Edit tour
Windows
Analysis Report
KLJM7VyjZ2.exe
Overview
General Information
| Sample name: | KLJM7VyjZ2.exerenamed because original name is a hash value |
| Original sample name: | 206f7bf98269d08b4cb9aaa0a97214e0.exe |
| Analysis ID: | 1429196 |
| MD5: | 206f7bf98269d08b4cb9aaa0a97214e0 |
| SHA1: | f827a30d0354844bd965135dc2e652f33986b8de |
| SHA256: | 8d8369a5383653ff8f891ac08546aaf807fe2d3d355a04f5ce8f4b22ca78685e |
| Tags: | 32exeGCleanertrojan |
| Infos: |  |
 | |
Detection
GCleaner
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected GCleaner
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
One or more processes crash
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara signature match
Classification
- System is w10x64
KLJM7VyjZ2.exe (PID: 6508 cmdline: "C:\Users\ user\Deskt op\KLJM7Vy jZ2.exe" MD5: 206F7BF98269D08B4CB9AAA0A97214E0) 
WerFault.exe (PID: 6764 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 508 -s 732 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6984 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 508 -s 740 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 5496 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 508 -s 776 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 984 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 508 -s 792 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 5700 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 508 -s 972 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6820 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 508 -s 102 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) 
conhost.exe (PID: 7036 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - WerFault.exe (PID: 6976 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 508 -s 132 4 MD5: C31336C1EFC2CCB44B4326EA793040F2) - cmd.exe (PID: 6960 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /im "KLJ M7VyjZ2.ex e" /f & er ase "C:\Us ers\user\D esktop\KLJ M7VyjZ2.ex e" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 6956 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
taskkill.exe (PID: 5084 cmdline: taskkill / im "KLJM7V yjZ2.exe" /f MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - WerFault.exe (PID: 1436 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 508 -s 144 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| GCleaner | No Attribution |
{"C2 addresses": ["185.172.128.90"]}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| Click to see the 1 entries | ||||
⊘No Sigma rule has matched
| Timestamp: | 04/21/24-08:25:57.545496 |
| SID: | 2856233 |
| Source Port: | 49730 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Joe Sandbox ML: | ||
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary string: | ||
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | IPs: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00404710 | |
| Source: | Code function: | 0_2_00409860 | |
| Source: | Code function: | 0_2_00413C49 | |
| Source: | Code function: | 0_2_00413464 | |
| Source: | Code function: | 0_2_00421D42 | |
| Source: | Code function: | 0_2_01CB4977 | |
| Source: | Code function: | 0_2_01CB9AC7 | |
| Source: | Code function: | 0_2_01CC36CB | |
| Source: | Process created: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_01D2076E | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Command line argument: | 0_2_00404710 | |
| Source: | Command line argument: | 0_2_01CB4977 | |
| Source: | Command line argument: | 0_2_01CB4977 | |
| Source: | Command line argument: | 0_2_01CB4977 | |
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_0041004B | |
| Source: | Code function: | 0_2_00408591 | |
| Source: | Code function: | 0_2_01CC480E | |
| Source: | Code function: | 0_2_01CC02B2 | |
| Source: | Code function: | 0_2_01CC4217 | |
| Source: | Code function: | 0_2_01CB87F8 | |
| Source: | Code function: | 0_2_01CCC709 | |
| Source: | Code function: | 0_2_01D22967 | |
| Source: | Code function: | 0_2_01D2386C | |
| Source: | Code function: | 0_2_01D24DA3 | |
| Source: | Code function: | 0_2_01D24DA3 | |
| Source: | Code function: | 0_2_01D25552 | |
| Source: | Code function: | 0_2_01D24DA3 | |
| Source: | Code function: | 0_2_01D24DA3 | |
| Source: | Code function: | 0_2_01D21525 | |
| Source: | Code function: | 0_2_01D24DA3 | |
| Source: | Code function: | 0_2_01D24DA3 | |
| Source: | Code function: | 0_2_01D25552 | |
| Source: | Code function: | 0_2_01D25552 | |
| Source: | Code function: | 0_2_01D21501 | |
| Source: | Code function: | 0_2_01D23810 | |
| Source: | Code function: | 0_2_01D23F26 | |
| Source: | Code function: | 0_2_01D23748 | |
| Source: | Code function: | 0_2_01D24650 | |
| Source: | Code function: | 0_2_01D22E7A | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | API coverage: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040C17B | |
| Source: | Code function: | 0_2_00411192 | |
| Source: | Code function: | 0_2_0040C681 | |
| Source: | Code function: | 0_2_01CB092B | |
| Source: | Code function: | 0_2_01CBC8E8 | |
| Source: | Code function: | 0_2_01CC13F9 | |
| Source: | Code function: | 0_2_01CB0D90 | |
| Source: | Code function: | 0_2_01D2004B | |
| Source: | Code function: | 0_2_00416A7C | |
| Source: | Process token adjusted: | ||
| Source: | Code function: | 0_2_00408809 | |
| Source: | Code function: | 0_2_0040C17B | |
| Source: | Code function: | 0_2_00407C96 | |
| Source: | Code function: | 0_2_00408675 | |
| Source: | Code function: | 0_2_01CB88DC | |
| Source: | Code function: | 0_2_01CBC3E2 | |
| Source: | Code function: | 0_2_01CB8A70 | |
| Source: | Code function: | 0_2_01CB7EFD | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | ||
| Source: | Code function: | 0_2_00408873 | |
| Source: | Code function: | 0_2_0041897A | |
| Source: | Code function: | 0_2_0041892F | |
| Source: | Code function: | 0_2_00418A15 | |
| Source: | Code function: | 0_2_00418AA0 | |
| Source: | Code function: | 0_2_004112A2 | |
| Source: | Code function: | 0_2_00418CF3 | |
| Source: | Code function: | 0_2_00418E19 | |
| Source: | Code function: | 0_2_00418F1F | |
| Source: | Code function: | 0_2_004117C4 | |
| Source: | Code function: | 0_2_00418FEE | |
| Source: | Code function: | 0_2_01CC9186 | |
| Source: | Code function: | 0_2_01CC9080 | |
| Source: | Code function: | 0_2_01CC8BE1 | |
| Source: | Code function: | 0_2_01CC8B96 | |
| Source: | Code function: | 0_2_01CC9255 | |
| Source: | Code function: | 0_2_01CC1A2B | |
| Source: | Code function: | 0_2_01CC1509 | |
| Source: | Code function: | 0_2_01CC8D07 | |
| Source: | Code function: | 0_2_01CC8C7C | |
| Source: | Code function: | 0_2_01CC8F5A | |
| Source: | Code function: | 0_2_0040CA21 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 51 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Virtualization/Sandbox Evasion | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 11 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 23 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 45% | ReversingLabs | Win32.Trojan.Generic | ||
| 44% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1313019 | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 25% | Virustotal | Browse |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 185.172.128.90 | unknown | Russian Federation | 50916 | NADYMSS-ASRU | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1429196 |
| Start date and time: | 2024-04-21 08:25:05 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 47s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 26 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | KLJM7VyjZ2.exerenamed because original name is a hash value |
| Original Sample Name: | 206f7bf98269d08b4cb9aaa0a97214e0.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@15/34@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.20, 20.42.65.92
- Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 08:26:11 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 185.172.128.90 | Get hash | malicious | GCleaner | Browse |
| |
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| NADYMSS-ASRU | Get hash | malicious | GCleaner | Browse |
| |
| Get hash | malicious | Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| ||
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
| ||
| Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_KLJM7VyjZ2.exe_446932cafea45fc1e53d37534df11af3b5a6e54_93731659_dcb33012-df20-456d-9f51-cc55c7905d9c\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9994867656692618 |
| Encrypted: | false |
| SSDEEP: | 192:YgacMlHKCF/OA09l/WejtgYedzuiFvZ24IO8yC:vacMNKCF/Ob9l/WejQzuiFvY4IO8yC |
| MD5: | 23E25005D165F2C072EFF0C602A64366 |
| SHA1: | B1245864B4E125D3810993E50A8DF533AC029557 |
| SHA-256: | 7603823A9DF614B2AA3D99B5C48CC3FD6098CF97D84D8310B9CE5462EBA8D6EE |
| SHA-512: | 604239CE8626780D6B6CF4AA95BB79F38196E84347DFA5D03749E07C5A4D06FF36C7C35ADBE6D8ED1C226D6F3CAFB79B7D2DB51A54C04777CEF7815B689B4B45 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_KLJM7VyjZ2.exe_5ab1ca666eb3192c229dcaa94a67c037d2d061_93731659_2e7efa97-b04b-4148-816d-0a2624e90d77\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8378603511231605 |
| Encrypted: | false |
| SSDEEP: | 192:m/cMlHKCTD/X056rojtGzuiFvZ24IO8vC:4cMNKC3/k56rojczuiFvY4IO8vC |
| MD5: | 0EEBD4B6AFED5B1E2C32EA2109A570E3 |
| SHA1: | EDAEA06033BC3AC899A9A604D3809E11C5CC0F94 |
| SHA-256: | D4B635CEC3D865BE398BAC433F70DC7C6C19690C6694D01776AB25A0CACD6B09 |
| SHA-512: | 92061C9619F4B719385288A8F32EC90348EAF81BE36B5B24887559CAFFE0295FFD012C122BBA6E8E117CAA467B43E67804404574A77924AA4503C38FE6C62192 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_KLJM7VyjZ2.exe_5ab1ca666eb3192c229dcaa94a67c037d2d061_93731659_2f4f0210-77a7-494f-8403-01ec639613ea\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8378506490340442 |
| Encrypted: | false |
| SSDEEP: | 192:AImlcMlHKCg/X056rojtGzuiFvZ24IO8vC:AImlcMNKCg/k56rojczuiFvY4IO8vC |
| MD5: | 048372628DEFE7DA485B681F65D3BBF4 |
| SHA1: | EE5E46DDECFF6A3189BA1B63FE6F573DC6F7FDFC |
| SHA-256: | D0F8DE11D065B7B41DF732696AAE4C8A3F2CEC97CE45FEF8126AEFF2D37AC77B |
| SHA-512: | 138B0BC207D3C1E8A0B0A9BE23E1270822B26C298C2C831176766CE147CE0320EE961D88960FD55B5903A050F31EC645A56B67277397FD322D61F860B6A129BB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_KLJM7VyjZ2.exe_5ab1ca666eb3192c229dcaa94a67c037d2d061_93731659_36706507-4a1e-4fe9-a5a7-97149466896c\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8381250252454354 |
| Encrypted: | false |
| SSDEEP: | 192:/XcMlHKCS/X056rojtGzuiFvZ24IO8vC:/XcMNKCS/k56rojczuiFvY4IO8vC |
| MD5: | 5FF7757BF4F5164D209D4E0C29ADBE3A |
| SHA1: | 21B7A763EBB1D892CCAFD501605FB35954F75785 |
| SHA-256: | 753F27795A1E36230A30E21CD5D268E1D689FB7D640BAFD01AD6699877C6A442 |
| SHA-512: | 5D6622F0C23B8DA308C51EF6C1836F207C649BAD7B0B63A7912727EF6E9B27B2607E5C029F54CD2D32D1B92E00FF7B3108D36463933AC60B0C9B1BEBEEF87091 |
| Malicious: | false |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_KLJM7VyjZ2.exe_5ab1ca666eb3192c229dcaa94a67c037d2d061_93731659_8bdd8b26-e474-4b38-aab5-c2ddeceac0c1\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9346822331022533 |
| Encrypted: | false |
| SSDEEP: | 192:SJcMlHKCI/X056rojtg7zuiFvZ24IO8vCX:SJcMNKCI/k56roj8zuiFvY4IO8vCX |
| MD5: | F208A1FECF535F188EE1BF61C6175AA3 |
| SHA1: | C35671C71128485F1C5E526211DB361EB891F228 |
| SHA-256: | 49B56740AE785BE12CA44788BDBC2E97CD3BFB34539F2FAA038FC3FFF594294F |
| SHA-512: | E7DEB137D6DB9D571A27943E3271EAA80B59F597C4119234CDD8217DCC9D5772C246569758D502B2CE181D81286EAD921511B4487CB87DF9BA5747CB03483331 |
| Malicious: | false |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_KLJM7VyjZ2.exe_5ab1ca666eb3192c229dcaa94a67c037d2d061_93731659_9ccf4886-b04c-403b-be71-39f6393c6014\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8807732742193739 |
| Encrypted: | false |
| SSDEEP: | 96:EhbvEMlHKXnyHsF9Hq7oA7RT6tQXIDcQnc6rCcEhcw3rMEz+HbHg/PB6Heao8Far:WcMlHKCH/X056rojtQzuiFvZ24IO8vC |
| MD5: | 2F7C3B8C711CF8DF6BE02FD27789906E |
| SHA1: | 347DE7BC7A87C367993C5D1450C97DEE7AB53B3A |
| SHA-256: | E6BCE1D8F30138D88D9EA89A062C483CA8C15FFB57DC9AEA60E94AB4BFA3A3AF |
| SHA-512: | C1B43526B92A302C4CA4318C9529024EFC38A8F529D70A45AE8BCEC43C34303919686F4E613CA75AF27724D57FEA2DBA1C23F81C82E418CF82323836F024A000 |
| Malicious: | false |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_KLJM7VyjZ2.exe_5ab1ca666eb3192c229dcaa94a67c037d2d061_93731659_c964ff10-317a-4e46-b50c-1279a696115c\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8380737655615408 |
| Encrypted: | false |
| SSDEEP: | 192:ricMlHKC2/X056rojtGzuiFvZ24IO8vC:ricMNKC2/k56rojczuiFvY4IO8vC |
| MD5: | 738A0EBC377AF4E079D391FB8F101B6D |
| SHA1: | 6BC58B50B0D4758BCAF8C2507BCB948FF33C8496 |
| SHA-256: | 723C21D547868F05BCB14FEC747BA256F93A3D84ABB55AB0205D4F397D957794 |
| SHA-512: | 8D66F6D8795B8F8806D3F54D88B2CC14C2B5CEFCBE3390BAEFDB1748217380A91A0D4A7EE3E1681A50AD70DAB1A1D395816963EEE02040253AC7F65C6946D9B2 |
| Malicious: | false |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_KLJM7VyjZ2.exe_5ab1ca666eb3192c229dcaa94a67c037d2d061_93731659_d5c5f4e6-5af2-4f52-b25c-3e8253293b6f\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8535100699950606 |
| Encrypted: | false |
| SSDEEP: | 192:PRcMlHKCv/X056rojtszuiFvZ24IO8vCe:5cMNKCv/k56rojmzuiFvY4IO8vC |
| MD5: | 024B0A715579311294860DAA1E678830 |
| SHA1: | CECC0A40547B4A493B961F6C41A9E425E08E62E6 |
| SHA-256: | 889D9D01A686A5B9F61E9671A783C648BA34038938EE75EA5647B5E78E1C69A8 |
| SHA-512: | 2E89A1389C942AE43E0E0FF83079CB2410FD972B62F69EAE53E69F5EF4206FE205B1F2EFC2CEF2D5B2A4981C64EA6A7A41C40CCFA70EB935CBD337D764EC34C5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 46766 |
| Entropy (8bit): | 2.6609124555580643 |
| Encrypted: | false |
| SSDEEP: | 384:7wnIn+qAwRlraW8TlTYBzZofEHIfi1RsnQi:1+qAw3roT1YBzZocp0Q |
| MD5: | 2E135C876D6D5B5B59BC91F1917630E5 |
| SHA1: | 180695155FA3245EEEFFBC50E3A9346E607BED47 |
| SHA-256: | 18F0733FEA1881E6242B56031636B63400FED0D73B9D4016290B30CE32C45D20 |
| SHA-512: | 7C0E81B3ABADFAD6AAD72074EC0D49F6D469F6FBF3C8F0D53A1B3A921B7E30646AD97F488477BF820D4E8D901D8B3D5AE4EC8AB74F511E8ACDC63477FE9888FA |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8328 |
| Entropy (8bit): | 3.7049427741651955 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJ4k6hJ4/6Y9nSU9Q/QgmftKmmpDT89b0PsfT8m:R6lXJL6/46YNSU9QIgmftl/00fN |
| MD5: | D95EDA69D289B02F218804ED79E9BA68 |
| SHA1: | CFC8B033BD6017C0FF61C6FEA5A15065534DA1CA |
| SHA-256: | A01038AD60256FD3DEF8814AFC39449E2CBE70E46E5A283C4F88F2F601FF7A35 |
| SHA-512: | 570BBAF7433FDE352D131B6143446FD8EF572AE8274A0D25546B5E3A2FC17D97385A6A9B2B25722D92D031B6DE99AB886F8A6739C37505336BD7C458009050A6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4583 |
| Entropy (8bit): | 4.491591192507724 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsDJg77aI9CtWpW8VYlmYm8M4JJpFmP+q87PNv9ud:uIjfdI7Yc7V8J0PkNv9ud |
| MD5: | A42AFD36853900ED0AA79B4A41B0855E |
| SHA1: | AC0DDEA1DA7874B6435468ADB10080EEAFA6FB15 |
| SHA-256: | D2050F9B8770A0FFE46879D021C5407B9D8B87A9C05C852A546B9F49AF0D3B2A |
| SHA-512: | 2418EFCD7062A5C6BAD2FA2B5C6C5D55E18A50F1986CF42585A2E973B3CA65221D03F1C2094556E9E33F3ADCFB10C4E0ADF712F732710EBF8FFA2BFE808474D8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 80030 |
| Entropy (8bit): | 1.9709333205778063 |
| Encrypted: | false |
| SSDEEP: | 384:E8M4bzQhirpssdVbOgeUnfzHWYsbYx3ZoyGa8C4Z5:xHQhirKM7fz2dYx3Zo5j |
| MD5: | 2504E16C589F337FC3D227401B576875 |
| SHA1: | 57EA5C3EC2B5B0ED57B723774DF92E9F096F6F22 |
| SHA-256: | 3FD0B2EB069A18DD235B47D67ED340CF04CA7BE102902499213764ADB1B2EBFA |
| SHA-512: | A541E3D5D99F0CFAAD74436834B5AA21A47C39E31878EEE6DCF88C69DCBE7CABFA064A087FD7CA35C7A9CA2F66641A9BE78DD852BAC091719CEBEA617359D960 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8428 |
| Entropy (8bit): | 3.7061736422999143 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJ4r6INanw6Y90SU9PG4gmf7epBT89bIPsfylYm:R6lXJE6INanw6Y+SU9O4gmf7dI0fa |
| MD5: | 6852681B9493502A0BF05D07A36DEDF6 |
| SHA1: | 72870DECA6A30AE29E4CC58A3ED90BA39F50A8A7 |
| SHA-256: | DC20D7A763A3D9FC732E01D93F718E849533575B2622C529BA039E0411E2ACD0 |
| SHA-512: | BB2427A3EDC877C10ACBA19145275C7EF50AB3EE1A669B55FE759D0C605DA353E80B54EA7FD736A5D318A9CE8FFB22259E66F289B11490168C201996A4F6E194 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4722 |
| Entropy (8bit): | 4.505299484407478 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsDJg77aI9CtWpW8VYlXYm8M4JJJF5a+q8vCsNv9ud:uIjfdI7Yc7VFJ7aKbNv9ud |
| MD5: | EE4C049583E5E93114BF281E1A0F11DA |
| SHA1: | 818A79E8DC41BE2D1F15665948BE48BA5FF84436 |
| SHA-256: | 90FD9F2BEC7906C9187FB7137E401A74450E3FE79B726D7C6DE9E1D411F2EE7F |
| SHA-512: | 16B92E5AAF7F930FCCA4F541ED71CBF633218668EF9F9DA30D25301CD3BEA9EDC0FEDA71FFEA5EDFF055D0CB668BF9E421A6F39396B7006AE37E081379431978 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 92754 |
| Entropy (8bit): | 2.0708039396672278 |
| Encrypted: | false |
| SSDEEP: | 384:ZG6eaBAff32rGluXXyzfzRspaWYjIYB/Zo6Jmwya1KHilE2B:Ny2r0uafzRmtYB/ZolwyasHxO |
| MD5: | DD6F0AB836937DD70D417C0BF63D3CAB |
| SHA1: | 189B67F1D56CEFBBD5A742411384E05C85B6EA49 |
| SHA-256: | 203EB984616BB7BAF90A1ECEF4E9549A0EEC1FBC6025274B54052F5CDB5657D7 |
| SHA-512: | 7AFA62F9472D148966A7A853C854CA38AA3086CEEFCEE6A3608B91EB177DD289153CDAC4C430DADAF5F8D648BF0B26B439891ED9EDFC7673582C2293BE9CCD46 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8428 |
| Entropy (8bit): | 3.707865443645911 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJ4s6IMMsF6Y9OSU9PG4gmf7epBH89bIPsfCYm:R6lXJD6IMMsF6YESU9O4gmf7hI0f8 |
| MD5: | DB39089174FB388E21AF9E9CF2E2E841 |
| SHA1: | 9DEDEDA70C23A58A938BEA79F7BE75F5BCF1390A |
| SHA-256: | 90AA50E3341D8F019629524940C08A4E23FEBEE58E5CA501397F551AFFC5EE59 |
| SHA-512: | 13514348CE2CE03822F9FE5C29FCEF50BD43F7DF6F56150795D0E2306C0FF1183B550736BF8C54963E1A003CC1B81B47F482A3531BA53BD342597BE5BF67E6AA |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8428 |
| Entropy (8bit): | 3.7067970462025857 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJ4i6IhSh6Y93SU9PG4gmf7epBy89bRPsfLfbm:R6lXJd6Ihc6YtSU9O4gmf7iR0fLa |
| MD5: | 7E773F5D27B17C838AE5BEB05F1BE8F0 |
| SHA1: | BB6C135B62A9F139BFA416A151CAA850933F5AB6 |
| SHA-256: | 12885FC5E89CA9F3C9E99D1714EFE415E1DFE1839F5DD90267BE62B76601B59C |
| SHA-512: | 642D3865A3E9B3BF6C4C75E3E1B2EBECB2447193D10F7F99AEFB19BD4AD5B64404010A5E16AE2114E15F942DF63D2C75DFE6B06B0C31A6B964E723979BB3FC13 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4722 |
| Entropy (8bit): | 4.503613609409744 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsDJg77aI9CtWpW8VYlPYm8M4JJJFm1a+q8vCsNv9ud:uIjfdI7Yc7V5JQ1aKbNv9ud |
| MD5: | 7EC6509EB2B2426BEE2F3B3ACF48D53D |
| SHA1: | 5C2B1965BBF02BDF1731AF1B5B4954E8F30854BC |
| SHA-256: | B746B0FC8AB1C7FF1D26943CB69BE09B0A6C464124124DFCFA4CBA317A25F177 |
| SHA-512: | 544CBDB75D4106B8FB798AB412296F120DA211246463193E7419556DE71031152CA2689ADE72625220877FC6E238D3DA23E596AF30B109C533BA00122BD53AE9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4722 |
| Entropy (8bit): | 4.507387275095433 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsDJg77aI9CtWpW8VYlHYm8M4JJJF++q8vCsNv9ud:uIjfdI7Yc7V5JsKbNv9ud |
| MD5: | 967CEECFF8DAD1F54A1226A7C4E996DE |
| SHA1: | 6B6ABDAF906755EBC229272FC0540C573225F764 |
| SHA-256: | 869AAE4632ADACC42754BDF01B1F58F97AB73D7ABB96089AD1E6361208AB5C9A |
| SHA-512: | 7644757ED5E99BB0AE4B3F98AB66864A2DE39B4506E85CEA34FAA32A020C61D77479F62D89E5F922DFCBE10A68B544557A5E14424FBBF938FE4FAD93E6B5E835 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 103282 |
| Entropy (8bit): | 2.14564733558387 |
| Encrypted: | false |
| SSDEEP: | 768:baL8WvreltAfzLiEF78zqqUvFYBvZo/4l:WYWwQzLiyH4l |
| MD5: | 07938E5C129F21BD8720923E99DED9B7 |
| SHA1: | 68143ED634EEE4CAADD1C1128CE1A6294D1A9E4B |
| SHA-256: | 257FC436A9EE56D655CB91938BB4EBCFCE34013B7397EE03DA3B7A95E3BEEC5B |
| SHA-512: | 8435E45A30715B7B374096278045F116B2F8E67AAD20F467B5FADD0CCA4E2F8E8E5150B578681C7385C2816CFA9B3EB96CC3D8CBE269AB735561B302B95B6A12 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8428 |
| Entropy (8bit): | 3.7046973377118224 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJ4H6B6Y9ASU9kwgmf7epBa89b9Psft/m:R6lXJo6B6YqSU9kwgmf7690f4 |
| MD5: | 8DB7B817B09830A4F24C31B2A7FAE48C |
| SHA1: | 38EC97D1C59543489793047DFEFF4A14CC09F65C |
| SHA-256: | 2DEB0C905A72AD6E5878AF043A3EF96C458D394AA9B519C66FBB273EB1895558 |
| SHA-512: | 1D385DE58A2197FB464B9BDE1D8D10D44D2A665C9F84CF79940BB0FD46FCBB6FC34E815C480A980CBD68AD9967EEDBC28D257EC82BDFAA9B54F03F2A2911DC03 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4722 |
| Entropy (8bit): | 4.502029481161058 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsDJg77aI9CtWpW8VYlsYm8M4JJJFKr+q8vCsNv9ud:uIjfdI7Yc7VmJYKbNv9ud |
| MD5: | F3319EBA60906A157C0F5ABC29BA968A |
| SHA1: | 21831E5AE98A650D0463CBB7AA5BF50F1B37840D |
| SHA-256: | D86B428425B7FB156B7BDA0ECCD52CFF4C97EE1D7B97AC12FDBEB3F50420C7EE |
| SHA-512: | 8566D42A41CDEE0D788C173596DBE6A4B8386CC6A2834183369565DE2FAA75358F7BE2CA9C4E7D60910DC188DF69FE4F1918B871D05439684986EE55BF5C9505 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 63846 |
| Entropy (8bit): | 2.200581996419714 |
| Encrypted: | false |
| SSDEEP: | 384:OaXJedcArrlbgDuNfnsagcaE+3GPi04mHLZYsbYx3Zo3KHKg:VZaDrlXNfwHE+3Gf4WdYx3ZoeK |
| MD5: | 8EC39E1E894FCA154105A14E3885B52C |
| SHA1: | C52FC25F139BF52638DC3F87ADC05315FC9AEF48 |
| SHA-256: | E94E1A00B4894F3526EB6B98950031AFA7770A4562D8807493DF0221ADD4A3BA |
| SHA-512: | 37794B7018C9690F0AE189754029F20175AD16EACC5AA3FB8B938E452236E04A9C5E74DE2537BE324B77996D7BB23CE0386BB2212AABC985222F4532CFA8E9B3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8426 |
| Entropy (8bit): | 3.7045690030235034 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJ436ImgV6Y9BSU9KYgmf7epBB89bnPsfANm:R6lXJg6ImgV6YbSU9KYgmf7nn0fH |
| MD5: | A8DF81847E065080C9B42D369C8D6F38 |
| SHA1: | 3C4E0CDD2B3DA7CB456AD07E93706CB15EB0521E |
| SHA-256: | 6E4BC35B84501368116880B48345010AA041F5A98AA3F14F1C60A081FFC634DB |
| SHA-512: | F16DBCEE26E711DDEA1078E12809482955E0C534C41F4C66F0EB2308021BC0033A002C5B51AEA3A4F9E9654C296390CB143E97010BBB9F0B9CBC6677E623DAC7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4722 |
| Entropy (8bit): | 4.504284233308022 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsDJg77aI9CtWpW8VYlQYm8M4JJJFzp+q8vCsNv9ud:uIjfdI7Yc7VWJTKbNv9ud |
| MD5: | 9743FDAD1517C8699FB60407D1D3AF84 |
| SHA1: | C16DF8E52B953A8081037ADDDB6AEE8B69191216 |
| SHA-256: | 1AB408E079FABF7013E85330B03F7B762BACDF144A8BDB06C85119CBC6BE5FDD |
| SHA-512: | AE99DAB0988B3D422D8007CE067B06EC9DDE3210209A323AF2063E96C5CEF9525813B8FAB0C8685657356974567F68CA9574953BB60A2BB46F055B1EE46F7863 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 63738 |
| Entropy (8bit): | 2.2254538420504475 |
| Encrypted: | false |
| SSDEEP: | 384:yxJedcv9rp0DU6iftzNcaE+3GPi04mHLZYsbYx3Zo8skTSzH:kaUrv1zNHE+3Gf4WdYx3Zo8SH |
| MD5: | 8C58A98AA330FF83451C149BBB6D4A2C |
| SHA1: | 00850FF9075C10C07B37B5D0B343D1C80CBAB3E2 |
| SHA-256: | 471E9AE29D5BE63DD3D0240B0D2A99A5D18848947611D7F8647C34A3089CA1F8 |
| SHA-512: | 4C182675354BFA5E249F34D074FB60C2EFAA5D02943E0EE842FE478A51332CF3876E46DA69A0E5DC5485B3BA0CFB3BDF88814E9266C7E883AC0124A74E938C87 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8428 |
| Entropy (8bit): | 3.7058769387446633 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJ4Hh6Imgx6Y9HSU9FGFgmf7epBT89bePsfbEKm:R6lXJ+6Imgx6YNSU9AFgmf7te0fb4 |
| MD5: | 85C60C47A261C5167B5B5377D2249CB1 |
| SHA1: | 1DC891E4412E3CD084025A7ACBE5C136350AA183 |
| SHA-256: | 5A9154A2461597FAC8BD7DBB01F7CF6C588F856E81D78AC983E13B560B86DB82 |
| SHA-512: | 7E803EF4CC08CE563A0315AB087ED8BAB1FE58D106068FEB4D41EF4C790A646BC297BE63A4E6D60F4AC07763E63123E43A90900F0D2A3675754B6918C4DDF75F |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4722 |
| Entropy (8bit): | 4.5029948432803275 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsDJg77aI9CtWpW8VYlzYm8M4JJJFKP+q8vCsNv9ud:uIjfdI7Yc7VVJSKbNv9ud |
| MD5: | 294C4E09CDADE9AAD2DDC7F94958B37A |
| SHA1: | BCE14087CF8EC4EA1F97DBDEA640DC58D994C19E |
| SHA-256: | E058A5A63D26B367B5A826A5272B84277A8E05BA04B6EA1DF5E98001BC4CD88C |
| SHA-512: | 87B838C233B1D7CF93B52B5DD5C3773A4B458613E1FE655ECDD15FD2F1DD1424AADE769F2928733BB14B65C70D9F2FFDA4B792237F7ECA0C756CAD7683A8045F |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 73410 |
| Entropy (8bit): | 1.9895286416769864 |
| Encrypted: | false |
| SSDEEP: | 384:jh5QT+Scetrs1DMfzBsxTTwHLZYsbYx3ZoWQlVD:1WTFcetr3fzB8TQdYx3ZovVD |
| MD5: | 55D6D3191E901D4EE5A548CD6B922DD6 |
| SHA1: | 1096E4E818C91FCEA46A8014158ADB567B5FAE5F |
| SHA-256: | BDB252080367CE80C9BF57E7C1EC09F7A2AFC6CA8BDB5BD49EE12805D9B048A6 |
| SHA-512: | 2891BE20E1D19956EF4547361E910C6B06EB28F07C9F03BD38CBBED8AA18CB51E283B57418D121BBC57C55F0DBCA406DC4457CF6C6F0A55056F030331C552007 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8428 |
| Entropy (8bit): | 3.7070624127307994 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJ416IhSC6Y9ESU99Igmf7epBa89bePsfAKm:R6lXJ66Ihv6Y+SU99Igmf76e0fc |
| MD5: | 1DE90A21A1757AAA1880FBA201ABB3D9 |
| SHA1: | 4EAACC2DB7FEB7D467B2DACDE85D093DD28E534F |
| SHA-256: | 3DB9C39F79689AE8F10059B217A533AE0039AD7F83C43C77CCBE5E9BED034590 |
| SHA-512: | B57FB057F5553639C5759437F86E0C6FFBBDDA0FF53330DC673C98E3451232FF864AA5B5DD2B4107ED42E7AF6A7B91EFB5744538587080DDA95CD2BF9D193CAE |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4722 |
| Entropy (8bit): | 4.504140534268262 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsDJg77aI9CtWpW8VYlWYm8M4JJJF7+q8vCsNv9ud:uIjfdI7Yc7VgJZKbNv9ud |
| MD5: | 27FE3D174696BF542209F4A238546FD9 |
| SHA1: | DB978A1A377CEBC32C513A702B1B1A5B5A4C7352 |
| SHA-256: | 69D28B7C874038A28BE7ABA44E7BFB447C5032B780FC0ECFCFD42364A717A981 |
| SHA-512: | 0238BE9BC0C2304BD4FBC40086DDD042914366E0F19F9F949BFD425FFD15CEF7B85AC5F92E4387A8D780CF9B57D76068E25128F48F56A2F6436FDA57090E3313 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 72986 |
| Entropy (8bit): | 2.0013463664604005 |
| Encrypted: | false |
| SSDEEP: | 384:S1QT+SckjrHyFyU9fz4sb3JHLZYsbYxcZo7GFbA3aomi:rTFckjrWfz46dYxcZo8bA3hZ |
| MD5: | B6F2613AE02AF1E28567779C1F812EAC |
| SHA1: | FD7AE859CD6585C83BC3AF4289B5E553790E9448 |
| SHA-256: | 86391AF4D41ACE2FF097DE853F779D8D23A26176CCF07BA49DDD4E63D7C34BC0 |
| SHA-512: | 85B8FE8D86CE1ACE75DFCB65837132A51740650563737C4DAC0F617B6765CC3EA028B8EAD2A4E406A1C1341675FD8C44B206849A813C25C35FF08AA97C641D0E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\KLJM7VyjZ2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:V:V |
| MD5: | CFCD208495D565EF66E7DFF9F98764DA |
| SHA1: | B6589FC6AB0DC82CF12099D1C2D40AB994E8410C |
| SHA-256: | 5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9 |
| SHA-512: | 31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.465452525313065 |
| Encrypted: | false |
| SSDEEP: | 6144:qIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN8dwBCswSbT:fXD94+WlLZMM6YFHe+T |
| MD5: | 0D3EBFB9EA91E50F22918C8CB12F54FB |
| SHA1: | 0FFAB3531446A72A888A66DC6E1079E8B32672D4 |
| SHA-256: | 7E38E82B405B037FDA71450081DB69E2ECCD33B993D35B830E684FBD55BC44D0 |
| SHA-512: | 370883A86BAC0169156E526D0F31EB37711091849EF4B6A982D11B2A1428536CB16999A17BEAD924FADDD0094BD493CD0B2744C4B82DDE4CFD562B493C725C80 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.327280986949117 |
| TrID: |
|
| File name: | KLJM7VyjZ2.exe |
| File size: | 358'400 bytes |
| MD5: | 206f7bf98269d08b4cb9aaa0a97214e0 |
| SHA1: | f827a30d0354844bd965135dc2e652f33986b8de |
| SHA256: | 8d8369a5383653ff8f891ac08546aaf807fe2d3d355a04f5ce8f4b22ca78685e |
| SHA512: | 965b3f862f397dfed544cacd4ea98ef653811d40fcb073272350583b3552746c1c7057124e8ee0c63b00d64e094ffba359bc71b7afb20fdfb04ddbfff985c889 |
| SSDEEP: | 3072:WbdohbCWGrOnG+E6MzRZh+5o8WMv9vMV/8ZH59Gb/wHsZCJOFZJY/QnvyVxgpG:flx88G2fBc/G5gb/wHsIJO6/svy |
| TLSH: | 22743B0373E27D98E9264B329E1EC6F8761DF6618E0A7B66321D9F1F16B5072C163B10 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................./.......]..............w+..............w......Rich............PE..L...<_"d................... |
 | |
| Icon Hash: | 63796de971436e0f |
| Entrypoint: | 0x403b9f |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x64225F3C [Tue Mar 28 03:30:04 2023 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | c6a29c2b2571c33a0a23fd650053529b |
| Instruction |
|---|
| call 00007F7A84C4D6B0h |
| jmp 00007F7A84C46BD5h |
| push 00000014h |
| push 00416DF0h |
| call 00007F7A84C4A900h |
| call 00007F7A84C4D881h |
| movzx esi, ax |
| push 00000002h |
| call 00007F7A84C4D643h |
| pop ecx |
| mov eax, 00005A4Dh |
| cmp word ptr [00400000h], ax |
| je 00007F7A84C46BD6h |
| xor ebx, ebx |
| jmp 00007F7A84C46C05h |
| mov eax, dword ptr [0040003Ch] |
| cmp dword ptr [eax+00400000h], 00004550h |
| jne 00007F7A84C46BBDh |
| mov ecx, 0000010Bh |
| cmp word ptr [eax+00400018h], cx |
| jne 00007F7A84C46BAFh |
| xor ebx, ebx |
| cmp dword ptr [eax+00400074h], 0Eh |
| jbe 00007F7A84C46BDBh |
| cmp dword ptr [eax+004000E8h], ebx |
| setne bl |
| mov dword ptr [ebp-1Ch], ebx |
| call 00007F7A84C4A474h |
| test eax, eax |
| jne 00007F7A84C46BDAh |
| push 0000001Ch |
| call 00007F7A84C46CB1h |
| pop ecx |
| call 00007F7A84C4A1B0h |
| test eax, eax |
| jne 00007F7A84C46BDAh |
| push 00000010h |
| call 00007F7A84C46CA0h |
| pop ecx |
| call 00007F7A84C4D6BCh |
| and dword ptr [ebp-04h], 00000000h |
| call 00007F7A84C4C73Ah |
| test eax, eax |
| jns 00007F7A84C46BDAh |
| push 0000001Bh |
| call 00007F7A84C46C86h |
| pop ecx |
| call dword ptr [004110C0h] |
| mov dword ptr [01A0219Ch], eax |
| call 00007F7A84C4D6D7h |
| mov dword ptr [0043A0ECh], eax |
| call 00007F7A84C4D07Ah |
| test eax, eax |
| jns 00007F7A84C46BDAh |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x17244 | 0x64 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1603000 | 0x1f078 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x11200 | 0x38 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x167c8 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x16780 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x11000 | 0x194 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xf305 | 0xf400 | 3cf2edde7c76601470978c4f23c9d070 | False | 0.6046362704918032 | data | 6.686657463194026 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x11000 | 0x6b98 | 0x6c00 | b0742b58cd008d872307076da71d8008 | False | 0.39547164351851855 | data | 4.776713582030756 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x18000 | 0x15ea1a0 | 0x22200 | 4736690423c590a48a765911040a0d01 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x1603000 | 0x1f078 | 0x1f200 | 85d1c286e6d6b0815be8aa37c2a3ed10 | False | 0.3005773092369478 | data | 4.161267209456315 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x161cbd0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.26439232409381663 | ||
| RT_CURSOR | 0x161da78 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.3686823104693141 | ||
| RT_CURSOR | 0x161e320 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.49060693641618497 | ||
| RT_CURSOR | 0x161e8b8 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4375 | ||
| RT_CURSOR | 0x161e9e8 | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 0 | 0.44886363636363635 | ||
| RT_CURSOR | 0x161eac0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.27238805970149255 | ||
| RT_CURSOR | 0x161f968 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.375 | ||
| RT_CURSOR | 0x1620210 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5057803468208093 | ||
| RT_ICON | 0x1603ab0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.5339861751152074 |
| RT_ICON | 0x1604178 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.41192946058091284 |
| RT_ICON | 0x1606720 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.449468085106383 |
| RT_ICON | 0x1606bb8 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.5339861751152074 |
| RT_ICON | 0x1607280 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.41192946058091284 |
| RT_ICON | 0x1609828 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.449468085106383 |
| RT_ICON | 0x1609cc0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.3694029850746269 |
| RT_ICON | 0x160ab68 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.4499097472924188 |
| RT_ICON | 0x160b410 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.4596774193548387 |
| RT_ICON | 0x160bad8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.45375722543352603 |
| RT_ICON | 0x160c040 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.2687759336099585 |
| RT_ICON | 0x160e5e8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.30651969981238275 |
| RT_ICON | 0x160f690 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.35726950354609927 |
| RT_ICON | 0x160fb60 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Romanian | Romania | 0.5170575692963753 |
| RT_ICON | 0x1610a08 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Romanian | Romania | 0.5045126353790613 |
| RT_ICON | 0x16112b0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Romanian | Romania | 0.45910138248847926 |
| RT_ICON | 0x1611978 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Romanian | Romania | 0.47832369942196534 |
| RT_ICON | 0x1611ee0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Romanian | Romania | 0.2794605809128631 |
| RT_ICON | 0x1614488 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Romanian | Romania | 0.30816135084427765 |
| RT_ICON | 0x1615530 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Romanian | Romania | 0.3389344262295082 |
| RT_ICON | 0x1615eb8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Romanian | Romania | 0.36879432624113473 |
| RT_ICON | 0x1616398 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.27878464818763327 |
| RT_ICON | 0x1617240 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.36913357400722024 |
| RT_ICON | 0x1617ae8 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.3951612903225806 |
| RT_ICON | 0x16181b0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.3901734104046243 |
| RT_ICON | 0x1618718 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.2744813278008299 |
| RT_ICON | 0x161acc0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.3027673545966229 |
| RT_ICON | 0x161bd68 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Romanian | Romania | 0.3221311475409836 |
| RT_ICON | 0x161c6f0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.35106382978723405 |
| RT_DIALOG | 0x1620998 | 0x52 | data | 0.8780487804878049 | ||
| RT_STRING | 0x16209f0 | 0x432 | data | Romanian | Romania | 0.45251396648044695 |
| RT_STRING | 0x1620e28 | 0x4d4 | data | Romanian | Romania | 0.44660194174757284 |
| RT_STRING | 0x1621300 | 0x13a | data | Romanian | Romania | 0.5286624203821656 |
| RT_STRING | 0x1621440 | 0x30a | data | Romanian | Romania | 0.47429305912596403 |
| RT_STRING | 0x1621750 | 0x638 | data | Romanian | Romania | 0.43027638190954776 |
| RT_STRING | 0x1621d88 | 0x2ec | data | Romanian | Romania | 0.47058823529411764 |
| RT_GROUP_CURSOR | 0x161e888 | 0x30 | data | 0.9375 | ||
| RT_GROUP_CURSOR | 0x161ea98 | 0x22 | data | 1.0588235294117647 | ||
| RT_GROUP_CURSOR | 0x1620778 | 0x30 | data | 0.9375 | ||
| RT_GROUP_ICON | 0x1606b88 | 0x30 | data | Romanian | Romania | 0.9375 |
| RT_GROUP_ICON | 0x160faf8 | 0x68 | data | Romanian | Romania | 0.7115384615384616 |
| RT_GROUP_ICON | 0x1609c90 | 0x30 | data | Romanian | Romania | 1.0 |
| RT_GROUP_ICON | 0x1616320 | 0x76 | data | Romanian | Romania | 0.6779661016949152 |
| RT_GROUP_ICON | 0x161cb58 | 0x76 | data | Romanian | Romania | 0.6864406779661016 |
| RT_VERSION | 0x16207a8 | 0x1ec | data | 0.5386178861788617 |
| DLL | Import |
|---|---|
| KERNEL32.dll | LocalCompact, GetUserDefaultLCID, AddConsoleAliasW, CreateHardLinkA, GetTickCount, EnumTimeFormatsW, FindResourceExA, GetVolumeInformationA, LoadLibraryW, CopyFileW, WriteConsoleW, GetCompressedFileSizeA, GetTempPathW, SetThreadLocale, GetLastError, SetLastError, GetProcAddress, GetLocaleInfoA, SetStdHandle, SetFileAttributesA, WriteConsoleA, InterlockedExchangeAdd, LocalAlloc, SetCalendarInfoW, GetExitCodeThread, RemoveDirectoryW, AddAtomA, GlobalFindAtomW, GetModuleFileNameA, GetOEMCP, GlobalUnWire, LoadLibraryExA, ReadConsoleInputW, GetWindowsDirectoryW, AddConsoleAliasA, GetComputerNameA, FindFirstChangeNotificationW, CreateTimerQueueTimer, GetSystemDefaultLangID, OutputDebugStringW, HeapFree, EncodePointer, DecodePointer, IsProcessorFeaturePresent, GetCommandLineA, RaiseException, RtlUnwind, IsValidCodePage, GetACP, GetCPInfo, GetCurrentThreadId, IsDebuggerPresent, GetProcessHeap, ExitProcess, GetModuleHandleExW, MultiByteToWideChar, WideCharToMultiByte, HeapSize, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, CloseHandle, HeapAlloc, WriteFile, GetModuleFileNameW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, GetStringTypeW, LoadLibraryExW, HeapReAlloc, ReadFile, SetFilePointerEx, LCMapStringW, GetConsoleCP, GetConsoleMode, FlushFileBuffers, CreateFileW |
| GDI32.dll | GetCharacterPlacementW |
| ADVAPI32.dll | DeregisterEventSource |
| WINHTTP.dll | WinHttpConnect |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Romanian | Romania |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 04/21/24-08:25:57.545496 | TCP | 2856233 | ETPRO TROJAN Win32/Unknown Loader Related Activity (GET) | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 21, 2024 08:25:57.339446068 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Apr 21, 2024 08:25:57.544944048 CEST | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
| Apr 21, 2024 08:25:57.545051098 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Apr 21, 2024 08:25:57.545495987 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Apr 21, 2024 08:25:57.749958992 CEST | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
| Apr 21, 2024 08:25:58.930108070 CEST | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
| Apr 21, 2024 08:25:58.930298090 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Apr 21, 2024 08:26:03.935429096 CEST | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
| Apr 21, 2024 08:26:03.935671091 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Apr 21, 2024 08:26:12.828615904 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49730 | 185.172.128.90 | 80 | 6508 | C:\Users\user\Desktop\KLJM7VyjZ2.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Apr 21, 2024 08:25:57.545495987 CEST | 411 | OUT | |
| Apr 21, 2024 08:25:58.930108070 CEST | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 08:25:51 |
| Start date: | 21/04/2024 |
| Path: | C:\Users\user\Desktop\KLJM7VyjZ2.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 358'400 bytes |
| MD5 hash: | 206F7BF98269D08B4CB9AAA0A97214E0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 08:25:52 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8c0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 08:25:52 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8c0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 08:25:53 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8c0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 08:25:54 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 08:25:54 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8c0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 13 |
| Start time: | 08:25:55 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8c0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 15 |
| Start time: | 08:25:57 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8c0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 16 |
| Start time: | 08:25:58 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x240000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 18 |
| Start time: | 08:25:58 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 19 |
| Start time: | 08:25:58 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\SysWOW64\taskkill.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x990000 |
| File size: | 74'240 bytes |
| MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 20 |
| Start time: | 08:25:58 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x8c0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 24 |
| Start time: | 08:26:18 |
| Start date: | 21/04/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 2.6% |
| Dynamic/Decrypted Code Coverage: | 7.1% |
| Signature Coverage: | 11.8% |
| Total number of Nodes: | 407 |
| Total number of Limit Nodes: | 8 |
Graph
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01D2076E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D70 Relevance: 28.3, APIs: 9, Strings: 7, Instructions: 311networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403180 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403280 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004123EF Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01D2042D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00418FEE Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CC9080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00418E19 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB88DC Relevance: 6.1, APIs: 4, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408675 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CC8D07 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00418AA0 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CA21 Relevance: 3.0, APIs: 2, Instructions: 34timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408873 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CC8F5A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00418CF3 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CC9186 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00418F1F Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CC1509 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004112A2 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB8A70 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408809 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB9AC7 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00416A7C Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00421D42 Relevance: 1.2, Instructions: 1240COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413C49 Relevance: .6, Instructions: 637COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00409860 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01D2004B Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB0D90 Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CC13F9 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00411192 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CBD2D7 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D070 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407F24 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041701E Relevance: 18.4, APIs: 12, Instructions: 373COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CBB189 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF22 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CC0E8F Relevance: 15.1, APIs: 10, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00410C28 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CC76A4 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041743D Relevance: 13.7, APIs: 9, Instructions: 199COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB1FD7 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 311networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CC690E Relevance: 12.2, APIs: 8, Instructions: 203COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004166A7 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407A99 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041146B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB7D00 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB5FD7 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D70 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BD87 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C6C3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A8A9 Relevance: 7.7, APIs: 5, Instructions: 244COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004121BC Relevance: 7.7, APIs: 5, Instructions: 199COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB2E87 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CC57E8 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00415581 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CB33E7 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408094 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CBEAAE Relevance: 6.0, APIs: 4, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E847 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01CBB533 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B2CC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |