Windows
Analysis Report
SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe (PID: 7344 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Win32.Boot kitX-gen.5 272.14841. exe" MD5: 1EE22348C50E6AA7C055AE0E006A96AB) WerFault.exe (PID: 7804 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 344 -s 164 0 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["benchillppwo.shop", "publicitttyps.shop", "answerrsdo.shop", "radiationnopp.shop", "affecthorsedpo.shop", "bargainnykwo.shop", "bannngwko.shop", "bouncedgowp.shop", "stationacutwo.shop"], "Build id": "P6Mk0M--key"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 8 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 0_2_0041718B |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0041003F | |
Source: | Code function: | 0_2_00427141 | |
Source: | Code function: | 0_2_00410950 | |
Source: | Code function: | 0_2_0041718B | |
Source: | Code function: | 0_2_00418192 | |
Source: | Code function: | 0_2_00418192 | |
Source: | Code function: | 0_2_0041B260 | |
Source: | Code function: | 0_2_00416380 | |
Source: | Code function: | 0_2_00416380 | |
Source: | Code function: | 0_2_00418C50 | |
Source: | Code function: | 0_2_00421570 | |
Source: | Code function: | 0_2_0040A660 | |
Source: | Code function: | 0_2_0041773E | |
Source: | Code function: | 0_2_0041773E | |
Source: | Code function: | 0_2_0041773E | |
Source: | Code function: | 0_2_0041773E | |
Source: | Code function: | 0_2_0041107B | |
Source: | Code function: | 0_2_004260F0 | |
Source: | Code function: | 0_2_004260F0 | |
Source: | Code function: | 0_2_0043A090 | |
Source: | Code function: | 0_2_0041289B | |
Source: | Code function: | 0_2_004390BE | |
Source: | Code function: | 0_2_00436162 | |
Source: | Code function: | 0_2_00425920 | |
Source: | Code function: | 0_2_00425920 | |
Source: | Code function: | 0_2_00413985 | |
Source: | Code function: | 0_2_004399A0 | |
Source: | Code function: | 0_2_004399A0 | |
Source: | Code function: | 0_2_004269B6 | |
Source: | Code function: | 0_2_00426A5F | |
Source: | Code function: | 0_2_00416210 | |
Source: | Code function: | 0_2_004242B2 | |
Source: | Code function: | 0_2_00438351 | |
Source: | Code function: | 0_2_00403BC0 | |
Source: | Code function: | 0_2_0040CBCC | |
Source: | Code function: | 0_2_004143D3 | |
Source: | Code function: | 0_2_004383E3 | |
Source: | Code function: | 0_2_00431B90 | |
Source: | Code function: | 0_2_00417C74 | |
Source: | Code function: | 0_2_00438C15 | |
Source: | Code function: | 0_2_00421C19 | |
Source: | Code function: | 0_2_004234DC | |
Source: | Code function: | 0_2_0043A480 | |
Source: | Code function: | 0_2_00421C8F | |
Source: | Code function: | 0_2_00417C90 | |
Source: | Code function: | 0_2_00415CA2 | |
Source: | Code function: | 0_2_00401D64 | |
Source: | Code function: | 0_2_00426660 | |
Source: | Code function: | 0_2_00439E00 | |
Source: | Code function: | 0_2_00439E00 | |
Source: | Code function: | 0_2_00402E80 | |
Source: | Code function: | 0_2_00425680 | |
Source: | Code function: | 0_2_0041D75D | |
Source: | Code function: | 0_2_0041D75D | |
Source: | Code function: | 0_2_0041D75D | |
Source: | Code function: | 0_2_0041D75D | |
Source: | Code function: | 0_2_00439F10 | |
Source: | Code function: | 0_2_00439F10 | |
Source: | Code function: | 0_2_0040E7D0 | |
Source: | Code function: | 0_2_0041FF85 | |
Source: | Code function: | 0_2_0041FF85 | |
Source: | Code function: | 0_2_0041FF85 | |
Source: | Code function: | 0_2_028C02A6 | |
Source: | Code function: | 0_2_028C12E2 | |
Source: | Code function: | 0_2_028EA21D | |
Source: | Code function: | 0_2_028CE257 | |
Source: | Code function: | 0_2_028D73A8 | |
Source: | Code function: | 0_2_028E63C9 | |
Source: | Code function: | 0_2_028C83F9 | |
Source: | Code function: | 0_2_028D03F4 | |
Source: | Code function: | 0_2_028D03F4 | |
Source: | Code function: | 0_2_028E9325 | |
Source: | Code function: | 0_2_028D6357 | |
Source: | Code function: | 0_2_028D6357 | |
Source: | Code function: | 0_2_028B30E7 | |
Source: | Code function: | 0_2_028B203D | |
Source: | Code function: | 0_2_028C463A | |
Source: | Code function: | 0_2_028E864A | |
Source: | Code function: | 0_2_028D17D7 | |
Source: | Code function: | 0_2_028C772D | |
Source: | Code function: | 0_2_028C6739 | |
Source: | Code function: | 0_2_028D3743 | |
Source: | Code function: | 0_2_028CDA94 | |
Source: | Code function: | 0_2_028EA4B1 | |
Source: | Code function: | 0_2_028CB4C7 | |
Source: | Code function: | 0_2_028CE403 | |
Source: | Code function: | 0_2_028C6477 | |
Source: | Code function: | 0_2_028E85B8 | |
Source: | Code function: | 0_2_028D4519 | |
Source: | Code function: | 0_2_028D0510 | |
Source: | Code function: | 0_2_028D0510 | |
Source: | Code function: | 0_2_028CDA94 | |
Source: | Code function: | 0_2_028BEA37 | |
Source: | Code function: | 0_2_028C8A6E | |
Source: | Code function: | 0_2_028C7A74 | |
Source: | Code function: | 0_2_028C0BB7 | |
Source: | Code function: | 0_2_028C3BEC | |
Source: | Code function: | 0_2_028C7BE0 | |
Source: | Code function: | 0_2_028C7BE0 | |
Source: | Code function: | 0_2_028EA88B | |
Source: | Code function: | 0_2_028C6899 | |
Source: | Code function: | 0_2_028D68C7 | |
Source: | Code function: | 0_2_028BA8C7 | |
Source: | Code function: | 0_2_028D58E7 | |
Source: | Code function: | 0_2_028CD9DB | |
Source: | Code function: | 0_2_028D58E7 | |
Source: | Code function: | 0_2_028C7EA3 | |
Source: | Code function: | 0_2_028C8EB7 | |
Source: | Code function: | 0_2_028C7EDB | |
Source: | Code function: | 0_2_028B3E27 | |
Source: | Code function: | 0_2_028E8E7C | |
Source: | Code function: | 0_2_028B1F8F | |
Source: | Code function: | 0_2_028D1FBE | |
Source: | Code function: | 0_2_028C5F09 | |
Source: | Code function: | 0_2_028D6CC6 | |
Source: | Code function: | 0_2_028D6C1D | |
Source: | Code function: | 0_2_028E1DF7 |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0042E590 |
Source: | Code function: | 0_2_0042E590 |
Source: | Code function: | 0_2_0042EA70 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_0041718B | |
Source: | Code function: | 0_2_00422290 | |
Source: | Code function: | 0_2_00416C48 | |
Source: | Code function: | 0_2_00405460 | |
Source: | Code function: | 0_2_00420CED | |
Source: | Code function: | 0_2_00421570 | |
Source: | Code function: | 0_2_00417D08 | |
Source: | Code function: | 0_2_0043B630 | |
Source: | Code function: | 0_2_0040105C | |
Source: | Code function: | 0_2_0042B8F8 | |
Source: | Code function: | 0_2_0043A090 | |
Source: | Code function: | 0_2_0043B900 | |
Source: | Code function: | 0_2_00425920 | |
Source: | Code function: | 0_2_004369D0 | |
Source: | Code function: | 0_2_004089E0 | |
Source: | Code function: | 0_2_00433980 | |
Source: | Code function: | 0_2_004399A0 | |
Source: | Code function: | 0_2_00404A50 | |
Source: | Code function: | 0_2_00422AC1 | |
Source: | Code function: | 0_2_00423354 | |
Source: | Code function: | 0_2_00407310 | |
Source: | Code function: | 0_2_00421C19 | |
Source: | Code function: | 0_2_0043BC30 | |
Source: | Code function: | 0_2_0043A480 | |
Source: | Code function: | 0_2_00421C8F | |
Source: | Code function: | 0_2_00406D00 | |
Source: | Code function: | 0_2_0040FDA0 | |
Source: | Code function: | 0_2_00439E00 | |
Source: | Code function: | 0_2_004096C0 | |
Source: | Code function: | 0_2_0041D75D | |
Source: | Code function: | 0_2_00403F00 | |
Source: | Code function: | 0_2_00439F10 | |
Source: | Code function: | 0_2_00405F30 | |
Source: | Code function: | 0_2_0041FF85 | |
Source: | Code function: | 0_2_00401FA0 | |
Source: | Code function: | 0_2_028D03F4 | |
Source: | Code function: | 0_2_028C0007 | |
Source: | Code function: | 0_2_028B6197 | |
Source: | Code function: | 0_2_028B4167 | |
Source: | Code function: | 0_2_028B56C7 | |
Source: | Code function: | 0_2_028D17D7 | |
Source: | Code function: | 0_2_028E3BE7 | |
Source: | Code function: | 0_2_028DBB5F | |
Source: | Code function: | 0_2_028EBB67 | |
Source: | Code function: | 0_2_028EB897 | |
Source: | Code function: | 0_2_028B9927 | |
Source: | Code function: | 0_2_028EBE97 | |
Source: | Code function: | 0_2_028C7F91 | |
Source: | Code function: | 0_2_028D2F17 | |
Source: | Code function: | 0_2_028B6F67 | |
Source: | Code function: | 0_2_028B4CB7 | |
Source: | Code function: | 0_2_028E6C37 | |
Source: | Code function: | 0_2_028B8C47 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_02AC23F6 |
Source: | Code function: | 0_2_0042A44A |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00426005 | |
Source: | Code function: | 0_2_004418AA | |
Source: | Code function: | 0_2_028D626C | |
Source: | Code function: | 0_2_028BCEA4 | |
Source: | Code function: | 0_2_02AC5211 | |
Source: | Code function: | 0_2_02AC5EBC | |
Source: | Code function: | 0_2_02AC5F9E | |
Source: | Code function: | 0_2_02AC2F0F | |
Source: | Code function: | 0_2_02AC4D4A |
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-22533 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00438180 |
Source: | Code function: | 0_2_028B092B | |
Source: | Code function: | 0_2_028B0D90 | |
Source: | Code function: | 0_2_02AC1CD3 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 1 Query Registry | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 31 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 4 Obfuscated Files or Information | NTDS | 2 Process Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 22 Software Packing | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 12 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
45% | ReversingLabs | Win32.Spyware.Lummastealer | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
stationacutwo.shop | 188.114.96.3 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.114.96.3 | stationacutwo.shop | European Union | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1466390 |
Start date and time: | 2024-07-02 21:23:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@2/5@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.73.29
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe
Time | Type | Description |
---|---|---|
15:24:23 | API Interceptor | |
15:24:46 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
188.114.96.3 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
stationacutwo.shop | Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Python Stealer, Discord Token Stealer, MicroClip, PySilon Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | DBatLoader, Remcos | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | DBatLoader, Neshta | Browse |
| ||
Get hash | malicious | AsyncRAT, Neshta, XWorm | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | Arc Stealer | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_4a6c55577aaedf8dddd3a286fa2779c4277b_c0c012cd_099ad559-0e01-4b7d-a504-7bb0194793d8\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0366353994383433 |
Encrypted: | false |
SSDEEP: | 96:b4F7LJ+sUhqihe7qiMfNQQXIDcQrc6vcE4cw32+HbHg/PB6Heao8Fa9SAjOyWM2s:sxV+Ai3iG0FriLjBJFPzuiFzZ24IO8f |
MD5: | 1C7C150CC22BD2B0FEE9FB6601BA821C |
SHA1: | 77669666FE3298631010D9660A1A159F56FD259B |
SHA-256: | 00A09B234FDB05D60682530FC3F14AA47B79CBAB315E45176388CD9205633A1E |
SHA-512: | 537F95508047291706CB61A830255B46096A7B72516D452474CFD53CAA65CE6264067E7ADA5C1DE3130D5AD94B8A449273B17AB7B6EF9A59D2BE10DD03DF455B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 101814 |
Entropy (8bit): | 2.210521829400285 |
Encrypted: | false |
SSDEEP: | 384:M1E/5LOCDB36LnLls70jCNl/5w3MpQDeDXzEGy+T/i5jAoguJ82beFAo+cA3:M1g9OCDB36TLls7eCD0M9a+Teea3 |
MD5: | 5B08E9B06B00AE1D8365398FF38095CF |
SHA1: | 41C516B0C192EAA0D6EDA594804201C0B316E8E6 |
SHA-256: | 1CEAFC0965188E6792B73A73548385B16600898CA4502C79BE4651B5F4AAE63B |
SHA-512: | A4F85F9F2C08EFDCECD638257DFE28481C89BC00EB5853FBCD1FDE3367E4F1E9533589D4E459BD4526619D0FB0D85A154E823B8F6156A9BBECD565B3CE35435D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8548 |
Entropy (8bit): | 3.700676266382517 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ0u6Uegf6Y9sSUdad1gmfha6YpDy89bqIsfyOm:R6lXJl6t46YmSUdavgmfha6eq7fC |
MD5: | 05A4B228ADA850759511309CFEAD5496 |
SHA1: | 9D9BAD1D445F79692E38E7663CB1C02FECA5615F |
SHA-256: | 46F79F2C17F1D4CEB8D90D718BFD12EFAE4899EB9C7D0D07B31562982489ADBF |
SHA-512: | 18D5A4959FB56F287CF5BD54A19AC5E985AB74EE6F489FBBE7CA435533692ABFD12EC59C93152FA746E4346C314B0E769F90E6BA1A5C7E4765340AAAB9040876 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4831 |
Entropy (8bit): | 4.5747268452462775 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs9Jg77aI9/kWpW8VYHYm8M4JeSEF0+q8uWKgYH68A2Wd:uIjfXI7V97VTJllgYH6YWd |
MD5: | 47927441EEBEE2487193011159190172 |
SHA1: | A817266585770D3B0C2D8C921E67B111F07F69B6 |
SHA-256: | E84C5C25D6DE969648E9E29C9774B8AA51074297BC1732B1D3C9C046D8CEA0D9 |
SHA-512: | F10CC2A3976928E67D3532FE9FCA9764949B295D47AF71957BE11E524E9BA53D28A4149AA02DAED32937A0B07DCE28833E32D159DACE38830F0C39D64FE597E6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465671636634917 |
Encrypted: | false |
SSDEEP: | 6144:tIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNzdwBCswSbD:+XD94+WlLZMM6YFHF+D |
MD5: | 40B76D48265384B5669DB6802446CE61 |
SHA1: | B3E57C72ADD415F3CF7FA75EB8AB4A9299423FD1 |
SHA-256: | 7CB4ABBBC08C8539E7C4A8E358750848108BBD9CF0639CC7C7A85970B5E25778 |
SHA-512: | A3DF4952696AFD9D3AE95AAC28DD4B97D942F62AA7EAF3813D250087A5DB878690E7254FC94B7931641221E51225A1119D778EB17EA465B774D0B1F2B76840E5 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.280357872770324 |
TrID: |
|
File name: | SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
File size: | 297'984 bytes |
MD5: | 1ee22348c50e6aa7c055ae0e006a96ab |
SHA1: | cd567a91bff85257a82d6c397502e5556779075b |
SHA256: | ff4c03965c0c4c428eaa7ddbb442ae1537e78efb0d9ec07a10f793b7d6153a58 |
SHA512: | 6f4ea159b003349cae50cd6f6d7eff6e21cb329e486db448a845cac89472e84c51fb6b5fa61b23c14de8ba3e8b95561a7045538ffa8f46deb14000322fb015a0 |
SSDEEP: | 6144:H9L7UWpKojODqWEbt89gPTAUWuwyIcJnT3tsZAn5Aaq3RxR11WQd8x:dPUD+bFWqt3tts3pWNx |
TLSH: | A954AE512AF69526FFF79B341A3496941A3BBC737E70808D3690B24E4E33691DE60723 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._...................................{...<...........v...........................Rich............PE..L...7.2d.................H. |
Icon Hash: | cb97374d5551599a |
Entrypoint: | 0x4019e1 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6432A837 [Sun Apr 9 11:57:43 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 04c19b0a4924298ad5f0ee3be3224e92 |
Instruction |
---|
call 00007F6698F9FEFFh |
jmp 00007F6698F9C3FEh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 00000328h |
mov dword ptr [0043A8F8h], eax |
mov dword ptr [0043A8F4h], ecx |
mov dword ptr [0043A8F0h], edx |
mov dword ptr [0043A8ECh], ebx |
mov dword ptr [0043A8E8h], esi |
mov dword ptr [0043A8E4h], edi |
mov word ptr [0043A910h], ss |
mov word ptr [0043A904h], cs |
mov word ptr [0043A8E0h], ds |
mov word ptr [0043A8DCh], es |
mov word ptr [0043A8D8h], fs |
mov word ptr [0043A8D4h], gs |
pushfd |
pop dword ptr [0043A908h] |
mov eax, dword ptr [ebp+00h] |
mov dword ptr [0043A8FCh], eax |
mov eax, dword ptr [ebp+04h] |
mov dword ptr [0043A900h], eax |
lea eax, dword ptr [ebp+08h] |
mov dword ptr [0043A90Ch], eax |
mov eax, dword ptr [ebp-00000320h] |
mov dword ptr [0043A848h], 00010001h |
mov eax, dword ptr [0043A900h] |
mov dword ptr [0043A7FCh], eax |
mov dword ptr [0043A7F0h], C0000409h |
mov dword ptr [0043A7F4h], 00000001h |
mov eax, dword ptr [00439004h] |
mov dword ptr [ebp-00000328h], eax |
mov eax, dword ptr [00439008h] |
mov dword ptr [ebp-00000324h], eax |
call dword ptr [000000A8h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3777c | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2326000 | 0xff08 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x36000 | 0x188 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x34609 | 0x34800 | bf1a49a6af27a192a7c164ec29fc14e8 | False | 0.9142810639880953 | data | 7.858975641411642 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x36000 | 0x205c | 0x2200 | 77fafdd3854df85c129724c9d76e5747 | False | 0.34719669117647056 | data | 5.402931699789178 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x39000 | 0x22ec520 | 0x1e00 | 55db1340cb01a502bb80d349a80b9d40 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x2326000 | 0xff08 | 0x10000 | 425c30f2b9bc4a26de83e156a02c34c5 | False | 0.459320068359375 | data | 4.991657229883422 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
YEFE | 0x232cf08 | 0x3fa | ASCII text, with very long lines (1018), with no line terminators | Turkish | Turkey | 0.6316306483300589 |
RT_CURSOR | 0x232d308 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.7368421052631579 | ||
RT_CURSOR | 0x232d438 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.06130705394190871 | ||
RT_ICON | 0x23266d0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Turkish | Turkey | 0.6079424307036247 |
RT_ICON | 0x2327578 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Turkish | Turkey | 0.6935920577617328 |
RT_ICON | 0x2327e20 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Turkish | Turkey | 0.7505760368663594 |
RT_ICON | 0x23284e8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Turkish | Turkey | 0.7976878612716763 |
RT_ICON | 0x2328a50 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Turkish | Turkey | 0.5983402489626556 |
RT_ICON | 0x232aff8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Turkish | Turkey | 0.726782363977486 |
RT_ICON | 0x232c0a0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Turkish | Turkey | 0.739344262295082 |
RT_ICON | 0x232ca28 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Turkish | Turkey | 0.8847517730496454 |
RT_STRING | 0x232fbb8 | 0x18e | data | 0.4798994974874372 | ||
RT_STRING | 0x232fd48 | 0x9e | data | 0.569620253164557 | ||
RT_STRING | 0x232fde8 | 0x6c8 | data | 0.4245391705069124 | ||
RT_STRING | 0x23304b0 | 0x67a | data | 0.43184559710494574 | ||
RT_STRING | 0x2330b30 | 0x5e0 | data | 0.4375 | ||
RT_STRING | 0x2331110 | 0x258 | data | 0.4866666666666667 | ||
RT_STRING | 0x2331368 | 0x6f8 | data | 0.4304932735426009 | ||
RT_STRING | 0x2331a60 | 0x62e | data | 0.4393173198482933 | ||
RT_STRING | 0x2332090 | 0x6fa | data | 0.425531914893617 | ||
RT_STRING | 0x2332790 | 0x5a0 | data | 0.4388888888888889 | ||
RT_STRING | 0x2332d30 | 0x67c | AmigaOS bitmap font "a", fc_YSize 28416, 18944 elements, 2nd "&", 3rd "a" | 0.4295180722891566 | ||
RT_STRING | 0x23333b0 | 0x868 | data | 0.4144981412639405 | ||
RT_STRING | 0x2333c18 | 0x87c | data | 0.4129834254143646 | ||
RT_STRING | 0x2334498 | 0x624 | data | 0.4357506361323155 | ||
RT_STRING | 0x2334ac0 | 0x68a | data | 0.43309438470728795 | ||
RT_STRING | 0x2335150 | 0x68e | data | 0.43206197854588796 | ||
RT_STRING | 0x23357e0 | 0x646 | data | 0.4364881693648817 | ||
RT_STRING | 0x2335e28 | 0xdc | data | 0.5590909090909091 | ||
RT_GROUP_CURSOR | 0x232f9e0 | 0x22 | data | 1.088235294117647 | ||
RT_GROUP_ICON | 0x232ce90 | 0x76 | data | Turkish | Turkey | 0.6610169491525424 |
RT_VERSION | 0x232fa08 | 0x1b0 | data | 0.5972222222222222 |
DLL | Import |
---|---|
KERNEL32.dll | SetVolumeMountPointW, GetComputerNameW, SleepEx, GetCommProperties, GetModuleHandleW, GetTickCount, ReadConsoleOutputA, GlobalAlloc, lstrcpynW, WriteConsoleW, GetModuleFileNameW, GetConsoleAliasesW, CreateJobObjectW, GetProcAddress, BuildCommDCBW, GetAtomNameA, LoadLibraryA, UnhandledExceptionFilter, InterlockedExchangeAdd, AddAtomA, FoldStringA, lstrcatW, EnumDateFormatsW, FindFirstVolumeA, AreFileApisANSI, OpenJobObjectA, ZombifyActCtx, GetLastError, GetConsoleAliasExesLengthA, CreateFileA, GetConsoleOutputCP, MultiByteToWideChar, HeapAlloc, HeapReAlloc, GetStartupInfoW, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapFree, VirtualFree, VirtualAlloc, HeapCreate, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, SetHandleCount, GetFileType, GetStartupInfoA, HeapSize, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, WideCharToMultiByte, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, RtlUnwind, ReadFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA |
GDI32.dll | GetBoundsRect |
ADVAPI32.dll | EnumDependentServicesA |
ole32.dll | CoTaskMemRealloc |
WINHTTP.dll | WinHttpAddRequestHeaders |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Turkish | Turkey |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 21:24:23.023765087 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.023819923 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:23.023911953 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.027290106 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.027303934 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:23.513782024 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:23.513854027 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.517956018 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.517970085 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:23.518203020 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:23.594199896 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.594224930 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.594362974 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:23.972543001 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:23.972913027 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:23.972980976 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.974582911 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.974601984 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:23.978451967 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.978502989 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:23.978574038 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.978842974 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:23.978857040 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.445550919 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.445656061 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.448486090 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.448498011 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.448770046 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.449924946 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.449951887 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.449985981 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.882308960 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.882559061 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.882590055 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.882621050 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.882641077 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.882647991 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.882663965 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.882666111 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.882699966 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.882711887 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.883090019 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.883111000 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.883136034 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.883142948 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.883192062 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.887248039 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.887305021 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.887346029 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.887351990 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.935097933 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.971050978 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.971286058 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.971326113 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.971333981 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.972157955 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.972209930 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.972282887 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.972296000 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:24.972306013 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:24.972311020 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:25.211344957 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:25.211394072 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:25.211466074 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:25.211801052 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:25.211815119 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:25.708220959 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:25.708293915 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:25.709726095 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:25.709739923 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:25.709948063 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:25.711143970 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:25.711268902 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:25.711302996 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:25.711352110 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:25.711361885 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:26.210639954 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:26.210727930 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:26.210798025 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:26.210890055 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:26.210911989 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:26.520224094 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:26.520263910 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:26.520348072 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:26.520672083 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:26.520684958 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:27.011389017 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:27.011615038 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:27.013014078 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:27.013024092 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:27.013283968 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:27.014592886 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:27.014724016 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:27.014754057 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:27.478611946 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:27.478710890 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:27.478876114 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:27.478990078 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:27.479010105 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:27.682143927 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:27.682169914 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:27.682280064 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:27.682624102 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:27.682636976 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:28.149173021 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:28.149281979 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:28.150774956 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:28.150787115 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:28.150989056 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:28.152297020 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:28.152442932 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:28.152472019 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:28.152539968 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:28.152549028 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:28.693641901 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:28.693739891 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:28.693854094 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:28.694219112 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:28.694237947 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:29.073592901 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:29.073637962 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:29.073726892 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:29.074009895 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:29.074022055 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:29.542105913 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:29.542226076 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:29.547982931 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:29.547991037 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:29.548196077 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:29.549640894 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:29.549774885 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:29.549807072 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:29.949402094 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:29.949501038 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:29.949549913 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:29.949707031 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:29.949722052 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:30.135370016 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:30.135402918 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:30.135541916 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:30.135970116 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:30.135982990 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:30.625597954 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:30.625689030 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:30.627038002 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:30.627049923 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:30.627286911 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:30.629072905 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:30.629173994 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:30.629180908 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:31.019531012 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:31.019644022 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:31.019758940 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:31.021625996 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:31.021648884 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.208842993 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.208883047 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.208950043 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.209250927 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.209264040 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.817498922 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.817591906 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.819212914 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.819225073 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.819431067 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.820790052 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.821532011 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.821566105 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.821671963 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.821710110 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.822470903 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.822520971 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.823261023 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.823293924 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.823419094 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.823456049 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.823604107 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.823638916 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.823651075 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.823657990 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.823832989 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.823853970 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.823877096 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.824065924 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.824100971 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.832067966 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.832261086 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.832292080 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:32.832312107 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.832335949 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.832345009 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.832391977 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:32.837526083 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:34.264435053 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:34.264514923 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:34.264569044 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:34.264789104 CEST | 49739 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:34.264807940 CEST | 443 | 49739 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:34.279978037 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:34.280004978 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:34.280078888 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:34.280424118 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:34.280428886 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:34.777031898 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:34.777242899 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:34.778497934 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:34.778506994 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:34.778758049 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:34.791002035 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:34.791028976 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:34.791127920 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:35.222551107 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:35.222630024 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Jul 2, 2024 21:24:35.222678900 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:35.222954035 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 2, 2024 21:24:35.222969055 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 21:24:22.973654985 CEST | 49591 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 2, 2024 21:24:22.992924929 CEST | 53 | 49591 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 2, 2024 21:24:22.973654985 CEST | 192.168.2.4 | 1.1.1.1 | 0xcf6b | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 2, 2024 21:24:22.992924929 CEST | 1.1.1.1 | 192.168.2.4 | 0xcf6b | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 21:24:22.992924929 CEST | 1.1.1.1 | 192.168.2.4 | 0xcf6b | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 188.114.96.3 | 443 | 7344 | C:\Users\user\Desktop\SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 19:24:23 UTC | 265 | OUT | |
2024-07-02 19:24:23 UTC | 8 | OUT | |
2024-07-02 19:24:23 UTC | 804 | IN | |
2024-07-02 19:24:23 UTC | 7 | IN | |
2024-07-02 19:24:23 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49731 | 188.114.96.3 | 443 | 7344 | C:\Users\user\Desktop\SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 19:24:24 UTC | 266 | OUT | |
2024-07-02 19:24:24 UTC | 45 | OUT | |
2024-07-02 19:24:24 UTC | 800 | IN | |
2024-07-02 19:24:24 UTC | 569 | IN | |
2024-07-02 19:24:24 UTC | 1369 | IN | |
2024-07-02 19:24:24 UTC | 1369 | IN | |
2024-07-02 19:24:24 UTC | 1369 | IN | |
2024-07-02 19:24:24 UTC | 1369 | IN | |
2024-07-02 19:24:24 UTC | 1369 | IN | |
2024-07-02 19:24:24 UTC | 1369 | IN | |
2024-07-02 19:24:24 UTC | 1369 | IN | |
2024-07-02 19:24:24 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49732 | 188.114.96.3 | 443 | 7344 | C:\Users\user\Desktop\SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 19:24:25 UTC | 284 | OUT | |
2024-07-02 19:24:25 UTC | 15331 | OUT | |
2024-07-02 19:24:25 UTC | 2830 | OUT | |
2024-07-02 19:24:26 UTC | 800 | IN | |
2024-07-02 19:24:26 UTC | 19 | IN | |
2024-07-02 19:24:26 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49733 | 188.114.96.3 | 443 | 7344 | C:\Users\user\Desktop\SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 19:24:27 UTC | 283 | OUT | |
2024-07-02 19:24:27 UTC | 8782 | OUT | |
2024-07-02 19:24:27 UTC | 812 | IN | |
2024-07-02 19:24:27 UTC | 19 | IN | |
2024-07-02 19:24:27 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49734 | 188.114.96.3 | 443 | 7344 | C:\Users\user\Desktop\SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 19:24:28 UTC | 284 | OUT | |
2024-07-02 19:24:28 UTC | 15331 | OUT | |
2024-07-02 19:24:28 UTC | 5104 | OUT | |
2024-07-02 19:24:28 UTC | 802 | IN | |
2024-07-02 19:24:28 UTC | 19 | IN | |
2024-07-02 19:24:28 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49735 | 188.114.96.3 | 443 | 7344 | C:\Users\user\Desktop\SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 19:24:29 UTC | 283 | OUT | |
2024-07-02 19:24:29 UTC | 5438 | OUT | |
2024-07-02 19:24:29 UTC | 806 | IN | |
2024-07-02 19:24:29 UTC | 19 | IN | |
2024-07-02 19:24:29 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | 7344 | C:\Users\user\Desktop\SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 19:24:30 UTC | 283 | OUT | |
2024-07-02 19:24:30 UTC | 1304 | OUT | |
2024-07-02 19:24:31 UTC | 804 | IN | |
2024-07-02 19:24:31 UTC | 19 | IN | |
2024-07-02 19:24:31 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49739 | 188.114.96.3 | 443 | 7344 | C:\Users\user\Desktop\SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 19:24:32 UTC | 285 | OUT | |
2024-07-02 19:24:32 UTC | 15331 | OUT | |
2024-07-02 19:24:32 UTC | 15331 | OUT | |
2024-07-02 19:24:32 UTC | 15331 | OUT | |
2024-07-02 19:24:32 UTC | 15331 | OUT | |
2024-07-02 19:24:32 UTC | 15331 | OUT | |
2024-07-02 19:24:32 UTC | 15331 | OUT | |
2024-07-02 19:24:32 UTC | 15331 | OUT | |
2024-07-02 19:24:32 UTC | 15331 | OUT | |
2024-07-02 19:24:32 UTC | 15331 | OUT | |
2024-07-02 19:24:32 UTC | 15331 | OUT | |
2024-07-02 19:24:34 UTC | 802 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | 7344 | C:\Users\user\Desktop\SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 19:24:34 UTC | 266 | OUT | |
2024-07-02 19:24:34 UTC | 80 | OUT | |
2024-07-02 19:24:35 UTC | 804 | IN | |
2024-07-02 19:24:35 UTC | 54 | IN | |
2024-07-02 19:24:35 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:24:13 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Win32.BootkitX-gen.5272.14841.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 297'984 bytes |
MD5 hash: | 1EE22348C50E6AA7C055AE0E006A96AB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 15:24:34 |
Start date: | 02/07/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa70000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.1% |
Dynamic/Decrypted Code Coverage: | 9% |
Signature Coverage: | 34.8% |
Total number of Nodes: | 310 |
Total number of Limit Nodes: | 21 |
Graph
Function 0040A660 Relevance: 23.0, Strings: 18, Instructions: 467COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00420CED Relevance: 11.8, Strings: 9, Instructions: 516COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418192 Relevance: 10.8, Strings: 8, Instructions: 776COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410950 Relevance: 10.4, Strings: 8, Instructions: 384COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00418C50 Relevance: 9.2, Strings: 7, Instructions: 425COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041003F Relevance: 9.1, Strings: 7, Instructions: 394COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416C48 Relevance: 8.0, Strings: 6, Instructions: 457COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00422290 Relevance: 5.5, Strings: 4, Instructions: 494COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041773E Relevance: 5.5, Strings: 4, Instructions: 478COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421570 Relevance: 4.1, Strings: 3, Instructions: 362COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00417D08 Relevance: 4.1, Strings: 3, Instructions: 310COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02AC23F6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00405460 Relevance: 3.0, Strings: 2, Instructions: 451COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416380 Relevance: 1.6, Strings: 1, Instructions: 377COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438180 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FF85 Relevance: .6, Instructions: 590COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B630 Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B260 Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A44A Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028B003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028B0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042BEB5 Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004380CA Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043603F Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437D4A Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437FE0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02AC20B5 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042E590 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 127clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028BA8C7 Relevance: 23.0, Strings: 18, Instructions: 467COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401FA0 Relevance: 13.0, Strings: 10, Instructions: 492COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C0BB7 Relevance: 10.4, Strings: 8, Instructions: 384COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028C8EB7 Relevance: 9.2, Strings: 7, Instructions: 425COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028C02A6 Relevance: 9.1, Strings: 7, Instructions: 394COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040CBCC Relevance: 8.8, Strings: 7, Instructions: 92COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028D6357 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004260F0 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00422AC1 Relevance: 4.2, Strings: 3, Instructions: 401COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028D17D7 Relevance: 4.1, Strings: 3, Instructions: 362COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028C83F9 Relevance: 4.1, Strings: 3, Instructions: 333COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028C7F91 Relevance: 4.0, Strings: 3, Instructions: 292COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028B092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028B6197 Relevance: 3.4, Strings: 2, Instructions: 886COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00405F30 Relevance: 3.4, Strings: 2, Instructions: 886COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028D4519 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00425920 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028D73A8 Relevance: 3.0, Strings: 2, Instructions: 470COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028B56C7 Relevance: 3.0, Strings: 2, Instructions: 451COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004242B2 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041D75D Relevance: 2.4, APIs: 1, Instructions: 875COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040105C Relevance: 2.1, Strings: 1, Instructions: 893COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028DBB5F Relevance: 1.8, APIs: 1, Instructions: 299COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042B8F8 Relevance: 1.8, APIs: 1, Instructions: 299COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423354 Relevance: 1.8, Strings: 1, Instructions: 520COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028B9927 Relevance: 1.7, Strings: 1, Instructions: 416COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00439E00 Relevance: 1.7, Strings: 1, Instructions: 403COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00439F10 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C8A6E Relevance: 1.6, Strings: 1, Instructions: 321COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028D68C7 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00426660 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407310 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041289B Relevance: 1.4, Strings: 1, Instructions: 135COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C463A Relevance: 1.4, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004143D3 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C7A74 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00417C90 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028E85B8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00438351 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028B8C47 Relevance: .8, Instructions: 834COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004089E0 Relevance: .8, Instructions: 834COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028B4167 Relevance: .8, Instructions: 753COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403F00 Relevance: .8, Instructions: 753COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004399A0 Relevance: .7, Instructions: 729COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028B4CB7 Relevance: .6, Instructions: 634COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404A50 Relevance: .6, Instructions: 634COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028E6C37 Relevance: .6, Instructions: 574COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004369D0 Relevance: .6, Instructions: 574COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028B6F67 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406D00 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A480 Relevance: .4, Instructions: 423COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004096C0 Relevance: .4, Instructions: 416COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421C19 Relevance: .4, Instructions: 398COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421C8F Relevance: .4, Instructions: 373COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A090 Relevance: .3, Instructions: 319COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028EBB67 Relevance: .3, Instructions: 304COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043B900 Relevance: .3, Instructions: 304COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028EBE97 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043BC30 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028EB897 Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028D6C1D Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004269B6 Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C3BEC Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028E3BE7 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00433980 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413985 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028D2F17 Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028C7BE0 Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028D6CC6 Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00426A5F Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C5F09 Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00415CA2 Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028D03F4 Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028C6477 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00416210 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C12E2 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041107B Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028CB4C7 Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028C772D Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028D0510 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028C0007 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040FDA0 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C6739 Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028B30E7 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028CDA94 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402E80 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028E8E7C Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00438C15 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028EA88B Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028CD9DB Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401D64 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C6899 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028E1DF7 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00431B90 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028D58E7 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00425680 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02AC1CD3 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028B3E27 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403BC0 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028E63C9 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00436162 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028E864A Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004383E3 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028E9325 Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004390BE Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028B0D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028D1FBE Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028CE403 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028BEA37 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E7D0 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028EA4B1 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028D3743 Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004234DC Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028C7EA3 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028B1F8F Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028B203D Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028CE257 Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028C7EDB Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00417C74 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 028EA21D Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 028DE7F7 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 127clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|