD756137CB28FE7019310D |
SHA1: | 94E8393182B5D23E78DC9FD9816F5F876D41431F |
SHA-256: | B9F7455DCB3D19CD72520121E75EC4DFD945CD0083D58A2999E04560227B14C9 |
SHA-512: | 380D6EE84951AF5A066E7D0A2E0955BEA5725BAC336D80077647816B0D1ED308545E1E7E2D131C94A3B3D103D82E3842A41FD5DF5B635A87F80EAD1E0EAD3229 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8378 |
Entropy (8bit): | 3.701891621484629 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJDJ6IXt6YEIuSU93jggmfm0GpDa89bFjsfCq3m:R6lXJN6Id6YEBSU93jggmfm04FIfCT |
MD5: | EE9E8EF2D0769B91291B8B3C33768317 |
SHA1: | 8E77F2935F590FD9F86D3D5346C2875376EF9298 |
SHA-256: | CD14F800AEAE532A8CFCBF0BBB683650F06344F4A32DBEDE6857CDBB5A40169C |
SHA-512: | A038215252238C5A0458D64986F757EF070A02A272C5E73770E19BFF594BC367570BDDE9E8CA5995ED1892B3A0A7BE69408E46C57426494538C50C47C40B6989 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4625 |
Entropy (8bit): | 4.510916040829672 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs4Jg77aI9ehWpW8VYLYm8M4JuZ/tOqFM+q8LdxOXczSlNSxd:uIjf+I7Qw7VnJuZFIebsqSlNSxd |
MD5: | 7691BCAE0AA60714275D371782E9B454 |
SHA1: | E99F6A41FD578D1248AB9566513CD006FEE5D732 |
SHA-256: | 7BC59016A4C5170B33B32393EC1A31408720F126007EEC9918F8584C73DAC501 |
SHA-512: | DDB9DCB4F78BF5FB1579DBCB89F14B49ED702884C4B5CE7926DD773B9BC1A2E68C8BFF0D72504739DB210B8181F4514D90DC543C5E8421C81F6681A90E2A1686 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 81692 |
Entropy (8bit): | 2.9528553661399375 |
Encrypted: | false |
SSDEEP: | 768:ExC7Bliniiu6mzTMOLqzSOAueQK1fvRl1psKuo:EMQ8vMOLqzSOAIK1fvRl1uno |
MD5: | 2F93AA55ED1855AAA9EF4D6A083232DA |
SHA1: | 34139AFDC677C8771458E32D6FE20AA755151EB6 |
SHA-256: | B865D9D38FAAFD7CA2D2AA4C0E1FE4D8719CFFCC33AECD4283C8CA2B6A6BEFE4 |
SHA-512: | 5522C88A4B62D2F36D5884990D4594DAA4DE6BFA68D78FAB55FA1C245A8652276D213C5590AA0EE610DA9FF0EBCE6C914C97374D725A3F55D79085E62117F89F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.421532847685784 |
Encrypted: | false |
SSDEEP: | 6144:6Svfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNS0uhiTw:pvloTMW+EZMM6DFy003w |
MD5: | 0261C2614E63D2E9D1983E96B189A28D |
SHA1: | EBBA0088E689AEAC82D1591FF54C41183DCDFF9D |
SHA-256: | 4C6399616C64F2D131CE9E2EAD6DBE925B8421251874B809AE2ED7083DEE6816 |
SHA-512: | 399BB42A3C0ED5DA69142C84B062E98DC8361AA4A61DBC95AE41D776D79675743F98089FB81DC5EB5A8CAA563465893D91607320D4DC91DFBA33055F30647EC8 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.144572554042234 |
TrID: |
|
File name: | TET8iWY1w4.exe |
File size: | 360'448 bytes |
MD5: | 80e061a430c34b66003b1394c8b3b2b1 |
SHA1: | 353c728399a03396a287182d04766f4f80838d9a |
SHA256: | 78927bd59e674eb5f331d92aef902ee34c24cf8479f9b69fbd4a4140ab6228f3 |
SHA512: | 30942e6e3a23ec50ea4803425e61f1a0c8916b74641cb9481e949375ad1289bf0aebc9b9e41ad7d1699794d8fc9f086349cb93f64ab3e819be7850b971354d41 |
SSDEEP: | 6144:drNJ0kYgTIScU2sYTc4i9qiq0kmmeQPKSYaMGnp+M/nG/TmHv:dhJ0ktRmeQyZqpl/QTmP |
TLSH: | 5C748D036AE17D54E9324B724F2ED6E8775DFA208E197BA722189A1F04F00B2DE73751 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:).s~H. ~H. ~H. s.6 _H. s.. .H. s.. UH. w0z }H. ~H. .H. ... .H. s.2 .H. ..7 .H. Rich~H. ........................PE..L...*..c... |
Icon Hash: | cd4d3d2e4e054d05 |
Entrypoint: | 0x403f81 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x63DFAE2A [Sun Feb 5 13:24:58 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 6238cdaa05523d29a8e8e1952e0934c6 |
Instruction |
---|
call 00007F9748BE7EEFh |
jmp 00007F9748BE2E54h |
cmp ecx, dword ptr [00419428h] |
jne 00007F9748BE2FD4h |
rep ret |
jmp 00007F9748BE805Eh |
push ebp |
mov ebp, esp |
sub esp, 20h |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 004120B8h |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov esi, dword ptr [ebp+0Ch] |
mov edi, dword ptr [ebp+08h] |
test esi, esi |
je 00007F9748BE2FE5h |
test byte ptr [esi], 00000010h |
je 00007F9748BE2FE0h |
mov ecx, dword ptr [edi] |
sub ecx, 04h |
push ecx |
mov eax, dword ptr [ecx] |
mov esi, dword ptr [eax+18h] |
call dword ptr [eax+20h] |
mov dword ptr [ebp-08h], edi |
mov dword ptr [ebp-04h], esi |
test esi, esi |
je 00007F9748BE2FDEh |
test byte ptr [esi], 00000008h |
je 00007F9748BE2FD9h |
mov dword ptr [ebp-0Ch], 01994000h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
push dword ptr [ebp-10h] |
push dword ptr [ebp-1Ch] |
push dword ptr [ebp-20h] |
call dword ptr [004110B0h] |
pop edi |
pop esi |
mov esp, ebp |
pop ebp |
retn 0008h |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [00419428h] |
xor eax, ebp |
push eax |
mov dword ptr [ebp-10h], esp |
push dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFFh |
lea eax, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], eax |
ret |
push ebp |
mov ebp, esp |
push esi |
cld |
mov esi, dword ptr [ebp+0Ch] |
mov ecx, dword ptr [esi+08h] |
xor ecx, esi |
call 00007F9748BE2F1Bh |
push 00000000h |
push esi |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x17d2c | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x160f000 | 0x14158 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x111e0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x172c8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x11000 | 0x16c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xf263 | 0xf400 | ff6489c6b78c5d860de9274b35562544 | False | 0.6022989241803278 | data | 6.7409297480352635 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x11000 | 0x754e | 0x7600 | 8aa6f9e7818f377cee815402ee1cef42 | False | 0.3934057203389831 | data | 4.919110582414912 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x19000 | 0x15f51a8 | 0x2d000 | 4fbc84126b450eae7a65462f62692d6f | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x160f000 | 0x14158 | 0x14200 | f45620f6f1661d4441c9a2f2f814ecc6 | False | 0.398243400621118 | data | 4.634925944346109 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x1621ed8 | 0x330 | Device independent bitmap graphic, 48 x 96 x 1, image size 0 | 0.1948529411764706 | ||
RT_CURSOR | 0x1622208 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.33223684210526316 | ||
RT_ICON | 0x160f6a0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | 0.4877398720682303 | ||
RT_ICON | 0x1610548 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | 0.6114620938628159 | ||
RT_ICON | 0x1610df0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | 0.6670506912442397 | ||
RT_ICON | 0x16114b8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | 0.690028901734104 | ||
RT_ICON | 0x1611a20 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | 0.39439834024896264 | ||
RT_ICON | 0x1613fc8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | 0.5114915572232646 | ||
RT_ICON | 0x1615070 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | 0.5905737704918033 | ||
RT_ICON | 0x16159f8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | 0.6764184397163121 | ||
RT_ICON | 0x1615ed8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.3686034115138593 | ||
RT_ICON | 0x1616d80 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.4575812274368231 | ||
RT_ICON | 0x1617628 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | 0.4602534562211982 | ||
RT_ICON | 0x1617cf0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.46315028901734107 | ||
RT_ICON | 0x1618258 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.2674273858921162 | ||
RT_ICON | 0x161a800 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.30605065666041276 | ||
RT_ICON | 0x161b8a8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.3599290780141844 | ||
RT_ICON | 0x161bd78 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.4890724946695096 | ||
RT_ICON | 0x161cc20 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.47382671480144406 | ||
RT_ICON | 0x161d4c8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.4342485549132948 | ||
RT_ICON | 0x161da30 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.2779045643153527 | ||
RT_ICON | 0x161ffd8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.28869606003752346 | ||
RT_ICON | 0x1621080 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | 0.30778688524590164 | ||
RT_ICON | 0x1621a08 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.32978723404255317 | ||
RT_STRING | 0x16225d8 | 0x2c4 | data | 0.4887005649717514 | ||
RT_STRING | 0x16228a0 | 0x390 | data | 0.4682017543859649 | ||
RT_STRING | 0x1622c30 | 0x524 | data | 0.4399696048632219 | ||
RT_GROUP_CURSOR | 0x1622338 | 0x22 | data | 1.0294117647058822 | ||
RT_GROUP_ICON | 0x1615e60 | 0x76 | data | 0.6610169491525424 | ||
RT_GROUP_ICON | 0x161bd10 | 0x68 | data | 0.7115384615384616 | ||
RT_GROUP_ICON | 0x1621e70 | 0x68 | data | 0.7115384615384616 | ||
RT_VERSION | 0x1622360 | 0x274 | data | 0.5318471337579618 |
DLL | Import |
---|---|
KERNEL32.dll | GetComputerNameA, GetFullPathNameA, GlobalMemoryStatus, GetLocaleInfoA, CommConfigDialogA, LoadLibraryExW, InterlockedDecrement, CreateHardLinkA, BackupSeek, GetTickCount, GetConsoleAliasesA, EnumTimeFormatsA, GetUserDefaultLangID, SetCommState, GlobalAlloc, GetSystemDirectoryW, LoadLibraryW, TerminateThread, CreateEventA, WriteConsoleW, GetModuleFileNameW, GetACP, MultiByteToWideChar, GetLastError, SetLastError, GetThreadLocale, GetProcAddress, LoadLibraryA, AddAtomA, GlobalFindAtomW, BuildCommDCBA, VirtualProtect, GetVersionExA, ReadConsoleInputW, GetWindowsDirectoryW, GetTempPathA, SetFileAttributesW, GetVolumeInformationW, EncodePointer, DecodePointer, ExitProcess, GetModuleHandleExW, WideCharToMultiByte, GetCommandLineW, RaiseException, RtlUnwind, IsProcessorFeaturePresent, IsDebuggerPresent, HeapFree, HeapAlloc, HeapSize, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, CloseHandle, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, WriteFile, IsValidCodePage, GetOEMCP, GetCPInfo, GetCurrentThreadId, GetProcessHeap, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, LCMapStringW, GetConsoleCP, GetConsoleMode, SetFilePointerEx, SetStdHandle, FlushFileBuffers, OutputDebugStringW, GetStringTypeW, CreateFileW |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 1, 2024 16:39:16.264210939 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:16.264260054 CEST | 443 | 49705 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:16.264499903 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:16.265755892 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:16.265770912 CEST | 443 | 49705 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:16.473345995 CEST | 443 | 49705 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:16.473534107 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:16.479461908 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:16.479479074 CEST | 443 | 49705 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:16.479818106 CEST | 443 | 49705 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:16.533667088 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:16.540731907 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:16.540751934 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:16.540884018 CEST | 443 | 49705 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.006609917 CEST | 443 | 49705 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.006731987 CEST | 443 | 49705 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.006827116 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.008809090 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.008833885 CEST | 443 | 49705 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.008846045 CEST | 49705 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.008851051 CEST | 443 | 49705 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.014662981 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.014713049 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.014786005 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.015064001 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.015079021 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.213399887 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.213545084 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.214827061 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.214837074 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.215071917 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.216723919 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.216761112 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.216788054 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.752968073 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753021955 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753057957 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753088951 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753113985 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753113985 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.753133059 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753149033 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.753186941 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.753191948 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753294945 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753330946 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753357887 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753504038 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.753509998 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753839016 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753874063 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:17.753878117 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.753952980 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:17.754287958 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:18.110589027 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:18.110589027 CEST | 49706 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:18.110620022 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:18.110646009 CEST | 443 | 49706 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:19.675196886 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:19.675245047 CEST | 443 | 49707 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:19.675317049 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:19.675623894 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:19.675637007 CEST | 443 | 49707 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:19.881987095 CEST | 443 | 49707 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:19.882189035 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:19.883424997 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:19.883436918 CEST | 443 | 49707 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:19.883688927 CEST | 443 | 49707 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:19.884809017 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:19.884947062 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:19.884977102 CEST | 443 | 49707 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:20.356765985 CEST | 443 | 49707 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:20.356899977 CEST | 443 | 49707 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:20.356959105 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:20.361541986 CEST | 49707 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:20.361560106 CEST | 443 | 49707 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:20.808971882 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:20.809011936 CEST | 443 | 49708 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:20.809087992 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:20.809402943 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:20.809417009 CEST | 443 | 49708 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.011583090 CEST | 443 | 49708 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.011735916 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.013051033 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.013060093 CEST | 443 | 49708 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.013304949 CEST | 443 | 49708 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.014585018 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.014708042 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.014741898 CEST | 443 | 49708 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.014794111 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.014801025 CEST | 443 | 49708 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.557509899 CEST | 443 | 49708 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.557641983 CEST | 443 | 49708 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.557723999 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.557813883 CEST | 49708 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.557828903 CEST | 443 | 49708 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.738091946 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.738145113 CEST | 443 | 49709 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.738325119 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.738547087 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.738565922 CEST | 443 | 49709 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.942943096 CEST | 443 | 49709 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.943015099 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.944236040 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.944243908 CEST | 443 | 49709 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.944485903 CEST | 443 | 49709 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.945667028 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.945821047 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.945847988 CEST | 443 | 49709 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:21.945956945 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:21.945962906 CEST | 443 | 49709 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:22.527641058 CEST | 443 | 49709 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:22.527755022 CEST | 443 | 49709 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:22.527821064 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:22.529448032 CEST | 49709 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:22.529475927 CEST | 443 | 49709 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:22.630775928 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:22.630826950 CEST | 443 | 49710 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:22.630939960 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:22.631263971 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:22.631277084 CEST | 443 | 49710 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:22.830630064 CEST | 443 | 49710 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:22.830795050 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:22.851052999 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:22.851124048 CEST | 443 | 49710 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:22.851501942 CEST | 443 | 49710 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:22.893070936 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:23.100990057 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:23.144124985 CEST | 443 | 49710 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:23.166501999 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:23.166529894 CEST | 443 | 49710 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:23.614609003 CEST | 443 | 49710 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:23.614725113 CEST | 443 | 49710 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:23.614775896 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:24.276714087 CEST | 49710 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:24.276753902 CEST | 443 | 49710 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:24.445364952 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:24.445403099 CEST | 443 | 49711 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:24.445467949 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:24.445781946 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:24.445791960 CEST | 443 | 49711 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:24.655508995 CEST | 443 | 49711 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:24.655709982 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:24.656925917 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:24.656935930 CEST | 443 | 49711 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:24.657181978 CEST | 443 | 49711 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:24.658268929 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:24.658344030 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:24.658351898 CEST | 443 | 49711 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.162322998 CEST | 443 | 49711 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.162422895 CEST | 443 | 49711 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.162494898 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.193911076 CEST | 49711 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.193928957 CEST | 443 | 49711 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.754214048 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.754256964 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.754329920 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.754621983 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.754638910 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.957989931 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.958141088 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.959428072 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.959445953 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.959783077 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.960989952 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.961729050 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.961777925 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.961893082 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.961930990 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.962055922 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.962075949 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.962230921 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.962251902 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.962404966 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.962429047 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.962599993 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.962625980 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:25.962636948 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.962805986 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:25.962832928 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:26.008126020 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:26.008450985 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:26.008507967 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:26.008528948 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:26.056118011 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:26.056438923 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:26.056493998 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:26.056526899 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:26.100120068 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:26.100241899 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:26.148116112 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:26.245623112 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:27.506419897 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:27.506555080 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
May 1, 2024 16:39:27.506652117 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:28.435044050 CEST | 49712 | 443 | 192.168.2.5 | 172.67.141.11 |
May 1, 2024 16:39:28.435074091 CEST | 443 | 49712 | 172.67.141.11 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 1, 2024 16:39:16.152961969 CEST | 64999 | 53 | 192.168.2.5 | 1.1.1.1 |
May 1, 2024 16:39:16.257941008 CEST | 53 | 64999 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 1, 2024 16:39:16.152961969 CEST | 192.168.2.5 | 1.1.1.1 | 0x6ff0 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 1, 2024 16:39:16.257941008 CEST | 1.1.1.1 | 192.168.2.5 | 0x6ff0 | No error (0) | 172.67.141.11 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 16:39:16.257941008 CEST | 1.1.1.1 | 192.168.2.5 | 0x6ff0 | No error (0) | 104.21.49.36 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49705 | 172.67.141.11 | 443 | 2132 | C:\Users\user\Desktop\TET8iWY1w4.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 14:39:16 UTC | 269 | OUT | |
2024-05-01 14:39:16 UTC | 8 | OUT | |
2024-05-01 14:39:17 UTC | 804 | IN | |
2024-05-01 14:39:17 UTC | 7 | IN | |
2024-05-01 14:39:17 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49706 | 172.67.141.11 | 443 | 2132 | C:\Users\user\Desktop\TET8iWY1w4.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 14:39:17 UTC | 270 | OUT | |
2024-05-01 14:39:17 UTC | 58 | OUT | |
2024-05-01 14:39:17 UTC | 806 | IN | |
2024-05-01 14:39:17 UTC | 563 | IN | |
2024-05-01 14:39:17 UTC | 1369 | IN | |
2024-05-01 14:39:17 UTC | 1369 | IN | |
2024-05-01 14:39:17 UTC | 1369 | IN | |
2024-05-01 14:39:17 UTC | 1369 | IN | |
2024-05-01 14:39:17 UTC | 1369 | IN | |
2024-05-01 14:39:17 UTC | 1369 | IN | |
2024-05-01 14:39:17 UTC | 1369 | IN | |
2024-05-01 14:39:17 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49707 | 172.67.141.11 | 443 | 2132 | C:\Users\user\Desktop\TET8iWY1w4.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 14:39:19 UTC | 288 | OUT | |
2024-05-01 14:39:19 UTC | 12839 | OUT | |
2024-05-01 14:39:20 UTC | 802 | IN | |
2024-05-01 14:39:20 UTC | 20 | IN | |
2024-05-01 14:39:20 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49708 | 172.67.141.11 | 443 | 2132 | C:\Users\user\Desktop\TET8iWY1w4.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 14:39:21 UTC | 288 | OUT | |
2024-05-01 14:39:21 UTC | 15081 | OUT | |
2024-05-01 14:39:21 UTC | 806 | IN | |
2024-05-01 14:39:21 UTC | 20 | IN | |
2024-05-01 14:39:21 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49709 | 172.67.141.11 | 443 | 2132 | C:\Users\user\Desktop\TET8iWY1w4.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 14:39:21 UTC | 288 | OUT | |
2024-05-01 14:39:21 UTC | 15331 | OUT | |
2024-05-01 14:39:21 UTC | 5240 | OUT | |
2024-05-01 14:39:22 UTC | 806 | IN | |
2024-05-01 14:39:22 UTC | 20 | IN | |
2024-05-01 14:39:22 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49710 | 172.67.141.11 | 443 | 2132 | C:\Users\user\Desktop\TET8iWY1w4.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 14:39:23 UTC | 287 | OUT | |
2024-05-01 14:39:23 UTC | 3796 | OUT | |
2024-05-01 14:39:23 UTC | 804 | IN | |
2024-05-01 14:39:23 UTC | 20 | IN | |
2024-05-01 14:39:23 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49711 | 172.67.141.11 | 443 | 2132 | C:\Users\user\Desktop\TET8iWY1w4.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 14:39:24 UTC | 287 | OUT | |
2024-05-01 14:39:24 UTC | 1380 | OUT | |
2024-05-01 14:39:25 UTC | 804 | IN | |
2024-05-01 14:39:25 UTC | 20 | IN | |
2024-05-01 14:39:25 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49712 | 172.67.141.11 | 443 | 2132 | C:\Users\user\Desktop\TET8iWY1w4.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 14:39:25 UTC | 289 | OUT | |
2024-05-01 14:39:25 UTC | 15331 | OUT | |
2024-05-01 14:39:25 UTC | 15331 | OUT | |
2024-05-01 14:39:25 UTC | 15331 | OUT | |
2024-05-01 14:39:25 UTC | 15331 | OUT | |
2024-05-01 14:39:25 UTC | 15331 | OUT | |
2024-05-01 14:39:25 UTC | 15331 | OUT | |
2024-05-01 14:39:25 UTC | 15331 | OUT | |
2024-05-01 14:39:25 UTC | 15331 | OUT | |
2024-05-01 14:39:25 UTC | 15331 | OUT | |
2024-05-01 14:39:25 UTC | 15331 | OUT | |
2024-05-01 14:39:27 UTC | 804 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:39:15 |
Start date: | 01/05/2024 |
Path: | C:\Users\user\Desktop\TET8iWY1w4.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 360'448 bytes |
MD5 hash: | 80E061A430C34B66003B1394C8B3B2B1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 16:39:29 |
Start date: | 01/05/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x180000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.5% |
Dynamic/Decrypted Code Coverage: | 10.4% |
Signature Coverage: | 25.8% |
Total number of Nodes: | 298 |
Total number of Limit Nodes: | 11 |
Graph
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409970 Relevance: 7.9, Strings: 6, Instructions: 420COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004049B0 Relevance: 5.5, Strings: 4, Instructions: 486COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415470 Relevance: 3.2, APIs: 2, Instructions: 164COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AD678E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420D80 Relevance: 3.0, Strings: 2, Instructions: 519COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420DF0 Relevance: 3.0, Strings: 2, Instructions: 486COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435970 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421740 Relevance: .4, Instructions: 389COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416EA6 Relevance: .3, Instructions: 326COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431DE0 Relevance: .2, Instructions: 248COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041601F Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004363FF Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004362F2 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B228 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415340 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435314 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435111 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435242 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004182E0 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03670E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425D6F Relevance: 1.8, APIs: 1, Instructions: 340COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433883 Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429654 Relevance: 1.6, APIs: 1, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433A31 Relevance: 1.6, APIs: 1, Instructions: 79memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435145 Relevance: 1.6, APIs: 1, Instructions: 70libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043583D Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AD644D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C8C0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 119clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03679757 Relevance: 11.6, Strings: 9, Instructions: 315COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004094F0 Relevance: 11.6, Strings: 9, Instructions: 315COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03679BD7 Relevance: 7.9, Strings: 6, Instructions: 420COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03686CF0 Relevance: 7.8, Strings: 6, Instructions: 271COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416A89 Relevance: 7.8, Strings: 6, Instructions: 271COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03674C17 Relevance: 5.5, Strings: 4, Instructions: 486COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036757D7 Relevance: 3.4, Strings: 2, Instructions: 884COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405570 Relevance: 3.4, Strings: 2, Instructions: 884COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036856D7 Relevance: 3.2, APIs: 2, Instructions: 164COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369521B Relevance: 3.1, Strings: 2, Instructions: 620COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036952E9 Relevance: 3.1, Strings: 2, Instructions: 573COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03694D15 Relevance: 3.1, Strings: 2, Instructions: 572COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9857 Relevance: 2.8, Strings: 2, Instructions: 313COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004395F0 Relevance: 2.8, Strings: 2, Instructions: 313COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03693753 Relevance: 2.7, Strings: 2, Instructions: 217COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004234EC Relevance: 2.7, Strings: 2, Instructions: 217COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03680209 Relevance: 2.5, Strings: 2, Instructions: 12COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FFA2 Relevance: 2.5, Strings: 2, Instructions: 12COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C798 Relevance: 2.1, Strings: 1, Instructions: 833COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03676BC7 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406960 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A63E1 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043617A Relevance: 1.3, Strings: 1, Instructions: 29COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036780A7 Relevance: .8, Instructions: 825COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03696144 Relevance: .8, Instructions: 807COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425EDD Relevance: .8, Instructions: 807COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DEDF Relevance: .8, Instructions: 763COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036738C7 Relevance: .7, Instructions: 658COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403660 Relevance: .7, Instructions: 658COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03687883 Relevance: .6, Instructions: 628COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041761C Relevance: .6, Instructions: 628COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DF5C Relevance: .6, Instructions: 627COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03671267 Relevance: .5, Instructions: 480COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036765B7 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406350 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036815C8 Relevance: .4, Instructions: 444COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411361 Relevance: .4, Instructions: 444COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03696A30 Relevance: .4, Instructions: 437COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03696994 Relevance: .4, Instructions: 437COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042672D Relevance: .4, Instructions: 437COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004267C9 Relevance: .4, Instructions: 437COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03696A21 Relevance: .4, Instructions: 391COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004267BA Relevance: .4, Instructions: 391COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036919A7 Relevance: .4, Instructions: 389COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368AD17 Relevance: .3, Instructions: 333COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AAB0 Relevance: .3, Instructions: 333COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368710D Relevance: .3, Instructions: 326COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368A847 Relevance: .3, Instructions: 313COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A5E0 Relevance: .3, Instructions: 313COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A9517 Relevance: .3, Instructions: 280COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004392B0 Relevance: .3, Instructions: 280COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A1A77 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431810 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03686286 Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03685127 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414EC0 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368694E Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004166E7 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036803E7 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410180 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036936AB Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423444 Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036734D7 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403270 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03672807 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004025A0 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368402E Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413DC7 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A6666 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A2192 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A6559 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369FF27 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042FCC0 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01AD606B Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03670D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A8420 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004381B9 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036922F7 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422090 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367D507 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D2A0 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03691497 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036855A7 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036A7700 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437499 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368CB0E Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0369CB27 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 119clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |