Windows
Analysis Report
uMlLpvdLRU.exe
Overview
General Information
Sample name: | uMlLpvdLRU.exerenamed because original name is a hash value |
Original sample name: | 7ea98bd7f6a69b385310f5eaa86b6828.exe |
Analysis ID: | 1532438 |
MD5: | 7ea98bd7f6a69b385310f5eaa86b6828 |
SHA1: | ab3ee16a99f901336fa6221f4fdc84e562154841 |
SHA256: | 930b96bbec596e80fd6b6e4a37c34000113e1affb5f1aadbce2049f5800a6fce |
Tags: | exeuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- uMlLpvdLRU.exe (PID: 5748 cmdline:
"C:\Users\ user\Deskt op\uMlLpvd LRU.exe" MD5: 7EA98BD7F6A69B385310F5EAA86B6828) - cmd.exe (PID: 1432 cmdline:
"C:\Window s\System32 \cmd.exe" /C mkdir C :\Windows\ SysWOW64\y uzqifwu\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 6424 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 5616 cmdline:
"C:\Window s\System32 \cmd.exe" /C move /Y "C:\Users \user\AppD ata\Local\ Temp\bndqe dvz.exe" C :\Windows\ SysWOW64\y uzqifwu\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 3380 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 7072 cmdline:
"C:\Window s\System32 \sc.exe" c reate yuzq ifwu binPa th= "C:\Wi ndows\SysW OW64\yuzqi fwu\bndqed vz.exe /d\ "C:\Users\ user\Deskt op\uMlLpvd LRU.exe\"" type= own start= au to Display Name= "wif i support" MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8) - conhost.exe (PID: 5820 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 6480 cmdline:
"C:\Window s\System32 \sc.exe" d escription yuzqifwu "wifi inte rnet conec tion" MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8) - conhost.exe (PID: 2992 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 6248 cmdline:
"C:\Window s\System32 \sc.exe" s tart yuzqi fwu MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8) - conhost.exe (PID: 7156 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - netsh.exe (PID: 6008 cmdline:
"C:\Window s\System32 \netsh.exe " advfirew all firewa ll add rul e name="Ho st-process for servi ces of Win dows" dir= in action= allow prog ram="C:\Wi ndows\SysW OW64\svcho st.exe" en able=yes>n ul MD5: 4E89A1A088BE715D6C946E55AB07C7DF) - conhost.exe (PID: 3840 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- bndqedvz.exe (PID: 6368 cmdline:
C:\Windows \SysWOW64\ yuzqifwu\b ndqedvz.ex e /d"C:\Us ers\user\D esktop\uMl LpvdLRU.ex e" MD5: 491E03099055090A2BCF55796B5D0830) - svchost.exe (PID: 1600 cmdline:
svchost.ex e MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
- svchost.exe (PID: 3088 cmdline:
C:\Windows \System32\ svchost.ex e -k Local Service -p -s Licens eManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- svchost.exe (PID: 7092 cmdline:
C:\Windows \system32\ svchost.ex e -k appmo del -p -s camsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Tofsee | According to PCrisk, Tofsee (also known as Gheg) is a malicious Trojan-type program that is capable of performing DDoS attacks, mining cryptocurrency, sending emails, stealing various account credentials, updating itself, and more.Cyber criminals mainly use this program as an email-oriented tool (they target users' email accounts), however, having Tofsee installed can also lead to many other problems. | No Attribution |
{"C2 list": ["vanaheim.cn:443", "jotunheim.name:443"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_Tofsee | Yara detected Tofsee | Joe Security | ||
Windows_Trojan_Tofsee_26124fe4 | unknown | unknown |
| |
MALWARE_Win_Tofsee | Detects Tofsee | ditekSHen |
| |
JoeSecurity_Tofsee | Yara detected Tofsee | Joe Security | ||
Click to see the 24 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Tofsee | Yara detected Tofsee | Joe Security | ||
Windows_Trojan_Tofsee_26124fe4 | unknown | unknown |
| |
MALWARE_Win_Tofsee | Detects Tofsee | ditekSHen |
| |
JoeSecurity_Tofsee | Yara detected Tofsee | Joe Security | ||
Windows_Trojan_Tofsee_26124fe4 | unknown | unknown |
| |
Click to see the 39 entries |
System Summary |
---|
Source: | Author: David Burkett, @signalblur: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Christian Burkard (Nextron Systems): |
Source: | Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: |
Source: | Author: vburov: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Compliance |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Change of critical system settings |
---|
Source: | Registry key created or modified: | Jump to behavior |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00402A62 |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00408E26 |
Source: | Code function: | 0_2_00401280 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_0040C913 | |
Source: | Code function: | 0_2_0041A380 | |
Source: | Code function: | 12_2_0040C913 | |
Source: | Code function: | 12_2_0041A380 | |
Source: | Code function: | 12_2_006E3420 | |
Source: | Code function: | 12_2_006E3230 | |
Source: | Code function: | 12_2_006E3618 | |
Source: | Code function: | 12_2_006E34E8 | |
Source: | Code function: | 12_2_006E32F8 | |
Source: | Code function: | 12_2_006E3488 | |
Source: | Code function: | 12_2_006E3290 | |
Source: | Code function: | 12_2_006E3168 | |
Source: | Code function: | 12_2_006E3358 | |
Source: | Code function: | 12_2_006E3550 | |
Source: | Code function: | 12_2_006E31C8 | |
Source: | Code function: | 12_2_006E33C0 | |
Source: | Code function: | 12_2_006E35B0 | |
Source: | Code function: | 18_2_0039C913 |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00406A60 |
Source: | Code function: | 0_2_005BA736 |
Source: | Code function: | 0_2_00409A6B |
Source: | Code function: | 0_2_00409A6B | |
Source: | Code function: | 12_2_00409A6B | |
Source: | Code function: | 18_2_00399A6B |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Evasive API call chain: | graph_12-17934 |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00406069 |
Source: | Code function: | 0_2_005BDA24 | |
Source: | Code function: | 12_2_006F0642 | |
Source: | Code function: | 12_2_006E770C |
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | Executable created and started: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Registry key value modified: | Jump to behavior |
Source: | Code function: | 0_2_00409A6B |
Source: | Process created: |
Source: | Code function: | 0_2_00401000 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 18_2_0039199C |
Source: | Window / User API: | Jump to behavior |
Source: | Decision node followed by non-executed suspicious API: | graph_0-15483 | ||
Source: | Decision node followed by non-executed suspicious API: | graph_18-6424 | ||
Source: | Decision node followed by non-executed suspicious API: | graph_12-19268 |
Source: | Evaded block: | graph_18-6126 |
Source: | Evasive API call chain: | graph_12-18316 | ||
Source: | Evasive API call chain: | graph_18-7314 | ||
Source: | Evasive API call chain: | graph_0-15466 |
Source: | Evasive API call chain: | graph_18-7407 |
Source: | Evasive API call chain: | graph_12-17950 | ||
Source: | Evasive API call chain: | graph_0-15047 |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_0041A380 | |
Source: | Code function: | 12_2_0041A380 |
Source: | Code function: | 0_2_00401D96 |
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-15478 | ||
Source: | API call chain: | graph_18-6418 |
Anti Debugging |
---|
Source: | Debugger detection routine: | graph_18-7652 | ||
Source: | Debugger detection routine: | graph_12-19329 |
Source: | Code function: | 0_2_00406069 |
Source: | Code function: | 0_2_005BA013 | |
Source: | Code function: | 0_2_0208092B | |
Source: | Code function: | 0_2_02080D90 | |
Source: | Code function: | 12_2_006B092B | |
Source: | Code function: | 12_2_006B0D90 | |
Source: | Code function: | 12_2_006E3CFB |
Source: | Code function: | 0_2_0040EBCC |
Source: | Code function: | 0_2_00409A6B | |
Source: | Code function: | 12_2_00409A6B | |
Source: | Code function: | 18_2_00399A6B |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00407809 |
Source: | Code function: | 0_2_00406EDD |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0040405E |
Source: | Code function: | 0_2_0040EC54 |
Source: | Code function: | 0_2_00407809 |
Source: | Code function: | 0_2_0040B211 |
Source: | Code function: | 0_2_00409326 |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Process created: |
Source: | Process created: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_004088B0 | |
Source: | Code function: | 12_2_004088B0 | |
Source: | Code function: | 18_2_003988B0 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Valid Accounts | 41 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 3 Disable or Modify Tools | OS Credential Dumping | 12 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 1 Valid Accounts | 1 Valid Accounts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | Data from Removable Media | 12 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 3 Service Execution | 14 Windows Service | 1 Access Token Manipulation | 3 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 14 Windows Service | 22 Software Packing | NTDS | 15 System Information Discovery | Distributed Component Object Model | Input Capture | 112 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 412 Process Injection | 1 DLL Side-Loading | LSA Secrets | 211 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 12 Masquerading | Cached Domain Credentials | 11 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Valid Accounts | DCSync | 1 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Virtualization/Sandbox Evasion | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 Access Token Manipulation | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 412 Process Injection | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
79% | ReversingLabs | Win32.Trojan.RedLineStealer | ||
77% | Virustotal | Browse | ||
100% | Avira | TR/AD.Tofsee.riokt | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/AD.Tofsee.fkivj | ||
100% | Joe Sandbox ML | |||
88% | ReversingLabs | Win32.Trojan.GCleaner | ||
88% | ReversingLabs | Win32.Trojan.GCleaner |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mxs.mail.ru | 217.69.139.150 | true | true | unknown | |
mta5.am0.yahoodns.net | 67.195.228.109 | true | true | unknown | |
jotunheim.name | 80.66.75.11 | true | true | unknown | |
microsoft-com.mail.protection.outlook.com | 52.101.11.0 | true | true | unknown | |
vanaheim.cn | 185.228.234.180 | true | true | unknown | |
smtp.google.com | 64.233.166.26 | true | false | unknown | |
google.com | unknown | unknown | true | unknown | |
yahoo.com | unknown | unknown | true | unknown | |
mail.ru | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.101.40.26 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | true | |
52.101.11.0 | microsoft-com.mail.protection.outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | true | |
67.195.228.109 | mta5.am0.yahoodns.net | United States | 36647 | YAHOO-GQ1US | true | |
64.233.166.26 | smtp.google.com | United States | 15169 | GOOGLEUS | false | |
142.251.168.26 | unknown | United States | 15169 | GOOGLEUS | false | |
185.228.234.180 | vanaheim.cn | Russian Federation | 64439 | ITOS-ASRU | true | |
217.69.139.150 | mxs.mail.ru | Russian Federation | 47764 | MAILRU-ASMailRuRU | true | |
67.195.204.74 | unknown | United States | 26101 | YAHOO-3US | true | |
80.66.75.11 | jotunheim.name | Russian Federation | 20803 | RISS-ASRU | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1532438 |
Start date and time: | 2024-10-13 07:30:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | uMlLpvdLRU.exerenamed because original name is a hash value |
Original Sample Name: | 7ea98bd7f6a69b385310f5eaa86b6828.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@24/3@12/9 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
- Excluded IPs from analysis (whitelisted): 20.236.44.162, 20.112.250.133, 20.76.201.171, 20.70.246.20, 20.231.239.246
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
01:32:24 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
52.101.40.26 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
52.101.11.0 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
67.195.228.109 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex, Xmrig | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
185.228.234.180 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Tofsee | Browse | |||
217.69.139.150 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
mta5.am0.yahoodns.net | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Phorpiex | Browse |
| ||
jotunheim.name | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
mxs.mail.ru | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
YAHOO-GQ1US | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\uMlLpvdLRU.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10786816 |
Entropy (8bit): | 5.269688553800493 |
Encrypted: | false |
SSDEEP: | 49152:pp+Le6666666666666666666666666666666666666666666666666666666666T:p |
MD5: | 491E03099055090A2BCF55796B5D0830 |
SHA1: | 296C19B55B83B7406C31715177974D7E59312808 |
SHA-256: | C4D820B04DB007D9E2A56C83FDA9C8174FCA33C3C4844F6AA04E7210DB2B911A |
SHA-512: | 964916B69C34A75C542000C19D822B6EF0F00AB358CE5082C5A88786A123E100EF2A80F7240A9C63286D99A0EF2AAA3123D807A75E2AE36EFD74075180AA20FA |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10786816 |
Entropy (8bit): | 5.269688553800493 |
Encrypted: | false |
SSDEEP: | 49152:pp+Le6666666666666666666666666666666666666666666666666666666666T:p |
MD5: | 491E03099055090A2BCF55796B5D0830 |
SHA1: | 296C19B55B83B7406C31715177974D7E59312808 |
SHA-256: | C4D820B04DB007D9E2A56C83FDA9C8174FCA33C3C4844F6AA04E7210DB2B911A |
SHA-512: | 964916B69C34A75C542000C19D822B6EF0F00AB358CE5082C5A88786A123E100EF2A80F7240A9C63286D99A0EF2AAA3123D807A75E2AE36EFD74075180AA20FA |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\SysWOW64\netsh.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3773 |
Entropy (8bit): | 4.7109073551842435 |
Encrypted: | false |
SSDEEP: | 48:VHILZNfrI7WFY32iIiNOmV/HToZV9It199hiALlIg39bWA1RvTBi/g2eB:VoLr0y9iIiNOoHTou7bhBlIydWALLt2w |
MD5: | DA3247A302D70819F10BCEEBAF400503 |
SHA1: | 2857AA198EE76C86FC929CC3388A56D5FD051844 |
SHA-256: | 5262E1EE394F329CD1F87EA31BA4A396C4A76EDC3A87612A179F81F21606ABC8 |
SHA-512: | 48FFEC059B4E88F21C2AA4049B7D9E303C0C93D1AD771E405827149EDDF986A72EF49C0F6D8B70F5839DCDBD6B1EA8125C8B300134B7F71C47702B577AD090F8 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.400043831825845 |
TrID: |
|
File name: | uMlLpvdLRU.exe |
File size: | 243'712 bytes |
MD5: | 7ea98bd7f6a69b385310f5eaa86b6828 |
SHA1: | ab3ee16a99f901336fa6221f4fdc84e562154841 |
SHA256: | 930b96bbec596e80fd6b6e4a37c34000113e1affb5f1aadbce2049f5800a6fce |
SHA512: | 25f618ee87b577eec384fd49c40fe00dfa4caaf50b36227431ba838dd461024256a578857026d0942db495a6894b51a55d84190cbe78ab55f46c3c6471a0eb09 |
SSDEEP: | 3072:vRSPDpmSd0310NWYOTLGp+6vDYCm0aW9s/aL/MOvobE80Ogdh1ei4T6Ql:vyDpmSK3104/LS+alDz/MRP0Vdh1tQ |
TLSH: | 4734290266E36815FD62C7314E3B82F5FA1EBCA29E75267E31147FDF18721A38552B02 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........?H..lH..lH..l..QlI..l'.blQ..l'.WlZ..l'.cl-..lA.ZlM..lH..l9..l'.flI..l'.SlI..l'.TlI..lRichH..l........................PE..L.. |
Icon Hash: | 738733b18ba383e4 |
Entrypoint: | 0x401a87 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x654FCFD1 [Sat Nov 11 19:02:41 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 5107e1e1d9cfa977f2674eeaca10490f |
Instruction |
---|
call 00007F9294C05C52h |
jmp 00007F9294C017DEh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 00000328h |
mov dword ptr [0041FAF0h], eax |
mov dword ptr [0041FAECh], ecx |
mov dword ptr [0041FAE8h], edx |
mov dword ptr [0041FAE4h], ebx |
mov dword ptr [0041FAE0h], esi |
mov dword ptr [0041FADCh], edi |
mov word ptr [0041FB08h], ss |
mov word ptr [0041FAFCh], cs |
mov word ptr [0041FAD8h], ds |
mov word ptr [0041FAD4h], es |
mov word ptr [0041FAD0h], fs |
mov word ptr [0041FACCh], gs |
pushfd |
pop dword ptr [0041FB00h] |
mov eax, dword ptr [ebp+00h] |
mov dword ptr [0041FAF4h], eax |
mov eax, dword ptr [ebp+04h] |
mov dword ptr [0041FAF8h], eax |
lea eax, dword ptr [ebp+08h] |
mov dword ptr [0041FB04h], eax |
mov eax, dword ptr [ebp-00000320h] |
mov dword ptr [0041FA40h], 00010001h |
mov eax, dword ptr [0041FAF8h] |
mov dword ptr [0041F9F4h], eax |
mov dword ptr [0041F9E8h], C0000409h |
mov dword ptr [0041F9ECh], 00000001h |
mov eax, dword ptr [0041E004h] |
mov dword ptr [ebp-00000328h], eax |
mov eax, dword ptr [0041E008h] |
mov dword ptr [ebp-00000324h], eax |
call dword ptr [000000E8h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1ce84 | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x25000 | 0x1d3c8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1b000 | 0x194 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1977f | 0x19800 | ec7567fe8938f53a3781b3c97ef69087 | False | 0.7754193474264706 | data | 7.4254742701939 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x1b000 | 0x27c6 | 0x2800 | 8a4f899406b6c07bc94033367c77d80c | False | 0.353515625 | data | 4.982702804137893 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1e000 | 0x6240 | 0x2000 | 01fa0794ef041654340f7c151d43a38f | False | 0.184814453125 | data | 2.126919075500568 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x25000 | 0x1d3c8 | 0x1d400 | cca7a410f70eb0fbb4c0536c6b918dc7 | False | 0.43920272435897434 | data | 5.235838030261332 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
AFX_DIALOG_LAYOUT | 0x3d130 | 0x2 | data | 5.0 | ||
KADORUN | 0x3c510 | 0xbf7 | ASCII text, with very long lines (3063), with no line terminators | Turkish | Turkey | 0.6020241593209272 |
RT_CURSOR | 0x3d138 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.7368421052631579 | ||
RT_CURSOR | 0x3d268 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.06130705394190871 | ||
RT_ICON | 0x25aa0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Turkish | Turkey | 0.5868869936034116 |
RT_ICON | 0x26948 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Turkish | Turkey | 0.6606498194945848 |
RT_ICON | 0x271f0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Turkish | Turkey | 0.7194700460829493 |
RT_ICON | 0x278b8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Turkish | Turkey | 0.7622832369942196 |
RT_ICON | 0x27e20 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Turkish | Turkey | 0.5440871369294605 |
RT_ICON | 0x2a3c8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Turkish | Turkey | 0.6597091932457786 |
RT_ICON | 0x2b470 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Turkish | Turkey | 0.6782786885245902 |
RT_ICON | 0x2bdf8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Turkish | Turkey | 0.8023049645390071 |
RT_ICON | 0x2c2d8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Turkish | Turkey | 0.35154584221748403 |
RT_ICON | 0x2d180 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Turkish | Turkey | 0.5464801444043321 |
RT_ICON | 0x2da28 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Turkish | Turkey | 0.6146313364055299 |
RT_ICON | 0x2e0f0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Turkish | Turkey | 0.680635838150289 |
RT_ICON | 0x2e658 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Turkish | Turkey | 0.4262448132780083 |
RT_ICON | 0x30c00 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Turkish | Turkey | 0.5217213114754098 |
RT_ICON | 0x31588 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Turkish | Turkey | 0.5106382978723404 |
RT_ICON | 0x31a58 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Turkish | Turkey | 0.4069829424307036 |
RT_ICON | 0x32900 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Turkish | Turkey | 0.572202166064982 |
RT_ICON | 0x331a8 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Turkish | Turkey | 0.625 |
RT_ICON | 0x33870 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Turkish | Turkey | 0.630057803468208 |
RT_ICON | 0x33dd8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Turkish | Turkey | 0.4643527204502814 |
RT_ICON | 0x34e80 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Turkish | Turkey | 0.4504098360655738 |
RT_ICON | 0x35808 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Turkish | Turkey | 0.49556737588652483 |
RT_ICON | 0x35cd8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Turkish | Turkey | 0.2798507462686567 |
RT_ICON | 0x36b80 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Turkish | Turkey | 0.365072202166065 |
RT_ICON | 0x37428 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Turkish | Turkey | 0.3784562211981567 |
RT_ICON | 0x37af0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Turkish | Turkey | 0.3764450867052023 |
RT_ICON | 0x38058 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Turkish | Turkey | 0.25653526970954355 |
RT_ICON | 0x3a600 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Turkish | Turkey | 0.274624765478424 |
RT_ICON | 0x3b6a8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Turkish | Turkey | 0.28975409836065574 |
RT_ICON | 0x3c030 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Turkish | Turkey | 0.32092198581560283 |
RT_DIALOG | 0x3f9e8 | 0x84 | data | 0.7651515151515151 | ||
RT_STRING | 0x3fa70 | 0x362 | data | 0.4653579676674365 | ||
RT_STRING | 0x3fdd8 | 0x54a | data | 0.44091580502215655 | ||
RT_STRING | 0x40328 | 0xa0 | data | 0.61875 | ||
RT_STRING | 0x403c8 | 0x8ca | data | 0.41244444444444445 | ||
RT_STRING | 0x40c98 | 0x8ec | data | 0.4106830122591944 | ||
RT_STRING | 0x41588 | 0x8b0 | data | 0.4123201438848921 | ||
RT_STRING | 0x41e38 | 0x4fe | data | 0.44209702660406885 | ||
RT_STRING | 0x42338 | 0x8e | data | 0.6056338028169014 | ||
RT_ACCELERATOR | 0x3d108 | 0x28 | data | 1.025 | ||
RT_GROUP_CURSOR | 0x3f810 | 0x22 | data | 1.088235294117647 | ||
RT_GROUP_ICON | 0x319f0 | 0x68 | data | Turkish | Turkey | 0.7019230769230769 |
RT_GROUP_ICON | 0x3c498 | 0x76 | data | Turkish | Turkey | 0.6779661016949152 |
RT_GROUP_ICON | 0x2c260 | 0x76 | data | Turkish | Turkey | 0.6610169491525424 |
RT_GROUP_ICON | 0x35c70 | 0x68 | data | Turkish | Turkey | 0.7211538461538461 |
RT_VERSION | 0x3f838 | 0x1ac | data | 0.5864485981308412 |
DLL | Import |
---|---|
KERNEL32.dll | FillConsoleOutputCharacterA, SearchPathW, GetConsoleAliasesLengthW, GetNumaProcessorNode, DebugActiveProcessStop, GetDefaultCommConfigW, CallNamedPipeA, WriteConsoleOutputW, HeapAlloc, InterlockedDecrement, GlobalSize, GetEnvironmentStringsW, CreateDirectoryW, GetComputerNameW, GetSystemDefaultLCID, GetModuleHandleW, GetCommandLineA, GetSystemTimes, GlobalAlloc, LoadLibraryW, GetConsoleAliasExesLengthW, SetConsoleMode, GetFileAttributesW, GetBinaryTypeW, GetStartupInfoW, SetConsoleTitleA, GetShortPathNameA, InterlockedExchange, GetLastError, GetProcAddress, CopyFileA, SetStdHandle, EnterCriticalSection, BuildCommDCBW, GetNumaHighestNodeNumber, OpenWaitableTimerA, LoadLibraryA, UnhandledExceptionFilter, WritePrivateProfileStringA, QueryDosDeviceW, VirtualLock, FoldStringW, GetModuleFileNameA, FreeEnvironmentStringsW, SetCalendarInfoA, FindAtomW, CopyFileExA, SetFilePointer, WriteConsoleW, EncodePointer, DecodePointer, MultiByteToWideChar, ExitProcess, GetCommandLineW, HeapSetInformation, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, WriteFile, GetStdHandle, GetModuleFileNameW, HeapCreate, LeaveCriticalSection, Sleep, HeapSize, GetCPInfo, InterlockedIncrement, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, HeapFree, RtlUnwind, HeapReAlloc, WideCharToMultiByte, LCMapStringW, GetStringTypeW, GetConsoleCP, GetConsoleMode, FlushFileBuffers, IsProcessorFeaturePresent, ReadFile, CloseHandle, CreateFileW |
USER32.dll | GetUserObjectInformationW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Turkish | Turkey |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2024 07:31:41.171617985 CEST | 49911 | 25 | 192.168.2.6 | 52.101.11.0 |
Oct 13, 2024 07:31:42.267782927 CEST | 49911 | 25 | 192.168.2.6 | 52.101.11.0 |
Oct 13, 2024 07:31:44.267798901 CEST | 49911 | 25 | 192.168.2.6 | 52.101.11.0 |
Oct 13, 2024 07:31:44.535778046 CEST | 49931 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:31:44.535800934 CEST | 443 | 49931 | 185.228.234.180 | 192.168.2.6 |
Oct 13, 2024 07:31:44.535862923 CEST | 49931 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:31:48.267802954 CEST | 49911 | 25 | 192.168.2.6 | 52.101.11.0 |
Oct 13, 2024 07:31:56.361764908 CEST | 49911 | 25 | 192.168.2.6 | 52.101.11.0 |
Oct 13, 2024 07:32:01.190821886 CEST | 49987 | 25 | 192.168.2.6 | 67.195.228.109 |
Oct 13, 2024 07:32:02.267898083 CEST | 49987 | 25 | 192.168.2.6 | 67.195.228.109 |
Oct 13, 2024 07:32:04.267837048 CEST | 49987 | 25 | 192.168.2.6 | 67.195.228.109 |
Oct 13, 2024 07:32:08.271430969 CEST | 49987 | 25 | 192.168.2.6 | 67.195.228.109 |
Oct 13, 2024 07:32:16.283514977 CEST | 49987 | 25 | 192.168.2.6 | 67.195.228.109 |
Oct 13, 2024 07:32:21.208293915 CEST | 49989 | 25 | 192.168.2.6 | 64.233.166.26 |
Oct 13, 2024 07:32:22.221020937 CEST | 49989 | 25 | 192.168.2.6 | 64.233.166.26 |
Oct 13, 2024 07:32:24.236604929 CEST | 49989 | 25 | 192.168.2.6 | 64.233.166.26 |
Oct 13, 2024 07:32:24.533627987 CEST | 49931 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:32:24.533830881 CEST | 443 | 49931 | 185.228.234.180 | 192.168.2.6 |
Oct 13, 2024 07:32:24.533971071 CEST | 49931 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:32:24.644153118 CEST | 49991 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:32:24.644200087 CEST | 443 | 49991 | 185.228.234.180 | 192.168.2.6 |
Oct 13, 2024 07:32:24.644314051 CEST | 49991 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:32:28.236608028 CEST | 49989 | 25 | 192.168.2.6 | 64.233.166.26 |
Oct 13, 2024 07:32:36.236696959 CEST | 49989 | 25 | 192.168.2.6 | 64.233.166.26 |
Oct 13, 2024 07:32:41.237548113 CEST | 49993 | 25 | 192.168.2.6 | 217.69.139.150 |
Oct 13, 2024 07:32:42.266685963 CEST | 49993 | 25 | 192.168.2.6 | 217.69.139.150 |
Oct 13, 2024 07:32:44.392898083 CEST | 49993 | 25 | 192.168.2.6 | 217.69.139.150 |
Oct 13, 2024 07:32:48.408504009 CEST | 49993 | 25 | 192.168.2.6 | 217.69.139.150 |
Oct 13, 2024 07:32:56.408580065 CEST | 49993 | 25 | 192.168.2.6 | 217.69.139.150 |
Oct 13, 2024 07:33:04.658687115 CEST | 49991 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:33:04.658756971 CEST | 443 | 49991 | 185.228.234.180 | 192.168.2.6 |
Oct 13, 2024 07:33:04.658819914 CEST | 49991 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:33:04.793772936 CEST | 49994 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:33:04.793836117 CEST | 443 | 49994 | 185.228.234.180 | 192.168.2.6 |
Oct 13, 2024 07:33:04.793915987 CEST | 49994 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:33:44.783699989 CEST | 49994 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:33:44.783778906 CEST | 443 | 49994 | 185.228.234.180 | 192.168.2.6 |
Oct 13, 2024 07:33:44.783850908 CEST | 49994 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:33:44.893660069 CEST | 49997 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:33:44.893768072 CEST | 443 | 49997 | 185.228.234.180 | 192.168.2.6 |
Oct 13, 2024 07:33:44.893845081 CEST | 49997 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:34:09.040118933 CEST | 49999 | 25 | 192.168.2.6 | 52.101.40.26 |
Oct 13, 2024 07:34:10.049206972 CEST | 49999 | 25 | 192.168.2.6 | 52.101.40.26 |
Oct 13, 2024 07:34:12.080558062 CEST | 49999 | 25 | 192.168.2.6 | 52.101.40.26 |
Oct 13, 2024 07:34:16.080488920 CEST | 49999 | 25 | 192.168.2.6 | 52.101.40.26 |
Oct 13, 2024 07:34:24.080688000 CEST | 49999 | 25 | 192.168.2.6 | 52.101.40.26 |
Oct 13, 2024 07:34:24.893203020 CEST | 49997 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:34:24.893372059 CEST | 443 | 49997 | 185.228.234.180 | 192.168.2.6 |
Oct 13, 2024 07:34:24.893501043 CEST | 49997 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:34:25.004162073 CEST | 50000 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:34:25.004242897 CEST | 443 | 50000 | 185.228.234.180 | 192.168.2.6 |
Oct 13, 2024 07:34:25.004414082 CEST | 50000 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:34:29.058312893 CEST | 50001 | 25 | 192.168.2.6 | 67.195.204.74 |
Oct 13, 2024 07:34:30.064985991 CEST | 50001 | 25 | 192.168.2.6 | 67.195.204.74 |
Oct 13, 2024 07:34:32.064874887 CEST | 50001 | 25 | 192.168.2.6 | 67.195.204.74 |
Oct 13, 2024 07:34:36.065046072 CEST | 50001 | 25 | 192.168.2.6 | 67.195.204.74 |
Oct 13, 2024 07:34:44.080607891 CEST | 50001 | 25 | 192.168.2.6 | 67.195.204.74 |
Oct 13, 2024 07:34:49.073718071 CEST | 50003 | 25 | 192.168.2.6 | 142.251.168.26 |
Oct 13, 2024 07:34:50.080715895 CEST | 50003 | 25 | 192.168.2.6 | 142.251.168.26 |
Oct 13, 2024 07:34:52.096220016 CEST | 50003 | 25 | 192.168.2.6 | 142.251.168.26 |
Oct 13, 2024 07:34:56.111861944 CEST | 50003 | 25 | 192.168.2.6 | 142.251.168.26 |
Oct 13, 2024 07:35:04.111838102 CEST | 50003 | 25 | 192.168.2.6 | 142.251.168.26 |
Oct 13, 2024 07:35:05.018198013 CEST | 50000 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:35:05.018282890 CEST | 443 | 50000 | 185.228.234.180 | 192.168.2.6 |
Oct 13, 2024 07:35:05.018335104 CEST | 50000 | 443 | 192.168.2.6 | 185.228.234.180 |
Oct 13, 2024 07:35:05.235737085 CEST | 50004 | 443 | 192.168.2.6 | 80.66.75.11 |
Oct 13, 2024 07:35:05.235788107 CEST | 443 | 50004 | 80.66.75.11 | 192.168.2.6 |
Oct 13, 2024 07:35:05.235856056 CEST | 50004 | 443 | 192.168.2.6 | 80.66.75.11 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2024 07:31:41.096226931 CEST | 54147 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:31:41.149579048 CEST | 53 | 54147 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:31:44.034889936 CEST | 63765 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:31:44.512211084 CEST | 53 | 63765 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:32:01.174846888 CEST | 64645 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:32:01.181720972 CEST | 53 | 64645 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:32:01.182400942 CEST | 60575 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:32:01.190041065 CEST | 53 | 60575 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:32:21.190434933 CEST | 57882 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:32:21.198569059 CEST | 53 | 57882 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:32:21.199302912 CEST | 50508 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:32:21.207596064 CEST | 53 | 50508 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:32:41.221612930 CEST | 58732 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:32:41.229285955 CEST | 53 | 58732 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:32:41.229984045 CEST | 55199 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:32:41.237015009 CEST | 53 | 55199 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:34:09.032377005 CEST | 62026 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:34:09.039556026 CEST | 53 | 62026 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:34:29.050172091 CEST | 60948 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:34:29.057626009 CEST | 53 | 60948 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:34:49.065900087 CEST | 61419 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:34:49.073086977 CEST | 53 | 61419 | 1.1.1.1 | 192.168.2.6 |
Oct 13, 2024 07:35:05.128333092 CEST | 53367 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 13, 2024 07:35:05.235069990 CEST | 53 | 53367 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 13, 2024 07:31:41.096226931 CEST | 192.168.2.6 | 1.1.1.1 | 0x1b4b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 07:31:44.034889936 CEST | 192.168.2.6 | 1.1.1.1 | 0x42c3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 07:32:01.174846888 CEST | 192.168.2.6 | 1.1.1.1 | 0x13d0 | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
Oct 13, 2024 07:32:01.182400942 CEST | 192.168.2.6 | 1.1.1.1 | 0xee2c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 07:32:21.190434933 CEST | 192.168.2.6 | 1.1.1.1 | 0x55c6 | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
Oct 13, 2024 07:32:21.199302912 CEST | 192.168.2.6 | 1.1.1.1 | 0xbb0d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 07:32:41.221612930 CEST | 192.168.2.6 | 1.1.1.1 | 0xb646 | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
Oct 13, 2024 07:32:41.229984045 CEST | 192.168.2.6 | 1.1.1.1 | 0x5f19 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 07:34:09.032377005 CEST | 192.168.2.6 | 1.1.1.1 | 0xf002 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 07:34:29.050172091 CEST | 192.168.2.6 | 1.1.1.1 | 0xc44b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 07:34:49.065900087 CEST | 192.168.2.6 | 1.1.1.1 | 0x6634 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 07:35:05.128333092 CEST | 192.168.2.6 | 1.1.1.1 | 0x796d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 13, 2024 07:31:41.149579048 CEST | 1.1.1.1 | 192.168.2.6 | 0x1b4b | No error (0) | 52.101.11.0 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:31:41.149579048 CEST | 1.1.1.1 | 192.168.2.6 | 0x1b4b | No error (0) | 52.101.42.0 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:31:41.149579048 CEST | 1.1.1.1 | 192.168.2.6 | 0x1b4b | No error (0) | 52.101.8.49 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:31:41.149579048 CEST | 1.1.1.1 | 192.168.2.6 | 0x1b4b | No error (0) | 52.101.40.26 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:31:44.512211084 CEST | 1.1.1.1 | 192.168.2.6 | 0x42c3 | No error (0) | 185.228.234.180 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:01.181720972 CEST | 1.1.1.1 | 192.168.2.6 | 0x13d0 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 13, 2024 07:32:01.181720972 CEST | 1.1.1.1 | 192.168.2.6 | 0x13d0 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 13, 2024 07:32:01.181720972 CEST | 1.1.1.1 | 192.168.2.6 | 0x13d0 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 13, 2024 07:32:01.190041065 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2c | No error (0) | 67.195.228.109 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:01.190041065 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2c | No error (0) | 67.195.204.72 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:01.190041065 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2c | No error (0) | 98.136.96.77 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:01.190041065 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2c | No error (0) | 67.195.204.79 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:01.190041065 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2c | No error (0) | 67.195.228.110 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:01.190041065 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2c | No error (0) | 67.195.204.77 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:01.190041065 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2c | No error (0) | 98.136.96.76 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:01.190041065 CEST | 1.1.1.1 | 192.168.2.6 | 0xee2c | No error (0) | 67.195.204.73 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:21.198569059 CEST | 1.1.1.1 | 192.168.2.6 | 0x55c6 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 13, 2024 07:32:21.207596064 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb0d | No error (0) | 64.233.166.26 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:21.207596064 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb0d | No error (0) | 74.125.206.26 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:21.207596064 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb0d | No error (0) | 64.233.167.26 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:21.207596064 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb0d | No error (0) | 64.233.167.27 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:21.207596064 CEST | 1.1.1.1 | 192.168.2.6 | 0xbb0d | No error (0) | 74.125.206.27 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:41.229285955 CEST | 1.1.1.1 | 192.168.2.6 | 0xb646 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
Oct 13, 2024 07:32:41.237015009 CEST | 1.1.1.1 | 192.168.2.6 | 0x5f19 | No error (0) | 217.69.139.150 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:32:41.237015009 CEST | 1.1.1.1 | 192.168.2.6 | 0x5f19 | No error (0) | 94.100.180.31 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:09.039556026 CEST | 1.1.1.1 | 192.168.2.6 | 0xf002 | No error (0) | 52.101.40.26 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:09.039556026 CEST | 1.1.1.1 | 192.168.2.6 | 0xf002 | No error (0) | 52.101.42.0 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:09.039556026 CEST | 1.1.1.1 | 192.168.2.6 | 0xf002 | No error (0) | 52.101.11.0 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:09.039556026 CEST | 1.1.1.1 | 192.168.2.6 | 0xf002 | No error (0) | 52.101.8.49 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:29.057626009 CEST | 1.1.1.1 | 192.168.2.6 | 0xc44b | No error (0) | 67.195.204.74 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:29.057626009 CEST | 1.1.1.1 | 192.168.2.6 | 0xc44b | No error (0) | 67.195.204.77 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:29.057626009 CEST | 1.1.1.1 | 192.168.2.6 | 0xc44b | No error (0) | 67.195.204.73 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:29.057626009 CEST | 1.1.1.1 | 192.168.2.6 | 0xc44b | No error (0) | 98.136.96.74 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:29.057626009 CEST | 1.1.1.1 | 192.168.2.6 | 0xc44b | No error (0) | 67.195.228.106 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:29.057626009 CEST | 1.1.1.1 | 192.168.2.6 | 0xc44b | No error (0) | 67.195.228.109 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:29.057626009 CEST | 1.1.1.1 | 192.168.2.6 | 0xc44b | No error (0) | 67.195.204.79 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:29.057626009 CEST | 1.1.1.1 | 192.168.2.6 | 0xc44b | No error (0) | 98.136.96.76 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:49.073086977 CEST | 1.1.1.1 | 192.168.2.6 | 0x6634 | No error (0) | 142.251.168.26 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:49.073086977 CEST | 1.1.1.1 | 192.168.2.6 | 0x6634 | No error (0) | 142.251.168.27 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:49.073086977 CEST | 1.1.1.1 | 192.168.2.6 | 0x6634 | No error (0) | 142.251.173.27 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:49.073086977 CEST | 1.1.1.1 | 192.168.2.6 | 0x6634 | No error (0) | 64.233.184.26 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:34:49.073086977 CEST | 1.1.1.1 | 192.168.2.6 | 0x6634 | No error (0) | 64.233.184.27 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 07:35:05.235069990 CEST | 1.1.1.1 | 192.168.2.6 | 0x796d | No error (0) | 80.66.75.11 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:31:01 |
Start date: | 13/10/2024 |
Path: | C:\Users\user\Desktop\uMlLpvdLRU.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 243'712 bytes |
MD5 hash: | 7EA98BD7F6A69B385310F5EAA86B6828 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 01:31:07 |
Start date: | 13/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 01:31:07 |
Start date: | 13/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 01:31:07 |
Start date: | 13/10/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 01:31:07 |
Start date: | 13/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 01:31:08 |
Start date: | 13/10/2024 |
Path: | C:\Windows\SysWOW64\sc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61'440 bytes |
MD5 hash: | D9D7684B8431A0D10D0E76FE9F5FFEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 7 |
Start time: | 01:31:08 |
Start date: | 13/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 01:31:09 |
Start date: | 13/10/2024 |
Path: | C:\Windows\SysWOW64\sc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61'440 bytes |
MD5 hash: | D9D7684B8431A0D10D0E76FE9F5FFEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 9 |
Start time: | 01:31:09 |
Start date: | 13/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 01:31:09 |
Start date: | 13/10/2024 |
Path: | C:\Windows\SysWOW64\sc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8a0000 |
File size: | 61'440 bytes |
MD5 hash: | D9D7684B8431A0D10D0E76FE9F5FFEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 11 |
Start time: | 01:31:09 |
Start date: | 13/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 01:31:09 |
Start date: | 13/10/2024 |
Path: | C:\Windows\SysWOW64\yuzqifwu\bndqedvz.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 10'786'816 bytes |
MD5 hash: | 491E03099055090A2BCF55796B5D0830 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 13 |
Start time: | 01:31:10 |
Start date: | 13/10/2024 |
Path: | C:\Windows\SysWOW64\netsh.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa60000 |
File size: | 82'432 bytes |
MD5 hash: | 4E89A1A088BE715D6C946E55AB07C7DF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 14 |
Start time: | 01:31:10 |
Start date: | 13/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 18 |
Start time: | 01:31:29 |
Start date: | 13/10/2024 |
Path: | C:\Windows\SysWOW64\svchost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x650000 |
File size: | 46'504 bytes |
MD5 hash: | 1ED18311E3DA35942DB37D15FA40CC5B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Has exited: | false |
Target ID: | 20 |
Start time: | 01:31:46 |
Start date: | 13/10/2024 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7403e0000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 21 |
Start time: | 01:33:10 |
Start date: | 13/10/2024 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7403e0000 |
File size: | 55'320 bytes |
MD5 hash: | B7F884C1B74A263F746EE12A5F7C9F6A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | false |
Execution Graph
Execution Coverage: | 4% |
Dynamic/Decrypted Code Coverage: | 2% |
Signature Coverage: | 26.2% |
Total number of Nodes: | 1608 |
Total number of Limit Nodes: | 21 |
Graph
Function 00409A6B Relevance: 98.8, APIs: 48, Strings: 8, Instructions: 799stringsleepregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041A380 Relevance: 56.3, APIs: 30, Strings: 2, Instructions: 293timelibraryfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409326 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 284registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406A60 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 106fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040EC54 Relevance: 4.5, APIs: 3, Instructions: 24timeCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 005BA736 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040EBCC Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004073FF Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 345registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040704C Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 332registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040675C Relevance: 19.7, APIs: 13, Instructions: 199fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041A696 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60libraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004099D2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54stringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041A0A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46librarymemoryloaderCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35sleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004091EB Relevance: 3.1, APIs: 2, Instructions: 119sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02080E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406DC2 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 005BA3F5 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040C913 Relevance: 113.4, APIs: 45, Strings: 19, Instructions: 1397filestringprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401000 Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040B211 Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407809 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401280 Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 417stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401D96 Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406EDD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00408E26 Relevance: 4.6, APIs: 3, Instructions: 63fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004088B0 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 005BA013 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02080D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02089EA0 Relevance: 59.9, APIs: 28, Strings: 6, Instructions: 421stringregistryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02087CFC Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407A95 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040A7C1 Relevance: 38.8, APIs: 8, Strings: 14, Instructions: 299networkstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02087A70 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00408328 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040199C Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 106memorylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208858F Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 361registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 020814E7 Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 417stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02087666 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 345registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AD89 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 121timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402DF2 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 97memorylibrarynetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208958D Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040BE31 Relevance: 18.2, APIs: 6, Strings: 6, Instructions: 152stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02081FFD Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 205libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F315 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 103networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040C2DC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02083059 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97memorylibrarynetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402D21 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85memorylibrarystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406CC9 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040977C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82threadinjectionprocessCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208F57C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02082F88 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85memorylibrarystringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02086F30 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 020892CB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00409064 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 020899E3 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadinjectionprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E3CA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02086CC7 Relevance: 10.6, APIs: 7, Instructions: 106fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208AA28 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 247stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E8A1 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 172stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208E8BB Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 96stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02086E0E Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208C543 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 182threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004080C9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208E2FC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E095 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AD08 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55stringnetworkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208B478 Relevance: 7.6, APIs: 5, Instructions: 131timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402923 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E654 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 96stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004026FF Relevance: 7.6, APIs: 5, Instructions: 96networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F26D Relevance: 7.6, APIs: 5, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402419 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208E795 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E52E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401AC3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02087665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02089966 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004096FF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 020828EB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 020869C3 Relevance: 6.2, APIs: 4, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208417F Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 020841F3 Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403F18 Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403F8C Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208E036 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 35stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041A310 Relevance: 6.0, APIs: 4, Instructions: 32memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A4C7 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404E92 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404BD1 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004030FA Relevance: 6.0, APIs: 4, Instructions: 23sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208E3DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E177 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02088330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208E631 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0208AFF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02089452 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004038F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AB81 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004026B2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402684 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040EAE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02083189 Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402F22 Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 2.6% |
Dynamic/Decrypted Code Coverage: | 97% |
Signature Coverage: | 0% |
Total number of Nodes: | 1622 |
Total number of Limit Nodes: | 16 |
Graph
Function 00409A6B Relevance: 102.3, APIs: 48, Strings: 10, Instructions: 799stringsleepregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041A380 Relevance: 56.3, APIs: 30, Strings: 2, Instructions: 293timelibraryfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004073FF Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040405E Relevance: 16.7, APIs: 11, Instructions: 203COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040977C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadprocessinjectionCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041A696 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60libraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404280 Relevance: 7.6, APIs: 5, Instructions: 124COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041A0A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46librarymemoryloaderCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040EC54 Relevance: 4.5, APIs: 3, Instructions: 24timeCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406E36 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006E441E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406DC2 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00409892 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006E40DD Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004098F2 Relevance: 1.3, APIs: 1, Instructions: 37sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B9EA0 Relevance: 59.9, APIs: 28, Strings: 6, Instructions: 421stringregistryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401000 Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040B211 Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B7CFC Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407A95 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040A7C1 Relevance: 38.8, APIs: 8, Strings: 14, Instructions: 299networkstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B7A70 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407809 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00408328 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401280 Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 417stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401D96 Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040199C Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 106memorylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B858F Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 361registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B14E7 Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 417stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B7666 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040704C Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 332registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AD89 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 121timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402DF2 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 97memorylibrarynetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040675C Relevance: 19.7, APIs: 13, Instructions: 199fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00409326 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B1FFD Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 205libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F315 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 103networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040C2DC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B3059 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97memorylibrarynetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402D21 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85memorylibrarystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040BE31 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 152stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406A60 Relevance: 13.6, APIs: 9, Instructions: 106fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006BF57C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B2F88 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85memorylibrarystringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406CC9 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B99E3 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadinjectionprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B6CC7 Relevance: 10.6, APIs: 7, Instructions: 106fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B6F30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BAA28 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 247stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E8A1 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 172stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006BE8BB Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 96stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B6E0E Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406BA7 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006BC543 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 182threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004080C9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006BE2FC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AD08 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55stringnetworkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006BB478 Relevance: 7.6, APIs: 5, Instructions: 131timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402923 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E654 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 96stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004026FF Relevance: 7.6, APIs: 5, Instructions: 96networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040F26D Relevance: 7.6, APIs: 5, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B93AC Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00409145 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402419 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401AC3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406EDD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B28EB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B69C3 Relevance: 6.2, APIs: 4, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B417F Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B41F3 Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403F18 Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403F8C Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006BE036 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 35stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041A310 Relevance: 6.0, APIs: 4, Instructions: 32memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A4C7 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404E92 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404BD1 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004030FA Relevance: 6.0, APIs: 4, Instructions: 23sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006BE3DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B8330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006BAFF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B9452 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004038F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040AB81 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004026B2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402684 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040EAE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 006B3189 Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402F22 Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 15.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0.7% |
Total number of Nodes: | 1807 |
Total number of Limit Nodes: | 18 |
Graph
Function 0039C913 Relevance: 115.1, APIs: 45, Strings: 20, Instructions: 1397filestringprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00399A6B Relevance: 100.5, APIs: 48, Strings: 9, Instructions: 799stringsleepregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039199C Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 106memorylibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00397A95 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00397809 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00398328 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00391D96 Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 003973FF Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039675C Relevance: 19.7, APIs: 13, Instructions: 199fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039F315 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 103networkCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039405E Relevance: 16.7, APIs: 11, Instructions: 203COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00392D21 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85memorylibrarystringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 003980C9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00391AC3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039F26D Relevance: 7.6, APIs: 5, Instructions: 63COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00392684 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039EC2E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14memoryCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039E52E Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039877E Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 100sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039EC54 Relevance: 4.5, APIs: 3, Instructions: 24timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 003930B5 Relevance: 3.0, APIs: 2, Instructions: 29networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039EBED Relevance: 3.0, APIs: 2, Instructions: 27memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039EBCC Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039F43E Relevance: 1.5, APIs: 1, Instructions: 33networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00391978 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039DD84 Relevance: 1.3, APIs: 1, Instructions: 31stringCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00391000 Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039B211 Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039A7C1 Relevance: 40.5, APIs: 8, Strings: 15, Instructions: 299networkstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00391280 Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 417stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039704C Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 332registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039AD89 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 121timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00392DF2 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 97memorylibrarynetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00399326 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039C2DC Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039BE31 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 152stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00396A60 Relevance: 13.6, APIs: 9, Instructions: 106fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00396CC9 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039977C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadinjectionprocessCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039E8A1 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 172stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00396BA7 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039AD08 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55stringnetworkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00394280 Relevance: 7.6, APIs: 5, Instructions: 124COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00392923 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 003926FF Relevance: 7.6, APIs: 5, Instructions: 96networkCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00399145 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00392419 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00396EDD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039E654 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00393F18 Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00393F8C Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00394E92 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039A4C7 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00394BD1 Relevance: 6.0, APIs: 4, Instructions: 27sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 003930FA Relevance: 6.0, APIs: 4, Instructions: 23sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 003926B2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0039EAE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13libraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00392F22 Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|