Windows
Analysis Report
5086520740-COMPROBANTE-DE-PAGO-000255784540102210.exe
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 5086520740-COMPROBANTE-DE-PAGO-000255784540102210.exe (PID: 7412 cmdline:
"C:\Users\ user\Deskt op\5086520 740-COMPRO BANTE-DE-P AGO-000255 7845401022 10.exe" MD5: E8E5C3AE6F7D5FF91BDA7379B8E16EFF) - grpconv.exe (PID: 8176 cmdline:
C:\windows \syswow64\ grpconv.ex e MD5: 5A13926732E6D349FD060C072BC7FB74)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process Stats: |
Source: | Code function: | 5_2_131BAC47 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 5_2_14A8C880 |
Source: | Code function: | 0_2_0019BE15 | |
Source: | Code function: | 0_2_0019C995 | |
Source: | Code function: | 0_2_0019BFA1 | |
Source: | Code function: | 0_2_0019B559 | |
Source: | Code function: | 0_2_0019BEE1 | |
Source: | Code function: | 0_2_0019C9E1 | |
Source: | Code function: | 5_2_1319561C |
Source: | Evasive API call chain: | graph_5-7615 |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | API call chain: | graph_5-8827 |
Anti Debugging |
---|
Source: | Debugger detection routine: | graph_5-7603 |
Source: | Code function: | 5_2_131A1C1F |
Source: | Code function: | 5_2_14A8C880 |
Source: | Code function: | 5_2_131B2121 | |
Source: | Code function: | 5_2_131ACD25 | |
Source: | Code function: | 5_2_131B2165 |
Source: | Code function: | 5_2_131946C5 | |
Source: | Code function: | 5_2_131A1C1F |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 5_2_131B176D | |
Source: | Code function: | 5_2_131BB391 | |
Source: | Code function: | 5_2_131BB7FC | |
Source: | Code function: | 5_2_131BBA28 | |
Source: | Code function: | 5_2_131BBAF7 | |
Source: | Code function: | 5_2_131BB51E | |
Source: | Code function: | 5_2_131BB922 | |
Source: | Code function: | 5_2_131B1D26 | |
Source: | Code function: | 5_2_131BB196 | |
Source: | Code function: | 5_2_131BB5A9 | |
Source: | Code function: | 5_2_131BB438 | |
Source: | Code function: | 5_2_131BB483 |
Source: | Code function: | 5_2_13181B54 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 311 Process Injection | 111 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 311 Process Injection | LSASS Memory | 111 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 111 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 13 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
68% | ReversingLabs | Win32.Trojan.Leonem | ||
100% | Avira | HEUR/AGEN.1326162 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
194.48.248.72 | unknown | Germany | 200319 | KVANTTELECOM-ASDE | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1486293 |
Start date and time: | 2024-08-01 22:24:12 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 5086520740-COMPROBANTE-DE-PAGO-000255784540102210.exe |
Detection: | MAL |
Classification: | mal80.evad.winEXE@3/0@0/1 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target 5086520740-COMPROBANTE-DE-PAGO-000255784540102210.exe, PID 7412 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: 5086520740-COMPROBANTE-DE-PAGO-000255784540102210.exe
Time | Type | Description |
---|---|---|
16:26:04 | API Interceptor | |
16:27:03 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
194.48.248.72 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
KVANTTELECOM-ASDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | AsyncRAT, Metasploit | Browse |
|
File type: | |
Entropy (8bit): | 6.246498159990531 |
TrID: |
|
File name: | 5086520740-COMPROBANTE-DE-PAGO-000255784540102210.exe |
File size: | 20'952'576 bytes |
MD5: | e8e5c3ae6f7d5ff91bda7379b8e16eff |
SHA1: | 21117032713e26242bcd242dea4b3670396ed18c |
SHA256: | 47636fba9f8ced2a907949ebbf64334026f6efb6946dd0c78cad5dc19b478a10 |
SHA512: | 6bd694f401c019f4c1c501616c0d53909a877c1bfad95eefe3cfee388ccbcbf277f71375d82a0fee44a7f6db0af23521430cbe4cc76fc819437463a206a976bc |
SSDEEP: | 49152:QUWPHQD/5UdV+gTSqPeglsvxypQ+17dT1w4UDCsv2NEQAOmh9j5gv+GfPf4WTXbu:3W4/6+ |
TLSH: | AF272321BE919837C279533D5D2F8A4C69747E120C18E88B76EC2ACD1F79F8025379B6 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 9fab8382a38e0c03 |
Entrypoint: | 0x4d2a94 |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x669E6C05 [Mon Jul 22 14:26:13 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 1eaba923417f1384596783f4373d4939 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
push ebx |
push esi |
push edi |
mov eax, 004D0634h |
call 00007F5A091F2346h |
xor ecx, ecx |
mov dl, 01h |
mov eax, dword ptr [0045575Ch] |
call 00007F5A09243C0Ch |
mov edx, 004D2B90h |
call 00007F5A0922E20Ah |
xor eax, eax |
push ebp |
push 004D2AE1h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
mov eax, ebx |
mov edx, dword ptr [eax] |
call dword ptr [edx+00000080h] |
xor eax, eax |
pop edx |
pop ecx |
pop ecx |
mov dword ptr fs:[eax], edx |
jmp 00007F5A092BDDBCh |
jmp 00007F5A091EF543h |
call 00007F5A091EF94Eh |
mov eax, dword ptr [004D6D04h] |
mov byte ptr [eax], 00000000h |
xor eax, eax |
push ebp |
push 004D2B15h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
mov eax, dword ptr [004DE0A4h] |
call 00007F5A0924969Ah |
xor eax, eax |
pop edx |
pop ecx |
pop ecx |
mov dword ptr fs:[eax], edx |
jmp 00007F5A092BDDC1h |
jmp 00007F5A091EF50Fh |
call 00007F5A09252B16h |
call 00007F5A091EF915h |
push 004DE0A8h |
push 00000000h |
push 00000000h |
push 0046878Ch |
push 00000000h |
push 00000000h |
mov eax, dword ptr [004D6C60h] |
mov eax, dword ptr [eax] |
call eax |
mov eax, 00006590h |
call 00007F5A092BB7E4h |
push 00000000h |
push 00468898h |
push 004D2BA4h |
mov eax, dword ptr [004D97F8h] |
push eax |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xdf000 | 0x2bd8 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xf2000 | 0x1315000 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe4000 | 0xd968 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xe3000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xdf80c | 0x6b8 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xcfc1c | 0xcfe00 | 3d0301c8cca9a93439be1ed5cafc4fae | False | 0.4918398601924233 | data | 6.574992527817769 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0xd1000 | 0x1ba8 | 0x1c00 | 4a9f11a13f10de4240e1dfe7b8beff3e | False | 0.5152064732142857 | data | 6.1428169380451 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0xd3000 | 0x3f84 | 0x4000 | 64fafb3cdc024d3b68ddbd781a89ce7c | False | 0.46923828125 | data | 5.182909232876594 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0xd7000 | 0x70ac | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xdf000 | 0x2bd8 | 0x2c00 | 6117c3020db8277a83a0d4efb36ebe82 | False | 0.3161399147727273 | data | 5.203544274296878 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0xe2000 | 0x40 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xe3000 | 0x18 | 0x200 | 88957af7b93b1e7ad3b3d28d202168d8 | False | 0.05078125 | MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "N" | 0.2108262677871819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe4000 | 0xd968 | 0xda00 | 04a5d96b93142eb29fdd31329dfb07cf | False | 0.5882669151376146 | data | 6.686869056687598 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0xf2000 | 0x1315000 | 0x1315000 | 836150eb4cdd65a6610afe8770d61488 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
MYT | 0xf4598 | 0x12b4800 | ASCII text, with very long lines (65536), with no line terminators | English | United States | 0.7574853897094727 |
RT_CURSOR | 0x13a8d98 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_CURSOR | 0x13a8ecc | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0x13a9000 | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x13a9134 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0x13a9268 | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0x13a939c | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x13a94d0 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_BITMAP | 0x13a9604 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0x13a97d4 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | English | United States | 0.46487603305785125 |
RT_BITMAP | 0x13a99b8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0x13a9b88 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39870689655172414 |
RT_BITMAP | 0x13a9d58 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.4245689655172414 |
RT_BITMAP | 0x13a9f28 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5021551724137931 |
RT_BITMAP | 0x13aa0f8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5064655172413793 |
RT_BITMAP | 0x13aa2c8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0x13aa498 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5344827586206896 |
RT_BITMAP | 0x13aa668 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0x13aa838 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.4870689655172414 |
RT_ICON | 0x13aa920 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | 0.11578885214926783 | ||
RT_ICON | 0x13aeb48 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.14844398340248963 | ||
RT_ICON | 0x13b10f0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.20872420262664165 | ||
RT_ICON | 0x13b2198 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | 0.31475409836065577 | ||
RT_ICON | 0x13b2b20 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.4432624113475177 | ||
RT_DIALOG | 0x13b2f88 | 0x52 | data | 0.7682926829268293 | ||
RT_DIALOG | 0x13b2fdc | 0x52 | data | 0.7560975609756098 | ||
RT_STRING | 0x13b3030 | 0x100 | data | 0.53515625 | ||
RT_STRING | 0x13b3130 | 0x38c | data | 0.44823788546255505 | ||
RT_STRING | 0x13b34bc | 0x374 | data | 0.39819004524886875 | ||
RT_STRING | 0x13b3830 | 0x378 | data | 0.33783783783783783 | ||
RT_STRING | 0x13b3ba8 | 0x590 | data | 0.38342696629213485 | ||
RT_STRING | 0x13b4138 | 0x25c | data | 0.47516556291390727 | ||
RT_STRING | 0x13b4394 | 0x2ac | data | 0.3201754385964912 | ||
RT_STRING | 0x13b4640 | 0x3c0 | data | 0.3541666666666667 | ||
RT_STRING | 0x13b4a00 | 0x394 | data | 0.44868995633187775 | ||
RT_STRING | 0x13b4d94 | 0x2ec | data | 0.45588235294117646 | ||
RT_STRING | 0x13b5080 | 0x498 | data | 0.37244897959183676 | ||
RT_STRING | 0x13b5518 | 0x28c | data | 0.4938650306748466 | ||
RT_STRING | 0x13b57a4 | 0x284 | data | 0.4922360248447205 | ||
RT_STRING | 0x13b5a28 | 0x4f0 | data | 0.3947784810126582 | ||
RT_STRING | 0x13b5f18 | 0x558 | data | 0.3347953216374269 | ||
RT_STRING | 0x13b6470 | 0x3a4 | data | 0.3723175965665236 | ||
RT_STRING | 0x13b6814 | 0x3e4 | data | 0.42168674698795183 | ||
RT_STRING | 0x13b6bf8 | 0x37c | StarOffice Gallery theme l, 1845522176 objects, 1st M | 0.43946188340807174 | ||
RT_STRING | 0x13b6f74 | 0xa0 | data | 0.7125 | ||
RT_STRING | 0x13b7014 | 0xe4 | data | 0.6359649122807017 | ||
RT_STRING | 0x13b70f8 | 0x148 | data | 0.5701219512195121 | ||
RT_STRING | 0x13b7240 | 0x478 | data | 0.38636363636363635 | ||
RT_STRING | 0x13b76b8 | 0x360 | data | 0.3923611111111111 | ||
RT_STRING | 0x13b7a18 | 0x2f0 | data | 0.42686170212765956 | ||
RT_STRING | 0x13b7d08 | 0x34c | data | 0.3744075829383886 | ||
RT_STRING | 0x13b8054 | 0x388 | data | 0.41814159292035397 | ||
RT_STRING | 0x13b83dc | 0xd0 | data | 0.5721153846153846 | ||
RT_STRING | 0x13b84ac | 0xa0 | data | 0.65 | ||
RT_STRING | 0x13b854c | 0x2f8 | data | 0.4473684210526316 | ||
RT_STRING | 0x13b8844 | 0x3e8 | data | 0.339 | ||
RT_STRING | 0x13b8c2c | 0x310 | data | 0.37755102040816324 | ||
RT_STRING | 0x13b8f3c | 0x2f4 | data | 0.3558201058201058 | ||
RT_RCDATA | 0x13b9230 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x13b9240 | 0x1536 | MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel | 0.6550644567219153 | ||
RT_RCDATA | 0x13ba778 | 0x359 | GIF image data, version 89a, 16 x 16 | 0.15635939323220538 | ||
RT_RCDATA | 0x13baad4 | 0x12c | GIF image data, version 89a, 10 x 12 | 0.83 | ||
RT_RCDATA | 0x13bac00 | 0x129 | GIF image data, version 89a, 10 x 12 | 0.7575757575757576 | ||
RT_RCDATA | 0x13bad2c | 0x4c8 | GIF image data, version 89a, 24 x 24 | 0.6282679738562091 | ||
RT_RCDATA | 0x13bb1f4 | 0x4b5 | GIF image data, version 89a, 24 x 24 | 0.5526970954356847 | ||
RT_RCDATA | 0x13bb6ac | 0x42e | GIF image data, version 89a, 24 x 24 | 0.5112149532710281 | ||
RT_RCDATA | 0x13bbadc | 0x42e | GIF image data, version 89a, 24 x 24 | 0.4766355140186916 | ||
RT_RCDATA | 0x13bbf0c | 0x432 | GIF image data, version 89a, 24 x 24 | 0.5027932960893855 | ||
RT_RCDATA | 0x13bc340 | 0x434 | GIF image data, version 89a, 24 x 24 | 0.4758364312267658 | ||
RT_RCDATA | 0x13bc774 | 0x4da | GIF image data, version 89a, 24 x 24 | 0.6191626409017713 | ||
RT_RCDATA | 0x13bcc50 | 0x4c1 | GIF image data, version 89a, 24 x 24 | 0.5825801150369762 | ||
RT_RCDATA | 0x13bd114 | 0x449 | GIF image data, version 89a, 24 x 24 | 0.5077484047402006 | ||
RT_RCDATA | 0x13bd560 | 0x455 | GIF image data, version 89a, 24 x 24 | 0.5067628494138864 | ||
RT_RCDATA | 0x13bd9b8 | 0x4ce | GIF image data, version 89a, 24 x 24 | 0.6699186991869919 | ||
RT_RCDATA | 0x13bde88 | 0x4b9 | GIF image data, version 89a, 24 x 24 | 0.5665839536807279 | ||
RT_RCDATA | 0x13be344 | 0x32e | GIF image data, version 89a, 24 x 24 | 0.9582309582309583 | ||
RT_RCDATA | 0x13be674 | 0x30e | GIF image data, version 89a, 24 x 24 | 0.8491048593350383 | ||
RT_RCDATA | 0x13be984 | 0x444 | GIF image data, version 89a, 24 x 24 | 0.5265567765567766 | ||
RT_RCDATA | 0x13bedc8 | 0x44f | GIF image data, version 89a, 24 x 24 | 0.4877606527651859 | ||
RT_RCDATA | 0x13bf218 | 0x4b5 | GIF image data, version 89a, 24 x 24 | 0.6182572614107884 | ||
RT_RCDATA | 0x13bf6d0 | 0x4ab | GIF image data, version 89a, 24 x 24 | 0.5581589958158996 | ||
RT_RCDATA | 0x13bfb7c | 0x480 | GIF image data, version 89a, 24 x 24 | 0.5815972222222222 | ||
RT_RCDATA | 0x13bfffc | 0x46a | GIF image data, version 89a, 24 x 24 | 0.5389380530973451 | ||
RT_RCDATA | 0x13c0468 | 0x672 | HTML document, ASCII text, with CRLF, LF line terminators | 0.4593939393939394 | ||
RT_RCDATA | 0x13c0adc | 0xe34 | GIF image data, version 89a, 105 x 141 | 1.0030253025302531 | ||
RT_RCDATA | 0x13c1910 | 0xa25 | GIF image data, version 89a, 171 x 75 | 1.0042356565267616 | ||
RT_RCDATA | 0x13c2338 | 0x4b | GIF image data, version 89a, 16 x 16 | 0.9733333333333334 | ||
RT_RCDATA | 0x13c2384 | 0x3f | GIF image data, version 89a, 12 x 16 | 1.0317460317460319 | ||
RT_RCDATA | 0x13c23c4 | 0x6e | GIF image data, version 89a, 16 x 16 | 1.009090909090909 | ||
RT_RCDATA | 0x13c2434 | 0x50 | GIF image data, version 89a, 16 x 16 | 1.025 | ||
RT_RCDATA | 0x13c2484 | 0x6c | GIF image data, version 89a, 16 x 16 | 1.0092592592592593 | ||
RT_RCDATA | 0x13c24f0 | 0x4f | GIF image data, version 89a, 16 x 16 | 1.0253164556962024 | ||
RT_RCDATA | 0x13c2540 | 0x6f | GIF image data, version 89a, 17 x 16 | 1.018018018018018 | ||
RT_RCDATA | 0x13c25b0 | 0x41 | GIF image data, version 89a, 15 x 15 | 0.9846153846153847 | ||
RT_RCDATA | 0x13c25f4 | 0x3c | GIF image data, version 89a, 16 x 12 | 1.0333333333333334 | ||
RT_RCDATA | 0x13c2630 | 0x69 | GIF image data, version 89a, 16 x 16 | 1.019047619047619 | ||
RT_RCDATA | 0x13c269c | 0x4d | GIF image data, version 89a, 16 x 16 | 1.025974025974026 | ||
RT_RCDATA | 0x13c26ec | 0x71 | GIF image data, version 89a, 16 x 17 | 1.079646017699115 | ||
RT_RCDATA | 0x13c2760 | 0x69 | GIF image data, version 89a, 16 x 16 | 1.0095238095238095 | ||
RT_RCDATA | 0x13c27cc | 0x4d | GIF image data, version 89a, 16 x 16 | 1.025974025974026 | ||
RT_RCDATA | 0x13c281c | 0x453 | HTML document, ASCII text, with CRLF line terminators | 0.4706413730803975 | ||
RT_RCDATA | 0x13c2c70 | 0x36 | GIF image data, version 89a, 1 x 1 | 1.037037037037037 | ||
RT_RCDATA | 0x13c2ca8 | 0x91 | GIF image data, version 89a, 16 x 16 | 0.8137931034482758 | ||
RT_RCDATA | 0x13c2d3c | 0x82 | GIF image data, version 89a, 16 x 16 | 0.7769230769230769 | ||
RT_RCDATA | 0x13c2dc0 | 0x75 | GIF image data, version 89a, 16 x 16 | 0.717948717948718 | ||
RT_RCDATA | 0x13c2e38 | 0x9e | GIF image data, version 89a, 16 x 16 | 0.8354430379746836 | ||
RT_RCDATA | 0x13c2ed8 | 0x7c | GIF image data, version 89a, 16 x 16 | 0.7419354838709677 | ||
RT_RCDATA | 0x13c2f54 | 0x6528 | ASCII text, with CRLF line terminators | 0.21265832561013284 | ||
RT_RCDATA | 0x13c947c | 0xed2 | HTML document, ASCII text, with CRLF line terminators | 0.30179230363732207 | ||
RT_RCDATA | 0x13ca350 | 0x5e71 | ASCII text, with CRLF line terminators | 0.197294949745626 | ||
RT_RCDATA | 0x13d01c4 | 0x5bdc | ASCII text, with CRLF line terminators | 0.23762544650450756 | ||
RT_RCDATA | 0x13d5da0 | 0x539 | ASCII text, with CRLF line terminators | 0.32161555721765145 | ||
RT_RCDATA | 0x13d62dc | 0x1f8a | HTML document, ASCII text, with CRLF line terminators | 0.22652960118900173 | ||
RT_RCDATA | 0x13d8268 | 0x1687 | ASCII text, with CRLF line terminators | 0.27171839778047513 | ||
RT_RCDATA | 0x13d98f0 | 0x17e1 | ASCII text, with CRLF line terminators | 0.2947816129559954 | ||
RT_RCDATA | 0x13db0d4 | 0x1ec5 | ASCII text, with CRLF line terminators | 0.20743938047480004 | ||
RT_RCDATA | 0x13dcf9c | 0x100c | ISO-8859 text, with CRLF line terminators | 0.31523855890944497 | ||
RT_RCDATA | 0x13ddfa8 | 0xb6d | ASCII text, with CRLF line terminators | 0.24102564102564103 | ||
RT_RCDATA | 0x13deb18 | 0x348 | ASCII text, with CRLF line terminators | 0.4714285714285714 | ||
RT_RCDATA | 0x13dee60 | 0x4ed | ASCII text, with CRLF line terminators | 0.2720063441712926 | ||
RT_RCDATA | 0x13df350 | 0x2408 | ASCII text, with CRLF line terminators | 0.1980702515177797 | ||
RT_RCDATA | 0x13e1758 | 0x1b42 | ASCII text, with CRLF line terminators | 0.20134709085697908 | ||
RT_RCDATA | 0x13e329c | 0xb955 | ASCII text | 0.2215618084097376 | ||
RT_RCDATA | 0x13eebf4 | 0x16003 | ASCII text | 0.21206236475614493 | ||
RT_RCDATA | 0x1404bf8 | 0xd7b | ASCII text, with CRLF line terminators | 0.325992465951898 | ||
RT_RCDATA | 0x1405974 | 0x72a | ASCII text, with CRLF line terminators | 0.1772082878953108 | ||
RT_RCDATA | 0x14060a0 | 0xadc | data | 0.5532374100719425 | ||
RT_GROUP_CURSOR | 0x1406b7c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x1406b90 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x1406ba4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1406bb8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1406bcc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1406be0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1406bf4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x1406c08 | 0x4c | data | 0.8026315789473685 | ||
RT_VERSION | 0x1406c54 | 0x328 | data | 0.4183168316831683 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
user32.dll | GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA |
kernel32.dll | GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, RemoveDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
user32.dll | CreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CharNextW, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
gdi32.dll | UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
kernel32.dll | lstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQuery, VirtualAlloc, TryEnterCriticalSection, SuspendThread, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, RaiseException, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemDirectoryA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesExA, GetFileAttributesA, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CreateDirectoryA, CompareStringA, CloseHandle |
advapi32.dll | RevertToSelf, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey, OpenThreadToken, ImpersonateLoggedOnUser |
kernel32.dll | Sleep |
ole32.dll | CoCreateGuid |
oleaut32.dll | GetErrorInfo, SysFreeString |
ole32.dll | CoUninitialize, CoInitialize |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit |
comctl32.dll | _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 1, 2024 22:27:03.818921089 CEST | 49737 | 7833 | 192.168.2.4 | 194.48.248.72 |
Aug 1, 2024 22:27:03.826812029 CEST | 7833 | 49737 | 194.48.248.72 | 192.168.2.4 |
Aug 1, 2024 22:27:03.826881886 CEST | 49737 | 7833 | 192.168.2.4 | 194.48.248.72 |
Aug 1, 2024 22:27:03.829597950 CEST | 49737 | 7833 | 192.168.2.4 | 194.48.248.72 |
Aug 1, 2024 22:27:03.834614992 CEST | 7833 | 49737 | 194.48.248.72 | 192.168.2.4 |
Aug 1, 2024 22:27:04.071747065 CEST | 49737 | 7833 | 192.168.2.4 | 194.48.248.72 |
Aug 1, 2024 22:27:04.119812965 CEST | 7833 | 49737 | 194.48.248.72 | 192.168.2.4 |
Aug 1, 2024 22:27:04.203362942 CEST | 49738 | 7833 | 192.168.2.4 | 194.48.248.72 |
Aug 1, 2024 22:27:04.208368063 CEST | 7833 | 49738 | 194.48.248.72 | 192.168.2.4 |
Aug 1, 2024 22:27:04.208448887 CEST | 49738 | 7833 | 192.168.2.4 | 194.48.248.72 |
Aug 1, 2024 22:27:04.209230900 CEST | 49738 | 7833 | 192.168.2.4 | 194.48.248.72 |
Aug 1, 2024 22:27:04.214173079 CEST | 7833 | 49738 | 194.48.248.72 | 192.168.2.4 |
Aug 1, 2024 22:27:25.205936909 CEST | 7833 | 49737 | 194.48.248.72 | 192.168.2.4 |
Aug 1, 2024 22:27:25.206028938 CEST | 49737 | 7833 | 192.168.2.4 | 194.48.248.72 |
Aug 1, 2024 22:27:25.616087914 CEST | 7833 | 49738 | 194.48.248.72 | 192.168.2.4 |
Aug 1, 2024 22:27:25.616180897 CEST | 49738 | 7833 | 192.168.2.4 | 194.48.248.72 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:25:05 |
Start date: | 01/08/2024 |
Path: | C:\Users\user\Desktop\5086520740-COMPROBANTE-DE-PAGO-000255784540102210.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 20'952'576 bytes |
MD5 hash: | E8E5C3AE6F7D5FF91BDA7379B8E16EFF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 5 |
Start time: | 16:27:00 |
Start date: | 01/08/2024 |
Path: | C:\Windows\SysWOW64\grpconv.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x840000 |
File size: | 40'448 bytes |
MD5 hash: | 5A13926732E6D349FD060C072BC7FB74 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Execution Graph
Execution Coverage: | 3.8% |
Dynamic/Decrypted Code Coverage: | 5.5% |
Signature Coverage: | 7.7% |
Total number of Nodes: | 1712 |
Total number of Limit Nodes: | 5 |
Graph
Function 14A8C880 Relevance: 7.7, APIs: 5, Instructions: 184librarymemoryloaderCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131B2121 Relevance: .0, Instructions: 29COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131A0CDF Relevance: 7.6, APIs: 5, Instructions: 66threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 13155A30 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131A0C2A Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131BB5A9 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131BB7FC Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131BBA28 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131BB391 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131BAC47 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131B2165 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 13153F20 Relevance: 15.3, APIs: 10, Instructions: 304COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131B032A Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 13193D63 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 13153350 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 13142780 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 131BFEE5 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|