Windows
Analysis Report
SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe (PID: 6540 cmdline:
C:\Users\u ser\Deskto p\Securite Info.com.n ot-a-virus .HEUR.Down loader.Win 32.Agent.g en.2182.31 472.exe MD5: 8284DA11168B4DEA50EE3159043BA5F9)
- cleanup
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Malware Analysis System Evasion
- • Anti Debugging
- • Language, Device and Operating System Detection
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00D21504 |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00D21504 |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00D4B041 | |
Source: | Code function: | 0_2_00D39038 | |
Source: | Code function: | 0_2_00D40110 | |
Source: | Code function: | 0_2_00D37219 | |
Source: | Code function: | 0_2_00D43CEE | |
Source: | Code function: | 0_2_00D44599 | |
Source: | Code function: | 0_2_00D32E10 | |
Source: | Code function: | 0_2_00D43E0E | |
Source: | Code function: | 0_2_00D3B7D0 | |
Source: | Code function: | 0_2_00D36FE7 | |
Source: | Code function: | 0_2_00D3AFA0 |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00D3161B |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00D31843 |
Source: | Code function: | 0_2_00D4734A | |
Source: | Code function: | 0_2_00D3DF48 |
Source: | Code function: | 0_2_00D49950 |
Source: | Code function: | 0_2_00D31843 | |
Source: | Code function: | 0_2_00D319D6 | |
Source: | Code function: | 0_2_00D35AD3 | |
Source: | Code function: | 0_2_00D313A0 |
Source: | Code function: | 0_2_00D31AE5 |
Source: | Code function: | 0_2_00D4907A | |
Source: | Code function: | 0_2_00D4902F | |
Source: | Code function: | 0_2_00D4199C | |
Source: | Code function: | 0_2_00D491A0 | |
Source: | Code function: | 0_2_00D49115 | |
Source: | Code function: | 0_2_00D493F3 | |
Source: | Code function: | 0_2_00D414F6 | |
Source: | Code function: | 0_2_00D49519 | |
Source: | Code function: | 0_2_00D496EE | |
Source: | Code function: | 0_2_00D4961F | |
Source: | Code function: | 0_2_00D48F88 |
Source: | Code function: | 0_2_00D3173C |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact | Resource Development | Reconnaissance |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Abuse Accessibility Features | Acquire Infrastructure | Gather Victim Identity Information |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 21 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | SIM Card Swap | Obtain Device Cloud Backups | Network Denial of Service | Domains | Credentials |
Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Application Layer Protocol | Data Encrypted for Impact | DNS Server | Email Addresses | ||
Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 22 System Information Discovery | Distributed Component Object Model | Input Capture | Traffic Duplication | 12 Ingress Tool Transfer | Data Destruction | Virtual Private Server | Employee Names |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs | |||
8% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
api.flmgr.net | 123.57.49.36 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
123.57.49.36 | api.flmgr.net | China | 37963 | CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | false |
Joe Sandbox version: | 38.0.0 Ammolite |
Analysis ID: | 1377194 |
Start date and time: | 2024-01-19 04:20:50 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe |
Detection: | MAL |
Classification: | mal64.winEXE@1/0@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, W MIADAP.exe, SIHClient.exe, con host.exe - Excluded domains from analysis
(whitelisted): ocsp.digicert. com, slscr.update.microsoft.co m, ctldl.windowsupdate.com, fe 3cr.delivery.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
123.57.49.36 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
api.flmgr.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | Get hash | malicious | DBatLoader, FormBook | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | CobaltStrike | Browse |
| ||
Get hash | malicious | BlackMoon | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
File type: | |
Entropy (8bit): | 6.6713971608058165 |
TrID: |
|
File name: | SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe |
File size: | 294'832 bytes |
MD5: | 8284da11168b4dea50ee3159043ba5f9 |
SHA1: | 91fd9ccb26fed425a779a3def89a625e5616f844 |
SHA256: | 7fa5cd4c23349fc8ee7f9aae22a4cd2d60bfa2c7f70ddcb1bedea98776dc40c8 |
SHA512: | 2c159696af761072f77d5a5a7b7fd914d6310f25dc2cdc364e9ca81ea29da81d1b72d9bd3a938b206aa053eea6e53e366007b8e77abea383c4644645d4006ab2 |
SSDEEP: | 6144:rEj+CdJn5PuBjB9x8UIxew6ODSqAYrAOQYy6SOjaP:wyCdJn5PuBV9x8PjmpsaP |
TLSH: | 88549E1175D2C432E97201334A78DBA6693DBA340F6549EF93D85E3DDE302C29732B6A |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............s...s...s.......s.......s.......s.......s.......s.......s.......s...s...s.......s..2....s..2.{..s...s...s..2....s..Rich.s. |
Icon Hash: | 7985c9cdcdecde23 |
Entrypoint: | 0x410d9e |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x62BEB92D [Fri Jul 1 09:06:53 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 23788615c320bd0d80817496057378a4 |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | C10208E2AF154216E497725C2ED4260E |
Thumbprint SHA-1: | 6A14DAC8CE4B9EA7ADA56E364F5F659FDD430A6F |
Thumbprint SHA-256: | 492C5D36B26FB2B1931805580F0630A6807D27CC8AC53FD4E6634E62E84EBFA9 |
Serial: | 0D16167519B24B5B2410B9016D5E0782 |
Instruction |
---|
call 00007F1B7962F28Bh |
jmp 00007F1B7962E71Fh |
push 00000010h |
push 0043EBC8h |
call 00007F1B7962F591h |
xor ebx, ebx |
mov dword ptr [ebp-20h], ebx |
mov byte ptr [ebp-19h], bl |
mov dword ptr [ebp-04h], ebx |
cmp ebx, dword ptr [ebp+10h] |
je 00007F1B7962E8BDh |
mov ecx, dword ptr [ebp+14h] |
call dword ptr [00430178h] |
mov ecx, dword ptr [ebp+08h] |
call dword ptr [ebp+14h] |
mov eax, dword ptr [ebp+0Ch] |
add dword ptr [ebp+08h], eax |
inc ebx |
mov dword ptr [ebp-20h], ebx |
jmp 00007F1B7962E882h |
mov al, 01h |
mov byte ptr [ebp-19h], al |
mov dword ptr [ebp-04h], FFFFFFFEh |
call 00007F1B7962E8BDh |
mov ecx, dword ptr [ebp-10h] |
mov dword ptr fs:[00000000h], ecx |
pop ecx |
pop edi |
pop esi |
pop ebx |
leave |
retn 0014h |
mov ebx, dword ptr [ebp-20h] |
mov al, byte ptr [ebp-19h] |
test al, al |
jne 00007F1B7962E8B1h |
push dword ptr [ebp+18h] |
push ebx |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp+08h] |
call 00007F1B7962E92Bh |
ret |
push 0000000Ch |
push 0043EBE8h |
call 00007F1B7962F51Dh |
mov byte ptr [ebp-19h], 00000000h |
mov ebx, dword ptr [ebp+0Ch] |
mov eax, ebx |
mov edi, dword ptr [ebp+10h] |
imul eax, edi |
mov esi, dword ptr [ebp+08h] |
add esi, eax |
mov dword ptr [ebp+08h], esi |
and dword ptr [ebp-04h], 00000000h |
mov eax, edi |
dec edi |
mov dword ptr [ebp+10h], edi |
test eax, eax |
je 00007F1B7962E8B7h |
sub esi, ebx |
mov dword ptr [ebp+08h], esi |
mov ecx, dword ptr [ebp+14h] |
call dword ptr [00430178h] |
mov ecx, esi |
call dword ptr [ebp+14h] |
jmp 00007F1B7962E883h |
mov al, 01h |
mov byte ptr [ebp+00h], al |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3f25c | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x42000 | 0x2e70 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x45000 | 0x2fb0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x45000 | 0x22b8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3c688 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x3c700 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x3c5c8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x30000 | 0x178 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2e8bc | 0x2ea00 | False | 0.5343865197721179 | data | 6.61480304132204 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x30000 | 0xfb0c | 0xfc00 | False | 0.4876922123015873 | data | 5.360637049396183 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x40000 | 0x1edc | 0x1200 | False | 0.177734375 | DOS executable (block device driver \377\377\377\377) | 3.1189092823959212 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x42000 | 0x2e70 | 0x3000 | False | 0.8592122395833334 | data | 7.366519720766087 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x45000 | 0x22b8 | 0x2400 | False | 0.7370876736111112 | data | 6.48910841233265 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x42250 | 0x2601 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Chinese | China | 0.9758454106280193 |
RT_MENU | 0x44870 | 0x50 | data | Chinese | China | 0.8375 |
RT_DIALOG | 0x448d0 | 0x118 | data | Chinese | China | 0.6178571428571429 |
RT_STRING | 0x44ca8 | 0x40 | data | Chinese | China | 0.640625 |
RT_ACCELERATOR | 0x448c0 | 0x10 | data | Chinese | China | 1.25 |
RT_GROUP_ICON | 0x44858 | 0x14 | data | Chinese | China | 1.05 |
RT_VERSION | 0x449e8 | 0x2c0 | data | Chinese | China | 0.5326704545454546 |
RT_MANIFEST | 0x44ce8 | 0x188 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5892857142857143 |
DLL | Import |
---|---|
KERNEL32.dll | GetModuleFileNameW, GetEnvironmentVariableW, WaitForSingleObject, GetACP, MultiByteToWideChar, GetLastError, CloseHandle, CreateProcessW, WideCharToMultiByte, CreateFileW, HeapSize, SetFilePointerEx, GetFileSizeEx, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, GetProcessHeap, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetStringTypeW, GetCPInfo, InitializeCriticalSectionAndSpinCount, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, GetModuleHandleW, GetProcAddress, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, WriteConsoleW |
SHLWAPI.dll | PathAddBackslashW, PathStripPathW, PathAppendW |
urlmon.dll | URLDownloadToFileW |
WINHTTP.dll | WinHttpOpenRequest, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpOpen, WinHttpSendRequest, WinHttpCloseHandle, WinHttpReceiveResponse, WinHttpConnect |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | China | |
English | United States |
Download Network PCAP: filtered – full
- Total Packets: 6
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 19, 2024 04:21:49.676096916 CET | 49730 | 80 | 192.168.2.4 | 123.57.49.36 |
Jan 19, 2024 04:21:49.987193108 CET | 80 | 49730 | 123.57.49.36 | 192.168.2.4 |
Jan 19, 2024 04:21:49.987428904 CET | 49730 | 80 | 192.168.2.4 | 123.57.49.36 |
Jan 19, 2024 04:21:49.987931967 CET | 49730 | 80 | 192.168.2.4 | 123.57.49.36 |
Jan 19, 2024 04:21:50.298742056 CET | 80 | 49730 | 123.57.49.36 | 192.168.2.4 |
Jan 19, 2024 04:21:50.299783945 CET | 80 | 49730 | 123.57.49.36 | 192.168.2.4 |
Jan 19, 2024 04:21:50.351852894 CET | 49730 | 80 | 192.168.2.4 | 123.57.49.36 |
Jan 19, 2024 04:22:20.418298006 CET | 49730 | 80 | 192.168.2.4 | 123.57.49.36 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 19, 2024 04:21:49.341523886 CET | 54008 | 53 | 192.168.2.4 | 1.1.1.1 |
Jan 19, 2024 04:21:49.664876938 CET | 53 | 54008 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 19, 2024 04:21:49.341523886 CET | 192.168.2.4 | 1.1.1.1 | 0x912b | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 19, 2024 04:21:49.664876938 CET | 1.1.1.1 | 192.168.2.4 | 0x912b | No error (0) | 123.57.49.36 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 123.57.49.36 | 80 | 6540 | C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jan 19, 2024 04:21:49.987931967 CET | 141 | OUT | |
Jan 19, 2024 04:21:50.299783945 CET | 180 | IN |
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 04:21:47 |
Start date: | 19/01/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Agent.gen.2182.31472.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd20000 |
File size: | 294'832 bytes |
MD5 hash: | 8284DA11168B4DEA50EE3159043BA5F9 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage
Dynamic/Packed Code Coverage
Signature Coverage
Execution Coverage: | 0.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 25.8% |
Total number of Nodes: | 190 |
Total number of Limit Nodes: | 6 |
Graph
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |