Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Flash USDT Sender.exe

Overview

General Information

Sample name:Flash USDT Sender.exe
Analysis ID:1513687
MD5:54ddbd4b606a89ea2df3106d1a1c7ddf
SHA1:3e0bd1e9538bf923255f28c446042333cf4a8c8f
SHA256:08dfd2902c7392d2a92747ad04fe87ba97ac9da34f6838e33cc464e13cc3ca5b
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Detected potential crypto function
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Flash USDT Sender.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\Flash USDT Sender.exe" MD5: 54DDBD4B606A89EA2DF3106D1A1C7DDF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Networking
  • System Summary
  • Data Obfuscation
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://flashusdt.shop/Avira URL Cloud: Label: malware
Source: Flash USDT Sender.exeVirustotal: Detection: 21%Perma Link
Source: Flash USDT Sender.exeJoe Sandbox ML: detected
Source: Flash USDT Sender.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Flash USDT Sender.exe, 00000000.00000002.2969253673.0000000002E81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: Flash USDT Sender.exeString found in binary or memory: https://flashusdt.shop/
Source: C:\Users\user\Desktop\Flash USDT Sender.exeCode function: 0_2_02D3C1B80_2_02D3C1B8
Source: C:\Users\user\Desktop\Flash USDT Sender.exeCode function: 0_2_07A154480_2_07A15448
Source: C:\Users\user\Desktop\Flash USDT Sender.exeCode function: 0_2_07A183B00_2_07A183B0
Source: C:\Users\user\Desktop\Flash USDT Sender.exeCode function: 0_2_07A110810_2_07A11081
Source: C:\Users\user\Desktop\Flash USDT Sender.exeCode function: 0_2_07A13B300_2_07A13B30
Source: C:\Users\user\Desktop\Flash USDT Sender.exeCode function: 0_2_07A149900_2_07A14990
Source: C:\Users\user\Desktop\Flash USDT Sender.exeCode function: 0_2_07A165C00_2_07A165C0
Source: C:\Users\user\Desktop\Flash USDT Sender.exeCode function: 0_2_07A160F80_2_07A160F8
Source: C:\Users\user\Desktop\Flash USDT Sender.exeCode function: 0_2_07A149900_2_07A14990
Source: C:\Users\user\Desktop\Flash USDT Sender.exeCode function: 0_2_07A183B00_2_07A183B0
Source: Flash USDT Sender.exe, 00000000.00000002.2968451486.0000000000F0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Flash USDT Sender.exe
Source: classification engineClassification label: mal60.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\Flash USDT Sender.exeMutant created: NULL
Source: Flash USDT Sender.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Flash USDT Sender.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\Flash USDT Sender.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Flash USDT Sender.exeVirustotal: Detection: 21%
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeSection loaded: wintypes.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Flash USDT Sender.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: Flash USDT Sender.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Flash USDT Sender.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Flash USDT Sender.exeStatic PE information: 0xED3E1D21 [Thu Feb 16 22:48:01 2096 UTC]
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeMemory allocated: 1490000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeMemory allocated: 2E80000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeMemory allocated: 2C90000 memory reserve | memory write watchJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Flash USDT Sender.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Users\user\Desktop\Flash USDT Sender.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Flash USDT Sender.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Timestomp		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1513687 Sample: Flash USDT Sender.exe Startdate: 19/09/2024 Architecture: WINDOWS Score: 60 7 Antivirus detection for URL or domain 2->7 9 Multi AV Scanner detection for submitted file 2->9 11 Machine Learning detection for sample 2->11 5 Flash USDT Sender.exe 2 2->5         started        process3

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Flash USDT Sender.exe17%ReversingLabs
Flash USDT Sender.exe22%VirustotalBrowse
Flash USDT Sender.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.fontbureau.com0%URL Reputationsafe
http://www.fontbureau.com0%URL Reputationsafe
http://www.fontbureau.com/designersG0%URL Reputationsafe
http://www.fontbureau.com/designers/?0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.fontbureau.com/designers?0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.fontbureau.com/designers80%URL Reputationsafe
http://www.fonts.com0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.apache.org/licenses/LICENSE-2.00%Avira URL Cloudsafe
https://flashusdt.shop/100%Avira URL Cloudmalware
https://flashusdt.shop/1%VirustotalBrowse
http://www.apache.org/licenses/LICENSE-2.00%VirustotalBrowse

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.apache.org/licenses/LICENSE-2.0Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.fontbureau.comFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersGFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers/?Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.founder.com.cn/cn/bTheFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers?Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.tiro.comFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://www.goodfont.co.krFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.carterandcone.comlFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.sajatypeworks.comFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.typography.netDFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers/cabarga.htmlNFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.founder.com.cn/cn/cTheFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.galapagosdesign.com/staff/dennis.htmFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.founder.com.cn/cnFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers/frere-user.htmlFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://flashusdt.shop/Flash USDT Sender.exefalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: malware
unknown
http://www.jiyu-kobo.co.jp/Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.galapagosdesign.com/DPleaseFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers8Flash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fonts.comFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.sandoll.co.krFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.urwpp.deDPleaseFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.zhongyicts.com.cnFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFlash USDT Sender.exe, 00000000.00000002.2969253673.0000000002E81000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.sakkal.comFlash USDT Sender.exe, 00000000.00000002.2970720027.0000000007082000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1513687
Start date and time:2024-09-19 08:00:23 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 11s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Flash USDT Sender.exe
Detection:MAL
Classification:mal60.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 99%
  • Number of executed functions: 30
  • Number of non-executed functions: 3
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):6.021729253342202
TrID:
  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
  • Win32 Executable (generic) a (10002005/4) 49.78%
  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
  • Generic Win/DOS Executable (2004/3) 0.01%
  • DOS Executable Generic (2002/1) 0.01%
File name:Flash USDT Sender.exe
File size:794'112 bytes
MD5:54ddbd4b606a89ea2df3106d1a1c7ddf
SHA1:3e0bd1e9538bf923255f28c446042333cf4a8c8f
SHA256:08dfd2902c7392d2a92747ad04fe87ba97ac9da34f6838e33cc464e13cc3ca5b
SHA512:be3501c8533397e9c784c6d5e2238b0cb987147dddcc250fb8bfa8dc1ae30c129bf07aa80e54ee076d3ee55ba2b5198b29849f6d68bc9559d964ce4260fec75f
SSDEEP:12288:CYZzBxAHBmPLSoiy76qlHHyH7VVLg3ip8:nAhmeoiy7XlHEVVL
TLSH:FAF4CF427E0CDE51E86F463C0B39C9481A732C56EAD4A89FFA867FCB193FD128913651
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!.>..........."...P..j............... ........@.. ....................................`................................

File Icon

Icon Hash:176971d2f0733307

Static PE Info

General

Entrypoint:0x4a88de
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:0xED3E1D21 [Thu Feb 16 22:48:01 2096 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0xa888c0x4f.text
IMAGE_DIRECTORY_ENTRY_RESOURCE0xaa0000x1aea6.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0xc60000xc.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x20000xa68e40xa6a00503fc1e711d8eb833e9406a26c9aa110False0.5417482300262566data6.337965381029678IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc0xaa0000x1aea60x1b0006fd193dea0b4e5c189e5114ec5dcfe04False0.14993851273148148data3.590748778442056IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0xc60000xc0x2003fcb25b6985aa831cd5b1d98be2b9553False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0xaa2200x21dbPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9901926848967347
RT_ICON0xac3fc0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 120945 x 120945 px/m0.050588548444339285
RT_ICON0xbcc240x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 120945 x 120945 px/m0.08862777515351913
RT_ICON0xc0e4c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 120945 x 120945 px/m0.1146265560165975
RT_ICON0xc33f40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 120945 x 120945 px/m0.15408067542213882
RT_ICON0xc449c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 120945 x 120945 px/m0.25620567375886527
RT_GROUP_ICON0xc49040x5adata0.7666666666666667
RT_VERSION0xc49600x35cdata0.4046511627906977
RT_MANIFEST0xc4cbc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
DLLImport
mscoree.dll_CorExeMain

Network Behavior

Download Network PCAP: filteredfull

TimestampSource PortDest PortSource IPDest IP
Sep 19, 2024 08:01:39.350281000 CEST53497071.1.1.1192.168.2.4
Sep 19, 2024 08:01:40.833364010 CEST53515981.1.1.1192.168.2.4

Statistics

CPU Usage

050100s020406080100

Click to jump to process

Memory Usage

050100s0.00102030MB

Click to jump to process

High Level Behavior Distribution

  • File
  • Registry

Click to dive into process behavior distribution

System Behavior

General

Target ID:0
Start time:02:01:19
Start date:19/09/2024
Path:C:\Users\user\Desktop\Flash USDT Sender.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\Flash USDT Sender.exe"
Imagebase:0xa50000
File size:794'112 bytes
MD5 hash:54DDBD4B606A89EA2DF3106D1A1C7DDF
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:10.7%
Dynamic/Decrypted Code Coverage:100%
Signature Coverage:0%
Total number of Nodes:116
Total number of Limit Nodes:11
Show Legend
Hide Nodes/Edges
execution_graph 22993 7a1c670 DispatchMessageA 22994 7a1c6dc 22993->22994 23008 7a11590 PeekMessageW 23009 7a11607 23008->23009 22999 2d3fe30 23002 2d3fe68 22999->23002 23003 2d3feb6 DrawTextExW 23002->23003 23005 2d3fe4d 23003->23005 22995 7a117b8 KiUserCallbackDispatcher 22996 7a1182c 22995->22996 23006 7a11c88 DispatchMessageW 23007 7a11cf4 23006->23007 22869 2d36d58 22870 2d36d68 22869->22870 22871 2d36d79 22870->22871 22874 2d36db7 22870->22874 22879 2d36e7f 22870->22879 22875 2d36df2 22874->22875 22876 2d36ee9 22875->22876 22884 2d37011 22875->22884 22888 2d37020 22875->22888 22876->22871 22880 2d36e84 22879->22880 22881 2d36ee9 22880->22881 22882 2d37011 5 API calls 22880->22882 22883 2d37020 5 API calls 22880->22883 22881->22871 22882->22881 22883->22881 22885 2d3702d 22884->22885 22887 2d37067 22885->22887 22892 2d36ab0 22885->22892 22887->22876 22889 2d3702d 22888->22889 22890 2d37067 22889->22890 22891 2d36ab0 5 API calls 22889->22891 22890->22876 22891->22890 22893 2d36abb 22892->22893 22895 2d37d80 22893->22895 22896 2d3721c 22893->22896 22895->22895 22897 2d37227 22896->22897 22898 2d37dfe 22897->22898 22908 2d3b340 22897->22908 22914 2d3b330 22897->22914 22920 2d3724c 22898->22920 22900 2d37e18 22925 2d3725c 22900->22925 22902 2d37e1f 22929 2d3d120 22902->22929 22938 2d3d108 22902->22938 22903 2d37e29 22903->22895 22909 2d3b36e 22908->22909 22911 2d3b397 22909->22911 22947 2d3a0b4 GetFocus 22909->22947 22912 2d3b43a KiUserCallbackDispatcher 22911->22912 22913 2d3b566 22911->22913 22912->22913 22915 2d3b36e 22914->22915 22917 2d3b397 22915->22917 22948 2d3a0b4 GetFocus 22915->22948 22918 2d3b43a KiUserCallbackDispatcher 22917->22918 22919 2d3b566 22917->22919 22918->22919 22921 2d37257 22920->22921 22924 2d3c891 22921->22924 22949 2d3c198 22921->22949 22923 2d3c88c 22923->22900 22924->22900 22926 2d37267 22925->22926 22953 2d3c29c 22926->22953 22928 2d3cf4f 22928->22902 22931 2d3d252 22929->22931 22932 2d3d151 22929->22932 22930 2d3d15d 22930->22903 22931->22903 22932->22930 22960 2d3d488 22932->22960 22963 2d3d478 22932->22963 22933 2d3d19e 22966 2d3e797 22933->22966 22972 2d3e7a8 22933->22972 22940 2d3d151 22938->22940 22942 2d3d252 22938->22942 22939 2d3d15d 22939->22903 22940->22939 22945 2d3d488 GetModuleHandleW 22940->22945 22946 2d3d478 GetModuleHandleW 22940->22946 22941 2d3d19e 22943 2d3e797 CreateWindowExW 22941->22943 22944 2d3e7a8 CreateWindowExW 22941->22944 22942->22903 22943->22942 22944->22942 22945->22941 22946->22941 22947->22911 22948->22917 22950 2d3c1a3 22949->22950 22951 2d3725c 2 API calls 22950->22951 22952 2d3ca75 22950->22952 22951->22952 22952->22923 22954 2d3c2a7 22953->22954 22955 2d3d0c1 22954->22955 22956 2d3d022 22954->22956 22958 2d3d120 2 API calls 22954->22958 22959 2d3d108 2 API calls 22954->22959 22955->22928 22956->22955 22957 2d3c29c 2 API calls 22956->22957 22957->22956 22958->22956 22959->22956 22977 2d3d4c8 22960->22977 22961 2d3d492 22961->22933 22964 2d3d492 22963->22964 22965 2d3d4c8 GetModuleHandleW 22963->22965 22964->22933 22965->22964 22967 2d3e767 22966->22967 22968 2d3e7a2 22966->22968 22967->22931 22969 2d3e882 22968->22969 22982 2d3f680 22968->22982 22985 2d3f650 22968->22985 22973 2d3e7d3 22972->22973 22974 2d3e882 22973->22974 22975 2d3f680 CreateWindowExW 22973->22975 22976 2d3f650 CreateWindowExW 22973->22976 22975->22974 22976->22974 22978 2d3d50c 22977->22978 22979 2d3d4e9 22977->22979 22978->22961 22979->22978 22980 2d3d710 GetModuleHandleW 22979->22980 22981 2d3d73d 22980->22981 22981->22961 22989 2d3c53c 22982->22989 22986 2d3f680 22985->22986 22987 2d3c53c CreateWindowExW 22986->22987 22988 2d3f6b5 22987->22988 22988->22969 22990 2d3fad0 CreateWindowExW 22989->22990 22992 2d3fbf4 22990->22992 22997 2d37788 DuplicateHandle 22998 2d3781e 22997->22998 23010 2d3fce8 23013 2d3f6ec 23010->23013 23014 2d3fd18 SetWindowLongW 23013->23014 23015 2d3fd00 23014->23015

Executed Functions

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 533 7a13b30-7a13b4f 534 7a13b55-7a13b75 call 7a12ecc 533->534 535 7a13c7a-7a13c9f 533->535 539 7a13b85-7a13b8e 534->539 540 7a13b77-7a13b7a 534->540 543 7a13ca6-7a13cd2 535->543 600 7a13b90 call 7a13b30 539->600 601 7a13b90 call 7a13b23 539->601 540->539 541 7a13b7c-7a13b7f 540->541 541->539 541->543 569 7a13cd9 543->569 544 7a13b96-7a13b98 546 7a13c6d-7a13c77 544->546 547 7a13b9e-7a13bae 544->547 549 7a13bb0-7a13bb5 547->549 550 7a13bb7-7a13bbc 547->550 553 7a13be7-7a13c0f call 7a12ed8 549->553 551 7a13bcc-7a13bd1 550->551 552 7a13bbe-7a13bca 550->552 554 7a13bd3-7a13be0 551->554 555 7a13be2-7a13be4 551->555 552->553 560 7a13c15-7a13c28 553->560 561 7a13cde-7a13d3a call 7a12ef4 553->561 554->553 555->553 565 7a13c69-7a13c6b 560->565 566 7a13c2a-7a13c67 560->566 571 7a13d40-7a13d51 561->571 572 7a13e34 561->572 565->546 565->569 566->565 569->561 578 7a13e01-7a13e2d 571->578 579 7a13d57-7a13d9f call 7a12f00 571->579 574 7a13e39-7a13e3d 572->574 576 7a13e51 574->576 577 7a13e3f-7a13e4e 574->577 577->576 578->572 594 7a13da1-7a13dc6 579->594 595 7a13dc8-7a13dcc 579->595 594->574 596 7a13de5-7a13dff 595->596 597 7a13dce-7a13de0 call 7a12f00 595->597 596->574 597->596 600->544 601->544
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID: $(&dq$(hq$Hhq
  • API String ID: 0-214990412
  • Opcode ID: 83bc78d6e05e9bfdb60c1c4126c297e34831cd016970888643256abe37c2d7cb
  • Instruction ID: 0444e6059ea53e2fe08d218d7a65e8ed06d31ea0c7bdc15b8b66ac193c341357
  • Opcode Fuzzy Hash: 83bc78d6e05e9bfdb60c1c4126c297e34831cd016970888643256abe37c2d7cb
  • Instruction Fuzzy Hash: 0F915CB1E002169FEB18DF79C4546AFBAF6BFC8710F108429E415AB294DB359905CBA1

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 602 7a15448-7a1555f 607 7a15565-7a15631 602->607 608 7a15636-7a15640 602->608 620 7a1596f-7a1597b 607->620 609 7a15646-7a1568e 608->609 610 7a157dd-7a15963 608->610 612 7a1569a-7a157d8 609->612 610->620 612->620 621 7a159b0-7a159d9 620->621 622 7a1597d-7a15984 620->622 623 7a15a4c-7a15aa1 621->623 626 7a15986-7a1598b 622->626 627 7a1598d-7a15994 622->627 638 7a15aa3 623->638 639 7a15aac-7a15b3f 623->639 628 7a159ac-7a159ae 626->628 629 7a15996-7a15998 627->629 630 7a1599a-7a159a9 627->630 628->621 631 7a159db-7a15a45 628->631 629->628 630->628 631->623 638->639 640 7a15aa5 638->640 649 7a15b41 639->649 650 7a15b4a-7a15bbe 639->650 640->639 649->650 651 7a15b43 649->651 659 7a15bc4-7a15c69 650->659 660 7a15c79-7a15caf 650->660 651->650 659->660 663 7a15c6b-7a15c78 659->663 666 7a15cb1 660->666 667 7a15cc3-7a15cd0 660->667 663->660 666->667 668 7a15cb3-7a15cc1 666->668 671 7a15cd1-7a15cdb 667->671 668->671 672 7a15d4b-7a15d5b 671->672 673 7a15cdd-7a15cf5 671->673 676 7a15d5c-7a15ebc 672->676 673->676 677 7a15cf7-7a15cfe 673->677 700 7a15eca 676->700 701 7a15ebe 676->701 678 7a15d00-7a15d05 677->678 679 7a15d07-7a15d0e 677->679 681 7a15d26-7a15d28 678->681 682 7a15d10-7a15d12 679->682 683 7a15d14-7a15d23 679->683 681->676 684 7a15d2a-7a15d49 681->684 682->681 683->681 684->676 701->700
Strings
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID: fff?$fff?
  • API String ID: 0-556400270
  • Opcode ID: 9bf86bb4fccbd72694bc0b7bf56d841f7d019548e5b99008fe0651d2b9f6f86d
  • Instruction ID: deb802e93c39df32bb45ed7b746f24ee283669e98a009cf3cddf9d721e979320
  • Opcode Fuzzy Hash: 9bf86bb4fccbd72694bc0b7bf56d841f7d019548e5b99008fe0651d2b9f6f86d
  • Instruction Fuzzy Hash: 01622A3281061ADFCF11DF50C884AD9B7B2FF9A300F1586D5E9186B165EB71AAD6CF80
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 80ef6d8a5181c7a3928fddcbbae1a9f84ab9e55c97fd33e5dc90f0ab4255b115
  • Instruction ID: 82a04d7108f9813ce298b7de7cf6ec0e4e88752e598c49499de5bccdd5124eee
  • Opcode Fuzzy Hash: 80ef6d8a5181c7a3928fddcbbae1a9f84ab9e55c97fd33e5dc90f0ab4255b115
  • Instruction Fuzzy Hash: 88526075A1065ACFDB21DF68C844AE9B7B1FF89300F1581D9E819AB261DB31EE81CF41
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 44b7e15ec3a99dd8dc815872c41e0f4c0bbe380d27313fd4fe1a7d9667c5b015
  • Instruction ID: 89114d932735693946e2c6be347b8ff6e7e1dacce1d1ee8582fac45a9d568467
  • Opcode Fuzzy Hash: 44b7e15ec3a99dd8dc815872c41e0f4c0bbe380d27313fd4fe1a7d9667c5b015
  • Instruction Fuzzy Hash: B8324871A1061ACFDB21DF64C944BD9B7B2FF89310F1585E9E819AB220DB74AE85CF40
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: a09b96581b12db413fded53a5be8597049c49f58ac129e38a3fec7d59a2d4192
  • Instruction ID: 1454fac1900a58d2705fcbfefd5560bb4d96c97aa5c5d07ccf2c3b7bca209dee
  • Opcode Fuzzy Hash: a09b96581b12db413fded53a5be8597049c49f58ac129e38a3fec7d59a2d4192
  • Instruction Fuzzy Hash: 83D181B0A0031ACFEB14DFA5C848B9DBBF1BF84314F158568E529AB2A5DB70D985CB40

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 800 2d3d4c8-2d3d4e7 801 2d3d513-2d3d517 800->801 802 2d3d4e9-2d3d4f6 call 2d3c374 800->802 803 2d3d52b-2d3d56c 801->803 804 2d3d519-2d3d523 801->804 809 2d3d4f8 802->809 810 2d3d50c 802->810 811 2d3d579-2d3d587 803->811 812 2d3d56e-2d3d576 803->812 804->803 858 2d3d4fe call 2d3d761 809->858 859 2d3d4fe call 2d3d770 809->859 810->801 813 2d3d5ab-2d3d5ad 811->813 814 2d3d589-2d3d58e 811->814 812->811 816 2d3d5b0-2d3d5b7 813->816 817 2d3d590-2d3d597 call 2d3c380 814->817 818 2d3d599 814->818 815 2d3d504-2d3d506 815->810 819 2d3d648-2d3d708 815->819 820 2d3d5c4-2d3d5cb 816->820 821 2d3d5b9-2d3d5c1 816->821 823 2d3d59b-2d3d5a9 817->823 818->823 851 2d3d710-2d3d73b GetModuleHandleW 819->851 852 2d3d70a-2d3d70d 819->852 824 2d3d5d8-2d3d5e1 call 2d3c390 820->824 825 2d3d5cd-2d3d5d5 820->825 821->820 823->816 831 2d3d5e3-2d3d5eb 824->831 832 2d3d5ee-2d3d5f3 824->832 825->824 831->832 833 2d3d611-2d3d615 832->833 834 2d3d5f5-2d3d5fc 832->834 856 2d3d618 call 2d3da41 833->856 857 2d3d618 call 2d3da50 833->857 834->833 836 2d3d5fe-2d3d60e call 2d3c148 call 2d3c3a0 834->836 836->833 837 2d3d61b-2d3d61e 840 2d3d641-2d3d647 837->840 841 2d3d620-2d3d63e 837->841 841->840 853 2d3d744-2d3d758 851->853 854 2d3d73d-2d3d743 851->854 852->851 854->853 856->837 857->837 858->815 859->815
APIs
  • GetModuleHandleW.KERNELBASE(00000000), ref: 02D3D72E
Memory Dump Source
  • Source File: 00000000.00000002.2969137242.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2d30000_Flash USDT Sender.jbxd
Similarity
  • API ID: HandleModule
  • String ID:
  • API String ID: 4139908857-0
  • Opcode ID: 605504befeda81731def80c0b96f3fa1ff6283d4427d81f17a962dcbbe5d2360
  • Instruction ID: 863f8b141e86c81db291aac4836c88f6c4fe01fe0c2a1979c7eb6a5df4379407
  • Opcode Fuzzy Hash: 605504befeda81731def80c0b96f3fa1ff6283d4427d81f17a962dcbbe5d2360
  • Instruction Fuzzy Hash: 268113B0A00B458FD766DF29D44479ABBF2FB89304F008929D49AD7B50DB75E849CFA0

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 860 2d3c53c-2d3fb36 862 2d3fb41-2d3fb48 860->862 863 2d3fb38-2d3fb3e 860->863 864 2d3fb53-2d3fbf2 CreateWindowExW 862->864 865 2d3fb4a-2d3fb50 862->865 863->862 867 2d3fbf4-2d3fbfa 864->867 868 2d3fbfb-2d3fc33 864->868 865->864 867->868 872 2d3fc40 868->872 873 2d3fc35-2d3fc38 868->873 873->872
APIs
  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02D3FBE2
Memory Dump Source
  • Source File: 00000000.00000002.2969137242.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2d30000_Flash USDT Sender.jbxd
Similarity
  • API ID: CreateWindow
  • String ID:
  • API String ID: 716092398-0
  • Opcode ID: 6146c8c89cb1adc0130525d85966f66cb0e54a80df0180f029d2994f22fe8929
  • Instruction ID: ba2fcc91275a70c47cc4952681b40d1f7cf2d36ff8b453e2b259d7d98f502ab7
  • Opcode Fuzzy Hash: 6146c8c89cb1adc0130525d85966f66cb0e54a80df0180f029d2994f22fe8929
  • Instruction Fuzzy Hash: EE51BEB1D1030D9FDB15CF9AC994ADEBBB5FF88314F24812AE819AB210D775A845CF90

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 874 2d3fe68-2d3feb4 875 2d3feb6-2d3febc 874->875 876 2d3febf-2d3fece 874->876 875->876 877 2d3fed3-2d3ff0c DrawTextExW 876->877 878 2d3fed0 876->878 879 2d3ff15-2d3ff32 877->879 880 2d3ff0e-2d3ff14 877->880 878->877 880->879
APIs
  • DrawTextExW.USER32(?,?,?,?,?,?), ref: 02D3FEFF
Memory Dump Source
  • Source File: 00000000.00000002.2969137242.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2d30000_Flash USDT Sender.jbxd
Similarity
  • API ID: DrawText
  • String ID:
  • API String ID: 2175133113-0
  • Opcode ID: 2a43c9b74c62651186be1e8becc11ee3d9b4f3139f2147e3459fc8e39d043edb
  • Instruction ID: 628d1d8f7163f010f075708dde270be53c61748c254ff8650d35f7ea5df2c7d0
  • Opcode Fuzzy Hash: 2a43c9b74c62651186be1e8becc11ee3d9b4f3139f2147e3459fc8e39d043edb
  • Instruction Fuzzy Hash: 6D21FDB5D003099FDB11CF9AD884AAEFBF5FB48324F14842AE819A7310D775A944CFA0

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 883 2d37780-2d37782 884 2d37788-2d3781c DuplicateHandle 883->884 885 2d37825-2d37842 884->885 886 2d3781e-2d37824 884->886 886->885
APIs
  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D3780F
Memory Dump Source
  • Source File: 00000000.00000002.2969137242.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2d30000_Flash USDT Sender.jbxd
Similarity
  • API ID: DuplicateHandle
  • String ID:
  • API String ID: 3793708945-0
  • Opcode ID: 4a32120cd6867b681fa07ae0d767f02b895d9d93f0a2c105161475e860a62a2d
  • Instruction ID: 676dd8075ba2abfeb548a48a56631e57425ccfc539529eedbb5ae2ab70316d15
  • Opcode Fuzzy Hash: 4a32120cd6867b681fa07ae0d767f02b895d9d93f0a2c105161475e860a62a2d
  • Instruction Fuzzy Hash: AB2105B59003489FDB10CFAAD884AEEFFF4EB48310F14841AE954A3310D374A940CF60

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 889 2d37788-2d3781c DuplicateHandle 890 2d37825-2d37842 889->890 891 2d3781e-2d37824 889->891 891->890
APIs
  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D3780F
Memory Dump Source
  • Source File: 00000000.00000002.2969137242.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2d30000_Flash USDT Sender.jbxd
Similarity
  • API ID: DuplicateHandle
  • String ID:
  • API String ID: 3793708945-0
  • Opcode ID: a689c7ac3f9587a51e133e950e24eb35b64c899b5cb9b68da0ef7be0a68eb782
  • Instruction ID: 8dca6efa1e58226831402a28505cec8b6bd634f5e27c459d8b21c0e3b43892d4
  • Opcode Fuzzy Hash: a689c7ac3f9587a51e133e950e24eb35b64c899b5cb9b68da0ef7be0a68eb782
  • Instruction Fuzzy Hash: 2521E3B59002089FDB10CFAAD984ADEFBF4EB48320F14841AE918A3350D374A944CFA0

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 894 7a11588-7a1158f 895 7a11590-7a11605 PeekMessageW 894->895 896 7a11607-7a1160d 895->896 897 7a1160e-7a1162f 895->897 896->897
APIs
  • PeekMessageW.USER32(?,?,?,?,?), ref: 07A115F8
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID: MessagePeek
  • String ID:
  • API String ID: 2222842502-0
  • Opcode ID: ad01e9b559adf8e14b8cfcf957273820ef443f7d7242c18d561029aad2ab3d00
  • Instruction ID: 3f33f4d992ee782555aef760743858d0f727d656f0ef9071c9fb2c4c062b773a
  • Opcode Fuzzy Hash: ad01e9b559adf8e14b8cfcf957273820ef443f7d7242c18d561029aad2ab3d00
  • Instruction Fuzzy Hash: 711123B58003599FDB10CF9AD944BDEBBF8EB48320F10842AE968A3251C378A544CFA5

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 899 7a117b0-7a117b7 900 7a117b8-7a1182a KiUserCallbackDispatcher 899->900 901 7a11833-7a11854 900->901 902 7a1182c-7a11832 900->902 902->901
APIs
  • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 07A1181D
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID: CallbackDispatcherUser
  • String ID:
  • API String ID: 2492992576-0
  • Opcode ID: a13a91fe93a83aa3c5793987db376134d8946b2b32101ef1b8ab2445b62a4be4
  • Instruction ID: 01fa7b6bf92ced44f906484a540962344c002fb22b60732b43e72c4666500d0c
  • Opcode Fuzzy Hash: a13a91fe93a83aa3c5793987db376134d8946b2b32101ef1b8ab2445b62a4be4
  • Instruction Fuzzy Hash: 6311F6B5C043499FDB10DF9AD845BDEFBF8EB48320F14842AE958A3641C379A544CFA5
APIs
  • PeekMessageW.USER32(?,?,?,?,?), ref: 07A115F8
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID: MessagePeek
  • String ID:
  • API String ID: 2222842502-0
  • Opcode ID: 531e3eeff3bf66c8ce6ee356f15c50b5e71bb01f7e6c87c032130ae06a7b005d
  • Instruction ID: a69433594dd59aeedcfd3e4c66788d7d76968e671fcadf4c21676006dd14beb7
  • Opcode Fuzzy Hash: 531e3eeff3bf66c8ce6ee356f15c50b5e71bb01f7e6c87c032130ae06a7b005d
  • Instruction Fuzzy Hash: 961104B580035D9FDB10CF9AD944BDEFBF8EB48320F10842AE969A3251C379A544CFA5
APIs
  • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 07A1181D
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID: CallbackDispatcherUser
  • String ID:
  • API String ID: 2492992576-0
  • Opcode ID: f4e974e9d19c2794d04f9d93ebbe9d5f51bdd1831ad7fb5272e1bc97a7fedfc6
  • Instruction ID: ba91dc6c31dbd69b72db27a60e9f78a08b6cda680aa4e08006f93ff43ac0481a
  • Opcode Fuzzy Hash: f4e974e9d19c2794d04f9d93ebbe9d5f51bdd1831ad7fb5272e1bc97a7fedfc6
  • Instruction Fuzzy Hash: 1711C3B58003499FDB10DF9AD844BDEFBF8EB48320F14842AE968A3641C378A544CFA5
APIs
  • GetModuleHandleW.KERNELBASE(00000000), ref: 02D3D72E
Memory Dump Source
  • Source File: 00000000.00000002.2969137242.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2d30000_Flash USDT Sender.jbxd
Similarity
  • API ID: HandleModule
  • String ID:
  • API String ID: 4139908857-0
  • Opcode ID: 9c7c27b7da54e356b37571ade5d293444d989954acf225606658d49337ae4bea
  • Instruction ID: 7be4ef01850c41605f25879ac327fea8f7d5ede79cedbdc302952ae59a942cde
  • Opcode Fuzzy Hash: 9c7c27b7da54e356b37571ade5d293444d989954acf225606658d49337ae4bea
  • Instruction Fuzzy Hash: DC11E0B5C003498FDB11DF9AC848ADEFBF5EB88324F10846AD469A7310C379A545CFA1
APIs
  • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,02D3FD00,?,?,?,?), ref: 02D3FD75
Memory Dump Source
  • Source File: 00000000.00000002.2969137242.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2d30000_Flash USDT Sender.jbxd
Similarity
  • API ID: LongWindow
  • String ID:
  • API String ID: 1378638983-0
  • Opcode ID: cc63f1f1e4b6107ac8aa9164354dc2fce8c6cf152cdbd8792736e89476e4b907
  • Instruction ID: 38834c7555f5a9d77d44b9cc617b4aae1469c4f8039ac4772a0770a73121e9a8
  • Opcode Fuzzy Hash: cc63f1f1e4b6107ac8aa9164354dc2fce8c6cf152cdbd8792736e89476e4b907
  • Instruction Fuzzy Hash: 9A1136B580034C8FDB10DF9AD588BDEBBF8EB88320F108419D958A7701C374A944CFA1
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID: DispatchMessage
  • String ID:
  • API String ID: 2061451462-0
  • Opcode ID: 65bf6fa1fe987f563a365d9d2a65ebffb1a9251a7e477a00f218cb8bd363971e
  • Instruction ID: e19a96cbf0a09fcdad340ae7a37e1b761f8fbf175468c6e633c8c2b1beda8a81
  • Opcode Fuzzy Hash: 65bf6fa1fe987f563a365d9d2a65ebffb1a9251a7e477a00f218cb8bd363971e
  • Instruction Fuzzy Hash: 981110B5C003499FDB10DF9AD848ACEBBF4EB48324F10841AD868A3600C778A544CFA5
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID: DispatchMessage
  • String ID:
  • API String ID: 2061451462-0
  • Opcode ID: 8edc7bd36405b16ebbc6cc3666236d9de2b87a26e9749873c2304ad168133898
  • Instruction ID: 2971785e5a26befc6cc77e09233eca42bfb5b55ca4c725986e0d0af90949b587
  • Opcode Fuzzy Hash: 8edc7bd36405b16ebbc6cc3666236d9de2b87a26e9749873c2304ad168133898
  • Instruction Fuzzy Hash: 6811F2B5C003499FDB10DF9AD848ADEFBF4EB48324F10856AD428A3611D378A544CFA6
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID: DispatchMessage
  • String ID:
  • API String ID: 2061451462-0
  • Opcode ID: ba7e56b2b1717053acb179eb2031a4c4faa05a58bfba132b8f48d1a01abe7260
  • Instruction ID: 5c4c33874299d4720902256dd2dc77c6d5695ac7a8ff1bfcfd8b3ec879a49297
  • Opcode Fuzzy Hash: ba7e56b2b1717053acb179eb2031a4c4faa05a58bfba132b8f48d1a01abe7260
  • Instruction Fuzzy Hash: 0311E2B5C007498FDB10DF9AD848BDEFBF4EB88324F10852AD429A3250D379A544CFA5
APIs
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID: DispatchMessage
  • String ID:
  • API String ID: 2061451462-0
  • Opcode ID: 2b8c03ddb68f6dcaf27ee0e9c9b61e3ec8dc986dc4399e50bd4723ea1d9a1e88
  • Instruction ID: b5dbb2964da18a58d45b819398b5b0138a7839128c170bbf6c2019cc6361b508
  • Opcode Fuzzy Hash: 2b8c03ddb68f6dcaf27ee0e9c9b61e3ec8dc986dc4399e50bd4723ea1d9a1e88
  • Instruction Fuzzy Hash: 5B1112B5C007498FDB10DF9AD848BCEFBF4EB88324F10841AD529A3200C378A544CFA5
Memory Dump Source
  • Source File: 00000000.00000002.2968776195.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_11dd000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: ea5625445bfa8098562bf7070dda08b1b1ffc89979bd5166763eec776cdf1307
  • Instruction ID: c8909ee752f2bc4d3f8a51095bedad598e521df23c4c440ce09b8e03f7f2e902
  • Opcode Fuzzy Hash: ea5625445bfa8098562bf7070dda08b1b1ffc89979bd5166763eec776cdf1307
  • Instruction Fuzzy Hash: F3210871504200DFDF09DF58E9C4B16BF75FB94318F648569D9090B296C336D456C7A2
Memory Dump Source
  • Source File: 00000000.00000002.2968776195.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_11dd000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 2d14c6bba4fe791d90a3c61c65e3a007bc8831a884ebed18efb578ae1563174f
  • Instruction ID: 0c4b38edeb292b4d775d6a7f2f6dee2baa0c7813bcbd65c5f964d357de866cc8
  • Opcode Fuzzy Hash: 2d14c6bba4fe791d90a3c61c65e3a007bc8831a884ebed18efb578ae1563174f
  • Instruction Fuzzy Hash: AC2128B1504200EFDF09DF98E9C0B66BF65FB94324F24C66DD9090B686C336E416C7A2
Memory Dump Source
  • Source File: 00000000.00000002.2968841395.00000000011ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 011ED000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_11ed000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: cb51d1d6bf1dbec02475fc8d098e371f426352fc551de19d95c47f0228b4cb62
  • Instruction ID: a807409baedb2b7d54e967e4b4ca52bcd32780ed3f908abada7a452a2b969e61
  • Opcode Fuzzy Hash: cb51d1d6bf1dbec02475fc8d098e371f426352fc551de19d95c47f0228b4cb62
  • Instruction Fuzzy Hash: C0210371604600DFCF19DF98E888B16BFA5FB84314F28C56DD80A0B242C336D407CA62
Memory Dump Source
  • Source File: 00000000.00000002.2968841395.00000000011ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 011ED000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_11ed000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 9b3541f382f80cdfa18f600523fd6bff5d9d5d4732197f0455a6d147e517f4b1
  • Instruction ID: f95309c03bab05066e2d013331f0cfc446aeba54965fece71916bb4f7b9e3643
  • Opcode Fuzzy Hash: 9b3541f382f80cdfa18f600523fd6bff5d9d5d4732197f0455a6d147e517f4b1
  • Instruction Fuzzy Hash: B721F875504601DFDF09DF94E5C8B15BBE5FB84324F24C56DE90A4B292C336D406CB62
Memory Dump Source
  • Source File: 00000000.00000002.2968841395.00000000011ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 011ED000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_11ed000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: bfe21e9e4692e11a34e1bfae9c8aa9dae2b622cf6a755bc98d6154a9555fc037
  • Instruction ID: c9eb7fed26c0da5f2dab322d62863d1e7cc03ac072c5f4bea38aff2b63d9003b
  • Opcode Fuzzy Hash: bfe21e9e4692e11a34e1bfae9c8aa9dae2b622cf6a755bc98d6154a9555fc037
  • Instruction Fuzzy Hash: A921D4355093808FCB07CF64D994715BFB1FB46214F28C1DAD8498F2A3C33A980ACB62
Memory Dump Source
  • Source File: 00000000.00000002.2968776195.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_11dd000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
  • Instruction ID: 3a3ab19da8495121bd50adeaa471d1d6a8af926a3fe40f1daf2576c5ad578f38
  • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
  • Instruction Fuzzy Hash: FB11B176504240DFDF16CF54D5C4B16BF72FB84324F24C6A9D9090B296C33AD45ACBA2
Memory Dump Source
  • Source File: 00000000.00000002.2968776195.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_11dd000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
  • Instruction ID: 6f4980c51624edee27fa6f0880c2fe3d526ce9d42e3efb4c98c40e3044d1ae92
  • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
  • Instruction Fuzzy Hash: F811E176504240CFCF06CF44D5C4B56BF72FB84324F24C5A9D9090B696C33AE45ACBA2
Memory Dump Source
  • Source File: 00000000.00000002.2968841395.00000000011ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 011ED000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_11ed000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
  • Instruction ID: 394b701ad41cdfe51bbdfac22103b1564c5884ca656d56b1636d2d3d7fb1afcd
  • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
  • Instruction Fuzzy Hash: 9511BB79904680DFDB06CF94D5C8B15FBB2FB84224F24C6ADD8494B296C33AD40ACB62
Memory Dump Source
  • Source File: 00000000.00000002.2968776195.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_11dd000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 0f06b81a3f135f0c6a408dbfa7d1d2422eeb058e3504fb2d262b09ce9716b10c
  • Instruction ID: cca9e810774af03088a66fc081e0fafac54add87e7742a2429be34cfec12eeba
  • Opcode Fuzzy Hash: 0f06b81a3f135f0c6a408dbfa7d1d2422eeb058e3504fb2d262b09ce9716b10c
  • Instruction Fuzzy Hash: 6801F7710047809EEB199A99EC84B67BFD8DF51329F19C89AED1D0A2C6C3789840C672
Memory Dump Source
  • Source File: 00000000.00000002.2968776195.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_11dd000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 0f91db122555699d97dc90dcd2dc25612df7299c5b905d990afc2fb8523b8a74
  • Instruction ID: 2440bb8fd5be6264b5f4be0f95efe11c9ab64a6fdbea25577d5492db21cf3247
  • Opcode Fuzzy Hash: 0f91db122555699d97dc90dcd2dc25612df7299c5b905d990afc2fb8523b8a74
  • Instruction Fuzzy Hash: 8AF062724047849EEB158A1ADC84B63FF98EB51738F18C45AED584A2C7C379A844CA71

Non-executed Functions

Memory Dump Source
  • Source File: 00000000.00000002.2969137242.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_2d30000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 115a3f8edcb238e64f540ac80f05d036608f79adedf69718bfd0a5c956344373
  • Instruction ID: c41db2d570db1639eb7fbdbbb32d11ccbef6ec0a481592691be3d825181e319a
  • Opcode Fuzzy Hash: 115a3f8edcb238e64f540ac80f05d036608f79adedf69718bfd0a5c956344373
  • Instruction Fuzzy Hash: C1A14836A202198FCF06DFB4C88459EBBB2FF85704B15856AE805BB361DB35ED15CB90
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: e246b6406ef4f2f3f9ffaa7153612b1703b085407b1b928e90248dce33f40c96
  • Instruction ID: cef77b1bb482ad7b95a621086cfc6cc12a6f9d304348caf9d924655121240a8d
  • Opcode Fuzzy Hash: e246b6406ef4f2f3f9ffaa7153612b1703b085407b1b928e90248dce33f40c96
  • Instruction Fuzzy Hash: 0F81B2B2E00609CEDB14DFA6D9442EDFBB6FF84340F14C13AD465A7658EB399616CB40
Memory Dump Source
  • Source File: 00000000.00000002.2972073735.0000000007A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A10000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7a10000_Flash USDT Sender.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 3f72ea12c6e843326810969468f785f9e4fd27e8f447579dfca27d5bfd41da03
  • Instruction ID: db24c03a535f5d20e91f7bf7919d214e186c39a4f3570f0f928227c9864a26aa
  • Opcode Fuzzy Hash: 3f72ea12c6e843326810969468f785f9e4fd27e8f447579dfca27d5bfd41da03
  • Instruction Fuzzy Hash: 3881BEB2E00609CBCB04CFA6D8442EEFBB6FF84340F15C13AD556AB658EB359656CB40