Windows
Analysis Report
6foBmRMlDy.exe
Overview
General Information
Sample name: | 6foBmRMlDy.exerenamed because original name is a hash value |
Original sample name: | e4352f63724267bed81e8c199bd8ca0f.exe |
Analysis ID: | 1531711 |
MD5: | e4352f63724267bed81e8c199bd8ca0f |
SHA1: | ce9c69ca36920f076fe1369be4d9001085ca8602 |
SHA256: | 5ffda142aa321a2b5546c426a28403d7f19b51b88985c8617f11c04411489e30 |
Tags: | 32exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 6foBmRMlDy.exe (PID: 3180 cmdline:
"C:\Users\ user\Deskt op\6foBmRM lDy.exe" MD5: E4352F63724267BED81E8C199BD8CA0F) - cmd.exe (PID: 5480 cmdline:
"C:\Window s\System32 \cmd.exe" /C mkdir C :\Windows\ SysWOW64\g qbqwogt\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 4388 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 2924 cmdline:
"C:\Window s\System32 \cmd.exe" /C move /Y "C:\Users \user\AppD ata\Local\ Temp\lnmla vab.exe" C :\Windows\ SysWOW64\g qbqwogt\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 2328 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 5644 cmdline:
"C:\Window s\System32 \sc.exe" c reate gqbq wogt binPa th= "C:\Wi ndows\SysW OW64\gqbqw ogt\lnmlav ab.exe /d\ "C:\Users\ user\Deskt op\6foBmRM lDy.exe\"" type= own start= au to Display Name= "wif i support" MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8) - conhost.exe (PID: 2016 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 3916 cmdline:
"C:\Window s\System32 \sc.exe" d escription gqbqwogt "wifi inte rnet conec tion" MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8) - conhost.exe (PID: 3224 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 3472 cmdline:
"C:\Window s\System32 \sc.exe" s tart gqbqw ogt MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8) - conhost.exe (PID: 2268 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - netsh.exe (PID: 1808 cmdline:
"C:\Window s\System32 \netsh.exe " advfirew all firewa ll add rul e name="Ho st-process for servi ces of Win dows" dir= in action= allow prog ram="C:\Wi ndows\SysW OW64\svcho st.exe" en able=yes>n ul MD5: 4E89A1A088BE715D6C946E55AB07C7DF) - conhost.exe (PID: 3132 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - WerFault.exe (PID: 5424 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 180 -s 772 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- lnmlavab.exe (PID: 5840 cmdline:
C:\Windows \SysWOW64\ gqbqwogt\l nmlavab.ex e /d"C:\Us ers\user\D esktop\6fo BmRMlDy.ex e" MD5: 415D8A2F273DA3EB07A38C1E95C0BB82) - svchost.exe (PID: 6812 cmdline:
svchost.ex e MD5: 1ED18311E3DA35942DB37D15FA40CC5B) - WerFault.exe (PID: 6852 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 840 -s 568 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- svchost.exe (PID: 3984 cmdline:
C:\Windows \System32\ svchost.ex e -k WerSv cGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A) - WerFault.exe (PID: 5440 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -pss -s 444 -p 58 40 -ip 584 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 712 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -pss -s 432 -p 31 80 -ip 318 0 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- svchost.exe (PID: 6932 cmdline:
C:\Windows \System32\ svchost.ex e -k Local Service -p -s Licens eManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Tofsee | According to PCrisk, Tofsee (also known as Gheg) is a malicious Trojan-type program that is capable of performing DDoS attacks, mining cryptocurrency, sending emails, stealing various account credentials, updating itself, and more.Cyber criminals mainly use this program as an email-oriented tool (they target users' email accounts), however, having Tofsee installed can also lead to many other problems. | No Attribution |
{"C2 list": ["vanaheim.cn:443", "jotunheim.name:443"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Tofsee | Yara detected Tofsee | Joe Security | ||
Windows_Trojan_Tofsee_26124fe4 | unknown | unknown |
| |
MALWARE_Win_Tofsee | Detects Tofsee | ditekSHen |
| |
JoeSecurity_Tofsee | Yara detected Tofsee | Joe Security | ||
Windows_Trojan_Tofsee_26124fe4 | unknown | unknown |
| |
Click to see the 24 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Tofsee_26124fe4 | unknown | unknown |
| |
MALWARE_Win_Tofsee | Detects Tofsee | ditekSHen |
| |
JoeSecurity_Tofsee | Yara detected Tofsee | Joe Security | ||
Windows_Trojan_Tofsee_26124fe4 | unknown | unknown |
| |
MALWARE_Win_Tofsee | Detects Tofsee | ditekSHen |
| |
Click to see the 39 entries |
System Summary |
---|
Source: | Author: David Burkett, @signalblur: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Christian Burkard (Nextron Systems): |
Source: | Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: |
Source: | Author: vburov: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Compliance |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Change of critical system settings |
---|
Source: | Registry key created or modified: | Jump to behavior |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00402A62 |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00408E26 |
Source: | Code function: | 0_2_00401280 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_0040C913 | |
Source: | Code function: | 0_2_00445C78 | |
Source: | Code function: | 0_2_0044780B | |
Source: | Code function: | 0_2_00447D4F | |
Source: | Code function: | 0_2_0043F5CB | |
Source: | Code function: | 0_2_004491A8 | |
Source: | Code function: | 0_2_004472C7 | |
Source: | Code function: | 12_2_0040C913 | |
Source: | Code function: | 12_2_00445C78 | |
Source: | Code function: | 12_2_0044780B | |
Source: | Code function: | 12_2_00447D4F | |
Source: | Code function: | 12_2_0043F5CB | |
Source: | Code function: | 12_2_004491A8 | |
Source: | Code function: | 12_2_004472C7 | |
Source: | Code function: | 13_2_02BEC913 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00406A60 |
Source: | Code function: | 0_2_006B1DC3 |
Source: | Code function: | 0_2_00409A6B |
Source: | Code function: | 0_2_00409A6B | |
Source: | Code function: | 12_2_00409A6B | |
Source: | Code function: | 13_2_02BE9A6B |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 0_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 | |
Source: | Command line argument: | 12_2_0043B240 |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Evasive API call chain: | graph_12-21867 | ||
Source: | Evasive API call chain: | graph_0-21759 |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00406069 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_0043D4D6 | |
Source: | Code function: | 0_2_0043FBEC | |
Source: | Code function: | 12_2_0043D4D6 | |
Source: | Code function: | 12_2_0043FBEC |
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | Executable created and started: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Registry key value modified: | Jump to behavior |
Source: | Code function: | 0_2_00409A6B |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | Code function: | 0_2_00401000 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 13_2_02BE199C |
Source: | Decision node followed by non-executed suspicious API: | graph_13-7595 |
Source: | Evaded block: | graph_13-6131 |
Source: | Evasive API call chain: | graph_13-7318 |
Source: | Evasive API call chain: | graph_0-21774 | ||
Source: | Evasive API call chain: | graph_12-21882 |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_00401D96 |
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-22230 | ||
Source: | API call chain: | graph_12-22173 |
Anti Debugging |
---|
Source: | Debugger detection routine: | graph_13-7483 |
Source: | Code function: | 0_2_00406069 |
Source: | Code function: | 0_2_0060092B | |
Source: | Code function: | 0_2_00600D90 | |
Source: | Code function: | 0_2_006B16A0 | |
Source: | Code function: | 12_2_0073C628 | |
Source: | Code function: | 12_2_00D70D90 | |
Source: | Code function: | 12_2_00D7092B |
Source: | Code function: | 0_2_0040EBCC |
Source: | Code function: | 0_2_00409A6B | |
Source: | Code function: | 12_2_00409A6B | |
Source: | Code function: | 13_2_02BE9A6B |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00407809 |
Source: | Code function: | 0_2_00406EDD |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0040405E |
Source: | Code function: | 0_2_0040EC54 |
Source: | Code function: | 0_2_00407809 |
Source: | Code function: | 0_2_0040B211 |
Source: | Code function: | 0_2_00409326 |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Process created: |
Source: | Process created: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_004088B0 | |
Source: | Code function: | 12_2_004088B0 | |
Source: | Code function: | 13_2_02BE88B0 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Valid Accounts | 41 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 3 Disable or Modify Tools | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 3 Command and Scripting Interpreter | 1 Valid Accounts | 1 Valid Accounts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | Data from Removable Media | 12 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 3 Service Execution | 14 Windows Service | 1 Access Token Manipulation | 3 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 14 Windows Service | 22 Software Packing | NTDS | 15 System Information Discovery | Distributed Component Object Model | Input Capture | 112 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 412 Process Injection | 1 DLL Side-Loading | LSA Secrets | 111 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 File Deletion | Cached Domain Credentials | 11 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 12 Masquerading | DCSync | 1 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Valid Accounts | Proc Filesystem | 1 System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 11 Virtualization/Sandbox Evasion | /etc/passwd and /etc/shadow | 1 System Network Configuration Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 1 Access Token Manipulation | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | 412 Process Injection | Input Capture | System Network Connections Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1307867 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1307867 | ||
100% | Joe Sandbox ML |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mxs.mail.ru | 217.69.139.150 | true | true | unknown | |
mta5.am0.yahoodns.net | 67.195.228.106 | true | true | unknown | |
microsoft-com.mail.protection.outlook.com | 52.101.11.0 | true | true | unknown | |
vanaheim.cn | 185.228.234.180 | true | true | unknown | |
smtp.google.com | 74.125.71.27 | true | false | unknown | |
google.com | unknown | unknown | true | unknown | |
yahoo.com | unknown | unknown | true | unknown | |
mail.ru | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.101.11.0 | microsoft-com.mail.protection.outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | true | |
74.125.71.27 | smtp.google.com | United States | 15169 | GOOGLEUS | false | |
67.195.228.106 | mta5.am0.yahoodns.net | United States | 36647 | YAHOO-GQ1US | true | |
185.228.234.180 | vanaheim.cn | Russian Federation | 64439 | ITOS-ASRU | true | |
217.69.139.150 | mxs.mail.ru | Russian Federation | 47764 | MAILRU-ASMailRuRU | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1531711 |
Start date and time: | 2024-10-11 16:35:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 36s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 6foBmRMlDy.exerenamed because original name is a hash value |
Original Sample Name: | e4352f63724267bed81e8c199bd8ca0f.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@32/3@9/5 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 20.112.250.133, 20.231.239.246, 20.236.44.162, 20.76.201.171, 20.70.246.20
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: 6foBmRMlDy.exe
Time | Type | Description |
---|---|---|
10:36:45 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
52.101.11.0 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
67.195.228.106 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Raccoon RedLine SmokeLoader Tofsee Xmrig | Browse | |||
Get hash | malicious | Tofsee Xmrig | Browse | |||
Get hash | malicious | Raccoon RedLine SmokeLoader Tofsee Xmrig | Browse | |||
217.69.139.150 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
microsoft-com.mail.protection.outlook.com | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
mxs.mail.ru | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
mta5.am0.yahoodns.net | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Phorpiex | Browse |
| ||
Get hash | malicious | Phorpiex | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MAILRU-ASMailRuRU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Coinhive, Xmrig | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Hidden Macro 4.0 | Browse |
| ||
YAHOO-GQ1US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
ITOS-ASRU | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Raccoon Stealer v2 | Browse |
| ||
Get hash | malicious | Go Injector, Stealc | Browse |
| ||
Get hash | malicious | Go Injector, Stealc | Browse |
| ||
Get hash | malicious | Go Injector, Stealc | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RedLine | Browse |
|
Process: | C:\Users\user\Desktop\6foBmRMlDy.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12737536 |
Entropy (8bit): | 3.8795853374092077 |
Encrypted: | false |
SSDEEP: | 3072:s/IcJg7uMwZi9VaiI2PLP7zIyMDWVYvVtKHpA6PYYNp/GG7Ig7LRACfij5+U/p49:uH0uMvGiI2PLgW4upRfJGuLmHsU |
MD5: | 415D8A2F273DA3EB07A38C1E95C0BB82 |
SHA1: | 5623B0E9CB62A2F4D010AC199696CDFA39F4EB6A |
SHA-256: | CE0247F5EF96C5172A41BB6C20601B5A659976C8E916D43B49D1453F0730460C |
SHA-512: | 03415DFAB3E50FB503CB0F8D8FDABBBF966FD4A6C0E4CF3DCB356836ABB06C68570015953AC955E7937702E1CCD948F8585A7765F76CED894DACD25834FD514E |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12737536 |
Entropy (8bit): | 3.8795853374092077 |
Encrypted: | false |
SSDEEP: | 3072:s/IcJg7uMwZi9VaiI2PLP7zIyMDWVYvVtKHpA6PYYNp/GG7Ig7LRACfij5+U/p49:uH0uMvGiI2PLgW4upRfJGuLmHsU |
MD5: | 415D8A2F273DA3EB07A38C1E95C0BB82 |
SHA1: | 5623B0E9CB62A2F4D010AC199696CDFA39F4EB6A |
SHA-256: | CE0247F5EF96C5172A41BB6C20601B5A659976C8E916D43B49D1453F0730460C |
SHA-512: | 03415DFAB3E50FB503CB0F8D8FDABBBF966FD4A6C0E4CF3DCB356836ABB06C68570015953AC955E7937702E1CCD948F8585A7765F76CED894DACD25834FD514E |
Malicious: | true |
Preview: |
Process: | C:\Windows\SysWOW64\netsh.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3773 |
Entropy (8bit): | 4.7109073551842435 |
Encrypted: | false |
SSDEEP: | 48:VHILZNfrI7WFY32iIiNOmV/HToZV9It199hiALlIg39bWA1RvTBi/g2eB:VoLr0y9iIiNOoHTou7bhBlIydWALLt2w |
MD5: | DA3247A302D70819F10BCEEBAF400503 |
SHA1: | 2857AA198EE76C86FC929CC3388A56D5FD051844 |
SHA-256: | 5262E1EE394F329CD1F87EA31BA4A396C4A76EDC3A87612A179F81F21606ABC8 |
SHA-512: | 48FFEC059B4E88F21C2AA4049B7D9E303C0C93D1AD771E405827149EDDF986A72EF49C0F6D8B70F5839DCDBD6B1EA8125C8B300134B7F71C47702B577AD090F8 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.461963871651088 |
TrID: |
|
File name: | 6foBmRMlDy.exe |
File size: | 426'496 bytes |
MD5: | e4352f63724267bed81e8c199bd8ca0f |
SHA1: | ce9c69ca36920f076fe1369be4d9001085ca8602 |
SHA256: | 5ffda142aa321a2b5546c426a28403d7f19b51b88985c8617f11c04411489e30 |
SHA512: | afe8786dade10b520aeee40fc661d0f86b370e2c0272be3a462033cdc4b9cf91ddf8a2f2f6628c478da8736dbd7704d8da3b577c5afeb053db79dad1556c8bc4 |
SSDEEP: | 3072://IcJg7uMwZi9VaiI2PLP7zIyMDWVYvVtKHpA6PYYNp/GG7Ig7LRACfij5+U/p49:HH0uMvGiI2PLgW4upRfJGuLmHsU |
TLSH: | 5394C012A2F1BC60D9268672CE1AF7F8762DF9308D59B75B330A672F18701E2D267351 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8.[.Y...Y...Y.......Y.......Y.......Y.......Y...Y..cY.......Y.......Y.......Y..Rich.Y..........PE..L....Uhd................... |
Icon Hash: | 452145655545610d |
Entrypoint: | 0x43d001 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6468550F [Sat May 20 05:05:19 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 2a922b568f49098a9b670af5a77dc13f |
Instruction |
---|
call 00007FB01D03CCE8h |
jmp 00007FB01D037F7Eh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
mov eax, dword ptr [ebp+08h] |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 004012FCh |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov dword ptr [ebp-08h], eax |
mov eax, dword ptr [ebp+0Ch] |
pop edi |
mov dword ptr [ebp-04h], eax |
pop esi |
test eax, eax |
je 00007FB01D03810Eh |
test byte ptr [eax], 00000008h |
je 00007FB01D038109h |
mov dword ptr [ebp-0Ch], 01994000h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
push dword ptr [ebp-10h] |
push dword ptr [ebp-1Ch] |
push dword ptr [ebp-20h] |
call dword ptr [0040112Ch] |
leave |
retn 0008h |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ebx |
mov eax, dword ptr [ebp+0Ch] |
add eax, 0Ch |
mov dword ptr [ebp-04h], eax |
mov ebx, dword ptr fs:[00000000h] |
mov eax, dword ptr [ebx] |
mov dword ptr fs:[00000000h], eax |
mov eax, dword ptr [ebp+08h] |
mov ebx, dword ptr [ebp+0Ch] |
mov ebp, dword ptr [ebp-04h] |
mov esp, dword ptr [ebx-04h] |
jmp eax |
pop ebx |
leave |
retn 0008h |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ecx |
push ebx |
push esi |
push edi |
mov esi, dword ptr fs:[00000000h] |
mov dword ptr [ebp-04h], esi |
mov dword ptr [ebp-08h], 0043D0C9h |
push 00000000h |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp-08h] |
push dword ptr [ebp+08h] |
call 00007FB01D04448Ah |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x49cf8 | 0x8c | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5f000 | 0x15e60 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x75000 | 0xd10 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x49d84 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x3a6b8 | 0x40 | .text |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x20c | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x498ee | 0x49a00 | 26f8f05186a7c73dd67ec955846d31ee | False | 0.7278822686757216 | data | 7.003526634718541 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x4b000 | 0x119b8 | 0x6000 | 695085632ed5424d7fc7eb362c2702ab | False | 0.08304850260416667 | data | 0.9867858225859076 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tuh | 0x5d000 | 0x400 | 0x400 | 0f343b0931126a20f133d67c2b018a3b | False | 0.0166015625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.kovaxe | 0x5e000 | 0xd6 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x5f000 | 0x15e60 | 0x16000 | 126d04f38160694f408843d78c780868 | False | 0.44062943892045453 | data | 4.960422625060359 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x75000 | 0x1c8e | 0x1e00 | 744ce1cba9490ef09b39366b352f3b48 | False | 0.36940104166666665 | data | 3.7499768141825527 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x72070 | 0x330 | Device independent bitmap graphic, 48 x 96 x 1, image size 0 | 0.1948529411764706 | ||
RT_CURSOR | 0x723a0 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.33223684210526316 | ||
RT_CURSOR | 0x724f8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.2953091684434968 | ||
RT_CURSOR | 0x733a0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.46705776173285196 | ||
RT_CURSOR | 0x73c48 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5361271676300579 | ||
RT_ICON | 0x5f7f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | India | 0.36886993603411516 |
RT_ICON | 0x5f7f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | Sri Lanka | 0.36886993603411516 |
RT_ICON | 0x60698 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | India | 0.4548736462093863 |
RT_ICON | 0x60698 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | Sri Lanka | 0.4548736462093863 |
RT_ICON | 0x60f40 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | India | 0.4596774193548387 |
RT_ICON | 0x60f40 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Tamil | Sri Lanka | 0.4596774193548387 |
RT_ICON | 0x61608 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | India | 0.46315028901734107 |
RT_ICON | 0x61608 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | Sri Lanka | 0.46315028901734107 |
RT_ICON | 0x61b70 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | India | 0.26991701244813276 |
RT_ICON | 0x61b70 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | Sri Lanka | 0.26991701244813276 |
RT_ICON | 0x64118 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | India | 0.31121013133208253 |
RT_ICON | 0x64118 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | Sri Lanka | 0.31121013133208253 |
RT_ICON | 0x651c0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | India | 0.35904255319148937 |
RT_ICON | 0x651c0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | Sri Lanka | 0.35904255319148937 |
RT_ICON | 0x65690 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | India | 0.5652985074626866 |
RT_ICON | 0x65690 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Tamil | Sri Lanka | 0.5652985074626866 |
RT_ICON | 0x66538 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | India | 0.5473826714801444 |
RT_ICON | 0x66538 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Tamil | Sri Lanka | 0.5473826714801444 |
RT_ICON | 0x66de0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | India | 0.6242774566473989 |
RT_ICON | 0x66de0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Tamil | Sri Lanka | 0.6242774566473989 |
RT_ICON | 0x67348 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | India | 0.4616182572614108 |
RT_ICON | 0x67348 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Tamil | Sri Lanka | 0.4616182572614108 |
RT_ICON | 0x698f0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | India | 0.48592870544090055 |
RT_ICON | 0x698f0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Tamil | Sri Lanka | 0.48592870544090055 |
RT_ICON | 0x6a998 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | India | 0.49426229508196723 |
RT_ICON | 0x6a998 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Tamil | Sri Lanka | 0.49426229508196723 |
RT_ICON | 0x6b320 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | India | 0.4530141843971631 |
RT_ICON | 0x6b320 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Tamil | Sri Lanka | 0.4530141843971631 |
RT_ICON | 0x6b7f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | India | 0.3752665245202559 |
RT_ICON | 0x6b7f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | Sri Lanka | 0.3752665245202559 |
RT_ICON | 0x6c698 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | India | 0.5185018050541517 |
RT_ICON | 0x6c698 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | Sri Lanka | 0.5185018050541517 |
RT_ICON | 0x6cf40 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | India | 0.6048387096774194 |
RT_ICON | 0x6cf40 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | Sri Lanka | 0.6048387096774194 |
RT_ICON | 0x6d608 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | India | 0.6553468208092486 |
RT_ICON | 0x6d608 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | Sri Lanka | 0.6553468208092486 |
RT_ICON | 0x6db70 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | India | 0.4841286307053942 |
RT_ICON | 0x6db70 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | Sri Lanka | 0.4841286307053942 |
RT_ICON | 0x70118 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | India | 0.5035178236397748 |
RT_ICON | 0x70118 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | Sri Lanka | 0.5035178236397748 |
RT_ICON | 0x711c0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | India | 0.48114754098360657 |
RT_ICON | 0x711c0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | Sri Lanka | 0.48114754098360657 |
RT_ICON | 0x71b48 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | India | 0.5372340425531915 |
RT_ICON | 0x71b48 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | Sri Lanka | 0.5372340425531915 |
RT_DIALOG | 0x74448 | 0x58 | data | 0.8977272727272727 | ||
RT_STRING | 0x744a0 | 0x26e | data | Tamil | India | 0.5016077170418006 |
RT_STRING | 0x744a0 | 0x26e | data | Tamil | Sri Lanka | 0.5016077170418006 |
RT_STRING | 0x74710 | 0x29c | data | Tamil | India | 0.4865269461077844 |
RT_STRING | 0x74710 | 0x29c | data | Tamil | Sri Lanka | 0.4865269461077844 |
RT_STRING | 0x749b0 | 0x4b0 | data | Tamil | India | 0.455 |
RT_STRING | 0x749b0 | 0x4b0 | data | Tamil | Sri Lanka | 0.455 |
RT_ACCELERATOR | 0x72028 | 0x48 | data | Tamil | India | 0.8472222222222222 |
RT_ACCELERATOR | 0x72028 | 0x48 | data | Tamil | Sri Lanka | 0.8472222222222222 |
RT_GROUP_CURSOR | 0x724d0 | 0x22 | data | 1.0294117647058822 | ||
RT_GROUP_CURSOR | 0x741b0 | 0x30 | data | 0.9375 | ||
RT_GROUP_ICON | 0x6b788 | 0x68 | data | Tamil | India | 0.7019230769230769 |
RT_GROUP_ICON | 0x6b788 | 0x68 | data | Tamil | Sri Lanka | 0.7019230769230769 |
RT_GROUP_ICON | 0x65628 | 0x68 | data | Tamil | India | 0.6826923076923077 |
RT_GROUP_ICON | 0x65628 | 0x68 | data | Tamil | Sri Lanka | 0.6826923076923077 |
RT_GROUP_ICON | 0x71fb0 | 0x76 | data | Tamil | India | 0.6779661016949152 |
RT_GROUP_ICON | 0x71fb0 | 0x76 | data | Tamil | Sri Lanka | 0.6779661016949152 |
RT_VERSION | 0x741e0 | 0x264 | data | 0.5392156862745098 |
DLL | Import |
---|---|
KERNEL32.dll | EnumCalendarInfoW, InterlockedDecrement, GetCurrentProcess, GetLogicalDriveStringsW, SetComputerNameW, SetVolumeMountPointW, GetTimeFormatA, GetTickCount, CreateNamedPipeW, GetNumberFormatA, ClearCommBreak, GetConsoleAliasExesW, TlsSetValue, GetEnvironmentStrings, LoadLibraryW, GetLocaleInfoW, _hread, GetCalendarInfoW, SetVolumeMountPointA, GetVersionExW, EnumSystemCodePagesA, CreateSemaphoreA, GetFileAttributesW, CreateActCtxA, GetShortPathNameA, CreateJobObjectA, VerifyVersionInfoW, CreateProcessW, GetLastError, GetCurrentDirectoryW, GetProcAddress, SetFileAttributesA, DefineDosDeviceA, GlobalFree, FindClose, LoadLibraryA, LocalAlloc, CreateHardLinkW, GetNumberFormatW, FoldStringW, SetEnvironmentVariableA, GetModuleFileNameA, EnumDateFormatsA, GlobalUnWire, OpenEventW, GetShortPathNameW, SetFileShortNameA, GetDiskFreeSpaceExA, ReadConsoleInputW, DebugBreak, GetTempPathA, LocalFree, LCMapStringW, CommConfigDialogW, SetFilePointer, EnumCalendarInfoA, InterlockedExchange, GetComputerNameA, CloseHandle, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetModuleHandleA, MultiByteToWideChar, HeapFree, UnhandledExceptionFilter, SetUnhandledExceptionFilter, HeapReAlloc, HeapAlloc, GetStartupInfoW, RaiseException, RtlUnwind, TerminateProcess, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsFree, SetLastError, GetCurrentThreadId, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, Sleep, HeapSize, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, WideCharToMultiByte, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers |
GDI32.dll | CreateDCA, GetCharWidth32A, GetCharWidthI |
SHELL32.dll | FindExecutableA |
ole32.dll | CoSuspendClassObjects |
WINHTTP.dll | WinHttpSetDefaultProxyConfiguration, WinHttpOpen |
MSIMG32.dll | AlphaBlend |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Tamil | India | |
Tamil | Sri Lanka |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 11, 2024 16:36:02.817156076 CEST | 49711 | 25 | 192.168.2.6 | 52.101.11.0 |
Oct 11, 2024 16:36:03.801642895 CEST | 49711 | 25 | 192.168.2.6 | 52.101.11.0 |
Oct 11, 2024 16:36:05.801702976 CEST | 49711 | 25 | 192.168.2.6 | 52.101.11.0 |
Oct 11, 2024 16:36:06.151674986 CEST | 49713 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 11, 2024 16:36:06.151726961 CEST | 443 | 49713 | 185.228.234.180 | 192.168.2.6 |
Oct 11, 2024 16:36:06.151791096 CEST | 49713 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 11, 2024 16:36:09.801803112 CEST | 49711 | 25 | 192.168.2.6 | 52.101.11.0 |
Oct 11, 2024 16:36:17.801779032 CEST | 49711 | 25 | 192.168.2.6 | 52.101.11.0 |
Oct 11, 2024 16:36:22.840190887 CEST | 61283 | 25 | 192.168.2.6 | 67.195.228.106 |
Oct 11, 2024 16:36:23.848676920 CEST | 61283 | 25 | 192.168.2.6 | 67.195.228.106 |
Oct 11, 2024 16:36:25.848558903 CEST | 61283 | 25 | 192.168.2.6 | 67.195.228.106 |
Oct 11, 2024 16:36:29.848582983 CEST | 61283 | 25 | 192.168.2.6 | 67.195.228.106 |
Oct 11, 2024 16:36:37.848579884 CEST | 61283 | 25 | 192.168.2.6 | 67.195.228.106 |
Oct 11, 2024 16:36:42.865026951 CEST | 61403 | 25 | 192.168.2.6 | 74.125.71.27 |
Oct 11, 2024 16:36:43.879933119 CEST | 61403 | 25 | 192.168.2.6 | 74.125.71.27 |
Oct 11, 2024 16:36:45.895576000 CEST | 61403 | 25 | 192.168.2.6 | 74.125.71.27 |
Oct 11, 2024 16:36:46.145576954 CEST | 49713 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 11, 2024 16:36:46.145699024 CEST | 443 | 49713 | 185.228.234.180 | 192.168.2.6 |
Oct 11, 2024 16:36:46.145766020 CEST | 49713 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 11, 2024 16:36:46.258964062 CEST | 61424 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 11, 2024 16:36:46.259006023 CEST | 443 | 61424 | 185.228.234.180 | 192.168.2.6 |
Oct 11, 2024 16:36:46.259067059 CEST | 61424 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 11, 2024 16:36:49.895499945 CEST | 61403 | 25 | 192.168.2.6 | 74.125.71.27 |
Oct 11, 2024 16:36:57.895538092 CEST | 61403 | 25 | 192.168.2.6 | 74.125.71.27 |
Oct 11, 2024 16:37:02.887343884 CEST | 61476 | 25 | 192.168.2.6 | 217.69.139.150 |
Oct 11, 2024 16:37:03.895478010 CEST | 61476 | 25 | 192.168.2.6 | 217.69.139.150 |
Oct 11, 2024 16:37:05.895503044 CEST | 61476 | 25 | 192.168.2.6 | 217.69.139.150 |
Oct 11, 2024 16:37:09.895497084 CEST | 61476 | 25 | 192.168.2.6 | 217.69.139.150 |
Oct 11, 2024 16:37:17.895587921 CEST | 61476 | 25 | 192.168.2.6 | 217.69.139.150 |
Oct 11, 2024 16:37:26.255201101 CEST | 61424 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 11, 2024 16:37:26.255441904 CEST | 443 | 61424 | 185.228.234.180 | 192.168.2.6 |
Oct 11, 2024 16:37:26.255553007 CEST | 61424 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 11, 2024 16:37:26.365679026 CEST | 61479 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 11, 2024 16:37:26.365782022 CEST | 443 | 61479 | 185.228.234.180 | 192.168.2.6 |
Oct 11, 2024 16:37:26.365938902 CEST | 61479 | 443 | 192.168.2.6 | 185.228.234.180 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 11, 2024 16:36:02.784337997 CEST | 61654 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 11, 2024 16:36:02.816376925 CEST | 53 | 61654 | 1.1.1.1 | 192.168.2.6 |
Oct 11, 2024 16:36:05.810204029 CEST | 57286 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 11, 2024 16:36:06.151072979 CEST | 53 | 57286 | 1.1.1.1 | 192.168.2.6 |
Oct 11, 2024 16:36:18.824312925 CEST | 53 | 63796 | 1.1.1.1 | 192.168.2.6 |
Oct 11, 2024 16:36:22.820123911 CEST | 53928 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 11, 2024 16:36:22.829569101 CEST | 53 | 53928 | 1.1.1.1 | 192.168.2.6 |
Oct 11, 2024 16:36:22.831269979 CEST | 55838 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 11, 2024 16:36:22.839654922 CEST | 53 | 55838 | 1.1.1.1 | 192.168.2.6 |
Oct 11, 2024 16:36:42.849222898 CEST | 58843 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 11, 2024 16:36:42.856307030 CEST | 53 | 58843 | 1.1.1.1 | 192.168.2.6 |
Oct 11, 2024 16:36:42.856949091 CEST | 60757 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 11, 2024 16:36:42.864515066 CEST | 53 | 60757 | 1.1.1.1 | 192.168.2.6 |
Oct 11, 2024 16:37:02.864792109 CEST | 56568 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 11, 2024 16:37:02.878443003 CEST | 53 | 56568 | 1.1.1.1 | 192.168.2.6 |
Oct 11, 2024 16:37:02.879225016 CEST | 65287 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 11, 2024 16:37:02.886684895 CEST | 53 | 65287 | 1.1.1.1 | 192.168.2.6 |
Oct 11, 2024 16:38:05.370997906 CEST | 61804 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 11, 2024 16:38:05.405061960 CEST | 53 | 61804 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 11, 2024 16:36:02.784337997 CEST | 192.168.2.6 | 1.1.1.1 | 0xfc3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 11, 2024 16:36:05.810204029 CEST | 192.168.2.6 | 1.1.1.1 | 0xe363 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 11, 2024 16:36:22.820123911 CEST | 192.168.2.6 | 1.1.1.1 | 0x5722 | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
Oct 11, 2024 16:36:22.831269979 CEST | 192.168.2.6 | 1.1.1.1 | 0x3d2f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 11, 2024 16:36:42.849222898 CEST | 192.168.2.6 | 1.1.1.1 | 0xae13 | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
Oct 11, 2024 16:36:42.856949091 CEST | 192.168.2.6 | 1.1.1.1 | 0x4485 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 11, 2024 16:37:02.864792109 CEST | 192.168.2.6 | 1.1.1.1 | 0x86eb | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
Oct 11, 2024 16:37:02.879225016 CEST | 192.168.2.6 | 1.1.1.1 | 0x95b4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 11, 2024 16:38:05.370997906 CEST | 192.168.2.6 | 1.1.1.1 | 0x385f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 11, 2024 16:36:02.816376925 CEST | 1.1.1.1 | 192.168.2.6 | 0xfc3 | No error (0) | 52.101.11.0 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:02.816376925 CEST | 1.1.1.1 | 192.168.2.6 | 0xfc3 | No error (0) | 52.101.40.26 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:02.816376925 CEST | 1.1.1.1 | 192.168.2.6 | 0xfc3 | No error (0) | 52.101.8.49 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:02.816376925 CEST | 1.1.1.1 | 192.168.2.6 | 0xfc3 | No error (0) | 52.101.42.0 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:06.151072979 CEST | 1.1.1.1 | 192.168.2.6 | 0xe363 | No error (0) | 185.228.234.180 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:22.829569101 CEST | 1.1.1.1 | 192.168.2.6 | 0x5722 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 11, 2024 16:36:22.829569101 CEST | 1.1.1.1 | 192.168.2.6 | 0x5722 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 11, 2024 16:36:22.829569101 CEST | 1.1.1.1 | 192.168.2.6 | 0x5722 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 11, 2024 16:36:22.839654922 CEST | 1.1.1.1 | 192.168.2.6 | 0x3d2f | No error (0) | 67.195.228.106 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:22.839654922 CEST | 1.1.1.1 | 192.168.2.6 | 0x3d2f | No error (0) | 98.136.96.91 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:22.839654922 CEST | 1.1.1.1 | 192.168.2.6 | 0x3d2f | No error (0) | 67.195.204.73 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:22.839654922 CEST | 1.1.1.1 | 192.168.2.6 | 0x3d2f | No error (0) | 98.136.96.77 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:22.839654922 CEST | 1.1.1.1 | 192.168.2.6 | 0x3d2f | No error (0) | 67.195.228.110 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:22.839654922 CEST | 1.1.1.1 | 192.168.2.6 | 0x3d2f | No error (0) | 67.195.228.94 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:22.839654922 CEST | 1.1.1.1 | 192.168.2.6 | 0x3d2f | No error (0) | 98.136.96.76 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:22.839654922 CEST | 1.1.1.1 | 192.168.2.6 | 0x3d2f | No error (0) | 67.195.204.74 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:42.856307030 CEST | 1.1.1.1 | 192.168.2.6 | 0xae13 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 11, 2024 16:36:42.864515066 CEST | 1.1.1.1 | 192.168.2.6 | 0x4485 | No error (0) | 74.125.71.27 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:42.864515066 CEST | 1.1.1.1 | 192.168.2.6 | 0x4485 | No error (0) | 64.233.167.27 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:42.864515066 CEST | 1.1.1.1 | 192.168.2.6 | 0x4485 | No error (0) | 74.125.71.26 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:42.864515066 CEST | 1.1.1.1 | 192.168.2.6 | 0x4485 | No error (0) | 64.233.166.27 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:36:42.864515066 CEST | 1.1.1.1 | 192.168.2.6 | 0x4485 | No error (0) | 64.233.166.26 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:37:02.878443003 CEST | 1.1.1.1 | 192.168.2.6 | 0x86eb | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 11, 2024 16:37:02.886684895 CEST | 1.1.1.1 | 192.168.2.6 | 0x95b4 | No error (0) | 217.69.139.150 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:37:02.886684895 CEST | 1.1.1.1 | 192.168.2.6 | 0x95b4 | No error (0) | 94.100.180.31 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:38:05.405061960 CEST | 1.1.1.1 | 192.168.2.6 | 0x385f | No error (0) | 52.101.42.0 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:38:05.405061960 CEST | 1.1.1.1 | 192.168.2.6 | 0x385f | No error (0) | 52.101.8.49 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:38:05.405061960 CEST | 1.1.1.1 | 192.168.2.6 | 0x385f | No error (0) | 52.101.40.26 | A (IP address) | IN (0x0001) | false | ||
Oct 11, 2024 16:38:05.405061960 CEST | 1.1.1.1 | 192.168.2.6 | 0x385f | No error (0) | 52.101.11.0 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:35:57 |
Start date: | 11/10/2024 |
Path: | C:\Users\user\Desktop\6foBmRMlDy.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 426'496 bytes |
MD5 hash: | E4352F63724267BED81E8C199BD8CA0F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 10:35:57 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 10:35:57 |
Start date: | 11/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 10:35:58 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 10:35:58 |
Start date: | 11/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 10:35:59 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\sc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x170000 |
File size: | 61'440 bytes |
MD5 hash: | D9D7684B8431A0D10D0E76FE9F5FFEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 7 |
Start time: | 10:35:59 |
Start date: | 11/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 10:35:59 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\sc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x170000 |
File size: | 61'440 bytes |
MD5 hash: | D9D7684B8431A0D10D0E76FE9F5FFEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 9 |
Start time: | 10:35:59 |
Start date: | 11/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 10:36:00 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\sc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x170000 |
File size: | 61'440 bytes |
MD5 hash: | D9D7684B8431A0D10D0E76FE9F5FFEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 11 |
Start time: | 10:36:00 |
Start date: | 11/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 10:36:00 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\gqbqwogt\lnmlavab.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 12'737'536 bytes |
MD5 hash: | 415D8A2F273DA3EB07A38C1E95C0BB82 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Has exited: | true |
Target ID: | 13 |
Start time: | 10:36:00 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\svchost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaa0000 |
File size: | 46'504 bytes |
MD5 hash: | 1ED18311E3DA35942DB37D15FA40CC5B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Has exited: | false |
Target ID: | 14 |
Start time: | 10:36:00 |
Start date: | 11/10/2024 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7403e0000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 15 |
Start time: | 10:36:00 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9b0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 16 |
Start time: | 10:36:00 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9b0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 17 |
Start time: | 10:36:00 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\netsh.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa60000 |
File size: | 82'432 bytes |
MD5 hash: | 4E89A1A088BE715D6C946E55AB07C7DF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 18 |
Start time: | 10:36:00 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9b0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 19 |
Start time: | 10:36:00 |
Start date: | 11/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 20 |
Start time: | 10:36:01 |
Start date: | 11/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9b0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 10:36:43 |
Start date: | 11/10/2024 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7403e0000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Execution Graph
Execution Coverage: | 3.8% |
Dynamic/Decrypted Code Coverage: | 23% |
Signature Coverage: | 30.3% |
Total number of Nodes: | 525 |
Total number of Limit Nodes: | 44 |
Graph
Function 00409A6B Relevance: 98.8, APIs: 48, Strings: 8, Instructions: 799stringsleepregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409326 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 284registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406A60 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 106fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040EC54 Relevance: 4.5, APIs: 3, Instructions: 24timeCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B1DC3 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040EBCC Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004073FF Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 345registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040704C Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 332registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040675C Relevance: 19.7, APIs: 13, Instructions: 199fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004099D2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54stringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35sleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043ADE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004091EB Relevance: 3.1, APIs: 2, Instructions: 119sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00600E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406DC2 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043EEEE Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B1A82 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040C913 Relevance: 113.4, APIs: 45, Strings: 19, Instructions: 1397filestringprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401000 Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040B211 Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407809 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401280 Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 417stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401D96 Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406EDD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00408E26 Relevance: 4.6, APIs: 3, Instructions: 63fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004088B0 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B16A0 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00600D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00609EA0 Relevance: 59.9, APIs: 28, Strings: 6, Instructions: 421stringregistryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00607CFC Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407A95 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040A7C1 Relevance: 38.8, APIs: 8, Strings: 14, Instructions: 299networkstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00607A70 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00408328 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040199C Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 106memorylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060858F Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 361registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006014E7 Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 417stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00607666 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 345registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AD89 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 121timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402DF2 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 97memorylibrarynetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060958D Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040BE31 Relevance: 18.2, APIs: 6, Strings: 6, Instructions: 152stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00601FFD Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 205libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F315 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 103networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040C2DC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00603059 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97memorylibrarynetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402D21 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85memorylibrarystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406CC9 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040977C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82threadinjectionprocessCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060F57C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00602F88 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85memorylibrarystringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00606F30 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006092CB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00409064 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006099E3 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadinjectionprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E3CA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00606CC7 Relevance: 10.6, APIs: 7, Instructions: 106fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060E2FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060AA28 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 247stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E8A1 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 172stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060E8BB Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 96stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00606E0E Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060C543 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 182threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004080C9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E095 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AD08 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55stringnetworkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060B478 Relevance: 7.6, APIs: 5, Instructions: 131timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402923 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E654 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 96stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004026FF Relevance: 7.6, APIs: 5, Instructions: 96networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F26D Relevance: 7.6, APIs: 5, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402419 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060E3DE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 148fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060E795 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E52E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401AC3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00607665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00609966 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004096FF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044238C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006028EB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006069C3 Relevance: 6.2, APIs: 4, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0060417F Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006041F3 Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403F18 Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403F8C Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060E036 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 35stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A4C7 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404E92 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404BD1 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004030FA Relevance: 6.0, APIs: 4, Instructions: 23sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E177 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00608330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060E631 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0060AFF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00609452 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004038F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AB81 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004026B2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00442105 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402684 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040EAE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00603189 Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402F22 Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 3.3% |
Dynamic/Decrypted Code Coverage: | 26.1% |
Signature Coverage: | 0% |
Total number of Nodes: | 459 |
Total number of Limit Nodes: | 41 |
Graph
Function 00409A6B Relevance: 102.3, APIs: 48, Strings: 10, Instructions: 799stringsleepregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004073FF Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D7003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040977C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadprocessinjectionCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404280 Relevance: 7.6, APIs: 5, Instructions: 124COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040EC54 Relevance: 4.5, APIs: 3, Instructions: 24timeCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043ADE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406E36 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0073CD4B Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D70E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406DC2 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00409892 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043EEEE Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0073CA0A Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004098F2 Relevance: 1.3, APIs: 1, Instructions: 37sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D79EA0 Relevance: 59.9, APIs: 28, Strings: 6, Instructions: 421stringregistryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401000 Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040B211 Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407A95 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D77CFC Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040A7C1 Relevance: 38.8, APIs: 8, Strings: 14, Instructions: 299networkstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407809 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D77A70 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00408328 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401280 Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 417stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401D96 Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040199C Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 106memorylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D7858F Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 361registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D714E7 Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 417stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D77666 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040704C Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 332registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AD89 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 121timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402DF2 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 97memorylibrarynetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040675C Relevance: 19.7, APIs: 13, Instructions: 199fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00409326 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D71FFD Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 205libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F315 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 103networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040405E Relevance: 16.7, APIs: 11, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040C2DC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D73059 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97memorylibrarynetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402D21 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85memorylibrarystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040BE31 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 152stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406A60 Relevance: 13.6, APIs: 9, Instructions: 106fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D7F57C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D72F88 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85memorylibrarystringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406CC9 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D799E3 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadinjectionprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D76CC7 Relevance: 10.6, APIs: 7, Instructions: 106fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D76F30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D7AA28 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 247stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E8A1 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 172stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D7E8BB Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 96stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406BA7 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D76E0E Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D7C543 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 182threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004080C9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AD08 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55stringnetworkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D7B478 Relevance: 7.6, APIs: 5, Instructions: 131timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402923 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E654 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 96stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004026FF Relevance: 7.6, APIs: 5, Instructions: 96networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F26D Relevance: 7.6, APIs: 5, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00409145 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D793AC Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402419 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401AC3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406EDD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044238C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00D728EB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D769C3 Relevance: 6.2, APIs: 4, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F18 Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403F8C Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D741F3 Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D7417F Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D7E036 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 35stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A4C7 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404E92 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404BD1 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004030FA Relevance: 6.0, APIs: 4, Instructions: 23sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D78330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D7AFF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D79452 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004038F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AB81 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00442105 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004026B2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402684 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040EAE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402F22 Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00D73189 Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 15% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0.7% |
Total number of Nodes: | 1807 |
Total number of Limit Nodes: | 18 |
Graph
Function 02BEC913 Relevance: 113.4, APIs: 45, Strings: 19, Instructions: 1397filestringprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE9A6B Relevance: 100.5, APIs: 48, Strings: 9, Instructions: 799stringsleepregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE199C Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 106memorylibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE7A95 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE7809 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE8328 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE1D96 Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE73FF Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE675C Relevance: 19.7, APIs: 13, Instructions: 199fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEF315 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 103networkCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE405E Relevance: 16.7, APIs: 11, Instructions: 203COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE2D21 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85memorylibrarystringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE80C9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE1AC3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEF26D Relevance: 7.6, APIs: 5, Instructions: 63COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE2684 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEE52E Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE877E Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 100sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEEC54 Relevance: 4.5, APIs: 3, Instructions: 24timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE30B5 Relevance: 3.0, APIs: 2, Instructions: 29networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEEBED Relevance: 3.0, APIs: 2, Instructions: 27memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEEC2E Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEEBCC Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEF43E Relevance: 1.5, APIs: 1, Instructions: 33networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE1978 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEDD84 Relevance: 1.3, APIs: 1, Instructions: 31stringCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE1000 Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEB211 Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEA7C1 Relevance: 40.5, APIs: 8, Strings: 15, Instructions: 299networkstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE1280 Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 417stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE704C Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 332registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEAD89 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 121timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE2DF2 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 97memorylibrarynetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE9326 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEC2DC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEBE31 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 152stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE6A60 Relevance: 13.6, APIs: 9, Instructions: 106fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE6CC9 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE977C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadinjectionprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEE8A1 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 172stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE6BA7 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEAD08 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55stringnetworkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE4280 Relevance: 7.6, APIs: 5, Instructions: 124COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE2923 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE26FF Relevance: 7.6, APIs: 5, Instructions: 96networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE9145 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE2419 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEE654 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE3F8C Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE3F18 Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE4E92 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEA4C7 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE4BD1 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE30FA Relevance: 6.0, APIs: 4, Instructions: 23sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE26B2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BEEAE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02BE2F22 Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|