Windows
Analysis Report
SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe
Overview
General Information
Detection
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe (PID: 4404 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Inj ect5.1262. 5931.28554 .exe" MD5: 09289584ED12A81A0A2A2D6DF31DF6DA) - RegAsm.exe (PID: 3724 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) - WerFault.exe (PID: 5712 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 724 -s 162 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
| |
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
Click to see the 1 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XWorm | Yara detected XWorm | Joe Security | ||
MALWARE_Win_AsyncRAT | Detects AsyncRAT | ditekSHen |
|
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 1_2_00918390 | |
Source: | Code function: | 1_2_009156B8 | |
Source: | Code function: | 1_2_00915F88 | |
Source: | Code function: | 1_2_00910BA0 | |
Source: | Code function: | 1_2_00915370 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 11 Windows Management Instrumentation | 1 DLL Side-Loading | 311 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 131 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 141 Virtualization/Sandbox Evasion | LSASS Memory | 141 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 311 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 13 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | ReversingLabs | Win32.Trojan.NeptuneLoader |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
167.71.56.116 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1537052 |
Start date and time: | 2024-10-18 14:13:35 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe |
Detection: | MAL |
Classification: | mal88.troj.evad.winEXE@4/5@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.22
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe
Time | Type | Description |
---|---|---|
08:15:05 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
167.71.56.116 | Get hash | malicious | XWorm | Browse | ||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | Quasar | Browse | |||
Get hash | malicious | Quasar | Browse | |||
Get hash | malicious | AsyncRAT | Browse | |||
Get hash | malicious | njRat | Browse | |||
Get hash | malicious | Nanocore | Browse | |||
Get hash | malicious | Nanocore | Browse | |||
Get hash | malicious | AsyncRAT | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
DIGITALOCEAN-ASNUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_9be59e14b6b73c7898b15b8fa4185e5466451f4_38d14e40_5cfabcf7-ef7b-4806-add7-d070ca2cd15e\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.2814736197578909 |
Encrypted: | false |
SSDEEP: | 192:dVjeFy/WZKN0BU/qaUtY3oXcULzuiFVZ24IO8V:ftAzBU/qaUtXcQzuiFVY4IO8V |
MD5: | F1C3B794BD374139296F91ABB3D46191 |
SHA1: | 918BC91617CDD35B67A2EDDAAA0DCEF031608572 |
SHA-256: | 1973189F6DCE93FB3495296662C22C2EC6BE0056F0E853B3E93F217B76DE413B |
SHA-512: | E9E9C407874C8BEECDDBDD93874C80F61A769954E55E0BBDB2AED081B75BF1FEA47EA916C60E842C7C33E60132FC78EC96D1E5FC91B4F5BF139E38BC6BAA9ACC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290141 |
Entropy (8bit): | 3.7033485185724424 |
Encrypted: | false |
SSDEEP: | 1536:Y4ClNpN4uE2aOcFZBWhuLTgEI3G5w7aSVXAjmAZI99T9CDpofRtTxD8MCWesWPJ0:Y4Y4uEqcFZFLTgE2+y4IIpaPFDXI |
MD5: | 03603F512EBBDC9394322B3D8AFA17C1 |
SHA1: | AC8F61E779FE5068BC6F592B378DFF25EBDD4795 |
SHA-256: | E95CBEB2B2C7A4F3F95DD74E10F5B834F817C7A8DDAE3D4AE921AD22F70FBDDD |
SHA-512: | EA89874DF5C6E62D6CFDB9819D0C64B8418EC87A0F641E686641F0CA2CE5186A08F3D5D49D1E2ABFC97816F5115F7BEBFF2737FCA46382B1A4600367288876C3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6376 |
Entropy (8bit): | 3.71529692948423 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJsjf6aZxXYZOebpru89b4tMsfF61m:R6lXJWf6sxXY8eB6ffV |
MD5: | 43689B6B8290B84327EEA2D715490543 |
SHA1: | 565509DCE4D34E3D55143A8A60B11517AFE0392E |
SHA-256: | 6138B74DDAC2E9939BC92EC03FE30EF8E19D2CFBD22A41616E1F1081F8D67762 |
SHA-512: | 10F5A96A6676AA62DEB3B70404D7E6D62E56FE16EE36AB9974DA5D2CA04D8B42787337871F65773BEAEBDE1BB84D95AC9B992AB6F53B7A0298BDF3D29139C94E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4721 |
Entropy (8bit): | 4.441746063891815 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs7Jg77aI9roWpW8VYYYm8M4JfuyziF7D+q8vZyzeQgLuOLuard:uIjfVI7VB7VMJfuagKZaeBukuard |
MD5: | 32590A0A78B07C6A99DB53F0D6F6A8E5 |
SHA1: | E3F9AC744DB0546FCC3A25DFEA26F4F56006C44A |
SHA-256: | 5C436A1083B88BD57354E451EECFBB35C9731C773788D04B84BC9396EBF892A8 |
SHA-512: | F2B13D7CF5DAB7192CF1DBA382E825FD0BFA5892E8AFD27C8285BBB09D687FE92775F8AA790C04BF0F8BCDC72D82781CC10E16BF12D75071D349DD2CC449ADF2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.422358988559259 |
Encrypted: | false |
SSDEEP: | 6144:kSvfpi6ceLP/9skLmb0OTyWSPHaJG8nAgeMZMMhA2fX4WABlEnNk0uhiTw:vvloTyW+EZMM6DFye03w |
MD5: | 5D06655C78C77FF7545C5BA1C3F29E95 |
SHA1: | 9D17550D676D79260C2F1CC8767D253CFC33A6FB |
SHA-256: | FAA9F37010676F4A241BAC1E12BFCF858BDC389E03AF93E95B6A7BC23E1AC808 |
SHA-512: | CF845F05ACA0BB3F7CA4269B4794328161810741CFF2C130DF894E1832F68E477FE8FFA261A68E172AE7459459FAE02B608F3F886966FA34911F2956D1E2BAE0 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.309641950556383 |
TrID: |
|
File name: | SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe |
File size: | 2'121'456 bytes |
MD5: | 09289584ed12a81a0a2a2d6df31df6da |
SHA1: | 26fb4b863c809c1dde042bf5fe9d1de98e694487 |
SHA256: | 2ce4cfe235350e3cb4f613e988203e8c6745db826bcb1f0aa2399d9427ef2357 |
SHA512: | e6d4cea771d4cdc0fa958aef23fc7f9ad575b2e49bec65e8b22fb2de5ce551de6936d052544004200a097410fbb7109b7d6f71d1c01889bb9b5e0dc53fb72ac7 |
SSDEEP: | 24576:QljLYQBtY2rLbnoQVNYRvobF5ZIMfffffffffffffffTEqNrK2Y/l6q3:QxbB7VYSMR/l6q3 |
TLSH: | 5AA5F703EF6452B5E93D36BA11B26BB5473BE52BDC8B480A59B3347F8A231D0382D355 |
File Content Preview: | MZP.....................@...............................................!..L.!This program cannot be run in DOS mode....$...................................................................................................................................... |
Icon Hash: | 2bbd7b3bbb91184c |
Entrypoint: | 0x541228 |
Entrypoint Section: | .itext |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6594420D [Tue Jan 2 17:04:13 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | c27196cb386d9c2fcebfe58d6b783f7f |
Signature Valid: | false |
Signature Issuer: | SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 0CFB7685B54EF58E0DD65B242E82E080 |
Thumbprint SHA-1: | 2D5609B5B7FB15C2CCF27F91E6AF062511E37170 |
Thumbprint SHA-256: | 751E9D2F2901B771BE8DA1AFB24B2D3E51E4EA32B8E21CA425DD280701608FBA |
Serial: | 07AD5CFABFBBAA |
Instruction |
---|
push ebp |
mov ebp, esp |
mov ecx, 0000000Dh |
push 00000000h |
push 00000000h |
dec ecx |
jne 00007F91B8C2CB5Bh |
push ebx |
push esi |
mov eax, 0053AF30h |
call 00007F91B8AFCABEh |
xor eax, eax |
push ebp |
push 00541838h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
mov dl, 01h |
mov eax, dword ptr [0053ABCCh] |
call 00007F91B8AF3CC4h |
mov esi, eax |
mov eax, 00561A68h |
mov edx, esi |
test edx, edx |
je 00007F91B8C2CB65h |
sub edx, FFFFFFF8h |
call 00007F91B8AFA1B3h |
xor eax, eax |
mov dword ptr [ebp-14h], eax |
xor ecx, ecx |
push ebp |
push 005417F9h |
push dword ptr fs:[ecx] |
mov dword ptr fs:[ecx], esp |
lea edx, dword ptr [ebp-14h] |
mov eax, 00000001h |
call 00007F91B8C25227h |
xor eax, eax |
mov dword ptr [ebp-18h], eax |
xor ecx, ecx |
push ebp |
push 005417DAh |
push dword ptr fs:[ecx] |
mov dword ptr fs:[ecx], esp |
lea edx, dword ptr [ebp-18h] |
mov eax, 00000002h |
call 00007F91B8C25207h |
mov edx, dword ptr [ebp-18h] |
mov eax, edx |
test eax, eax |
je 00007F91B8C2CB67h |
sub eax, 04h |
mov eax, dword ptr [eax] |
test eax, eax |
jle 00007F91B8C2CB76h |
mov eax, edx |
test eax, eax |
je 00007F91B8C2CB67h |
sub eax, 04h |
mov eax, dword ptr [eax] |
lea edx, dword ptr [ebp-18h] |
xchg eax, edx |
call 00007F91B8AF65E5h |
lea ecx, dword ptr [ebp-44h] |
mov edx, 00541854h |
mov eax, dword ptr [ebp-18h] |
call 00007F91B8BBD9F9h |
mov edx, dword ptr [ebp-44h] |
mov eax, 00561A4Ch |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x164000 | 0x71 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x162000 | 0xeaa | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x180000 | 0x91842 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x204a00 | 0x14f0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x167000 | 0x18968 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x166000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1622c4 | 0x24c | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x163000 | 0x1ea | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x13ec30 | 0x13ee00 | c51c6cb37ed5ce0e3f5505dc3ac403bc | False | 0.36596019330654644 | data | 6.490706528468914 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x140000 | 0x1934 | 0x1a00 | 7ac92331d0c7df1bc9e4c0d07104c159 | False | 0.5147235576923077 | data | 6.232517754168578 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x142000 | 0x182d4 | 0x18400 | a20ea187c764645fcd5c35d906f0f7f6 | False | 0.18651336984536082 | data | 5.281725279036479 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x15b000 | 0x6a6c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x162000 | 0xeaa | 0x1000 | 3cf5ec88566996006540ea535e613c5c | False | 0.352294921875 | zlib compressed data | 4.7520074705410895 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x163000 | 0x1ea | 0x200 | 61251115c0a0c926bd55f02b7ec230a7 | False | 0.416015625 | firmware 100 v0 (revision 1915819520) (1\026 , version 52263.16640.35879 (region 2284852736), 0 bytes or less, UNKNOWN1 0x88301600, at 0 0 bytes , at 0 0 bytes , at 0x48534000 3226615808 bytes | 3.345822242610369 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x164000 | 0x71 | 0x200 | 93b1b87c3109e7fee7b3e8bb61ade18e | False | 0.1796875 | data | 1.3456704524513246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x165000 | 0x20 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x166000 | 0x5d | 0x200 | fdcc303ff40bb15074bd3ec3e38eac94 | False | 0.189453125 | data | 1.376875570449468 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x167000 | 0x18968 | 0x18a00 | 17ed0a2e57f1b8c5b6904d0a2d26f915 | False | 0.528216211928934 | data | 6.669990802122488 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x180000 | 0x91842 | 0x91a00 | 1608fa01be6fd3aefd5f8e76194afd48 | False | 0.1028014350858369 | data | 3.4961514116837944 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x180618 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | 0.47681236673773986 | ||
RT_ICON | 0x1814c0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | 0.6078519855595668 | ||
RT_ICON | 0x181d68 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | 0.4971198156682028 | ||
RT_ICON | 0x182430 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | 0.5852601156069365 | ||
RT_ICON | 0x182998 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.30933609958506225 | ||
RT_ICON | 0x184f40 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.40384615384615385 | ||
RT_ICON | 0x185fe8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | 0.4319672131147541 | ||
RT_ICON | 0x186970 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.5939716312056738 | ||
RT_STRING | 0x186dd8 | 0x33c | data | 0.4190821256038647 | ||
RT_STRING | 0x187114 | 0x3dc | data | 0.2834008097165992 | ||
RT_STRING | 0x1874f0 | 0x370 | data | 0.4147727272727273 | ||
RT_STRING | 0x187860 | 0x464 | data | 0.37277580071174377 | ||
RT_STRING | 0x187cc4 | 0x4a8 | data | 0.3213087248322148 | ||
RT_STRING | 0x18816c | 0x3d4 | data | 0.376530612244898 | ||
RT_STRING | 0x188540 | 0x440 | data | 0.3704044117647059 | ||
RT_STRING | 0x188980 | 0x1d0 | data | 0.40301724137931033 | ||
RT_STRING | 0x188b50 | 0xcc | data | 0.6225490196078431 | ||
RT_STRING | 0x188c1c | 0x17c | data | 0.55 | ||
RT_STRING | 0x188d98 | 0x384 | data | 0.3811111111111111 | ||
RT_STRING | 0x18911c | 0x3e0 | data | 0.3326612903225806 | ||
RT_STRING | 0x1894fc | 0x368 | data | 0.37844036697247707 | ||
RT_STRING | 0x189864 | 0x294 | data | 0.43787878787878787 | ||
RT_RCDATA | 0x189af8 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x189b08 | 0x40c | data | 0.5318532818532818 | ||
RT_GROUP_ICON | 0x189f14 | 0x76 | data | 0.6610169491525424 | ||
RT_VERSION | 0x189f8c | 0x4b8 | COM executable for DOS | English | United States | 0.3120860927152318 |
RT_HTML | 0x18a444 | 0x873f3 | data | 0.08053670679512104 | ||
RT_HTML | 0x211838 | 0xa | ASCII text, with no line terminators | 1.8 |
DLL | Import |
---|---|
kernel32.dll | GetACP, CloseHandle, LocalFree, SizeofResource, ReadProcessMemory, QueryPerformanceFrequency, IsDebuggerPresent, VirtualFree, SetThreadContext, GetThreadContext, GetFullPathNameW, GetProcessHeap, ExitProcess, HeapAlloc, GetCPInfoExW, WriteProcessMemory, RtlUnwind, GetCPInfo, EnumSystemLocalesW, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, CopyFileW, LoadLibraryA, ResetEvent, GetVersion, FreeResource, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, ReleaseMutex, LoadResource, SuspendThread, GetTickCount, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetCommandLineW, GetSystemInfo, LeaveCriticalSection, GetProcAddress, ResumeThread, VirtualAllocEx, GetVersionExW, VerifyVersionInfoW, HeapCreate, LCMapStringW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, CreateMutexA, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, IsValidLocale, TlsSetValue, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, CreateEventW, SetThreadLocale, GetThreadLocale |
user32.dll | CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, CharLowerBuffW, LoadStringW, CharUpperW, PeekMessageW, GetSystemMetrics, MessageBoxW |
oleaut32.dll | SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate |
msvcrt.dll | isupper, isalpha, isalnum, toupper, memchr, memcmp, memcpy, memset, isprint, isspace, iscntrl, isxdigit, ispunct, isgraph, islower, tolower |
advapi32.dll | RegQueryValueExW, RegCloseKey, RegOpenKeyExW |
Name | Ordinal | Address |
---|---|---|
__dbk_fcall_wrapper | 2 | 0x411070 |
dbkFCallWrapperAddr | 1 | 0x55e63c |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 14:14:36.690715075 CEST | 49707 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:36.697316885 CEST | 22781 | 49707 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:36.697484970 CEST | 49707 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:36.815943956 CEST | 49707 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:36.824618101 CEST | 22781 | 49707 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:37.310111046 CEST | 22781 | 49707 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:37.310301065 CEST | 49707 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:46.343274117 CEST | 49707 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:46.344312906 CEST | 49712 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:46.348234892 CEST | 22781 | 49707 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:46.349278927 CEST | 22781 | 49712 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:46.349350929 CEST | 49712 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:46.368906021 CEST | 49712 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:46.374063969 CEST | 22781 | 49712 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:47.063462973 CEST | 22781 | 49712 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:47.063566923 CEST | 49712 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:53.061878920 CEST | 49712 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:53.062823057 CEST | 49754 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:53.066788912 CEST | 22781 | 49712 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:53.067640066 CEST | 22781 | 49754 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:53.067712069 CEST | 49754 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:53.091876030 CEST | 49754 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:14:53.096684933 CEST | 22781 | 49754 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:53.661736965 CEST | 22781 | 49754 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:14:53.664793968 CEST | 49754 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:01.015125036 CEST | 49754 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:01.016333103 CEST | 49801 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:01.019990921 CEST | 22781 | 49754 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:01.021215916 CEST | 22781 | 49801 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:01.021313906 CEST | 49801 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:01.039937973 CEST | 49801 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:01.044819117 CEST | 22781 | 49801 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:01.617418051 CEST | 22781 | 49801 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:01.617556095 CEST | 49801 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:07.905783892 CEST | 49801 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:07.908209085 CEST | 49839 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:07.910633087 CEST | 22781 | 49801 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:07.913065910 CEST | 22781 | 49839 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:07.913146019 CEST | 49839 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:07.932156086 CEST | 49839 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:07.938252926 CEST | 22781 | 49839 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:08.506584883 CEST | 22781 | 49839 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:08.506680012 CEST | 49839 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:15.780467033 CEST | 49839 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:15.781683922 CEST | 49885 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:15.785309076 CEST | 22781 | 49839 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:15.786535025 CEST | 22781 | 49885 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:15.786623955 CEST | 49885 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:15.803605080 CEST | 49885 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:15.808482885 CEST | 22781 | 49885 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:16.418009996 CEST | 22781 | 49885 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:16.418375969 CEST | 49885 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:25.421592951 CEST | 49885 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:25.422379971 CEST | 49940 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:25.426450014 CEST | 22781 | 49885 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:25.427145958 CEST | 22781 | 49940 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:25.427234888 CEST | 49940 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:25.445152044 CEST | 49940 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:25.449956894 CEST | 22781 | 49940 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:26.016355038 CEST | 22781 | 49940 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:26.016439915 CEST | 49940 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:31.124293089 CEST | 49940 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:31.128170967 CEST | 49969 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:31.129163980 CEST | 22781 | 49940 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:31.133265972 CEST | 22781 | 49969 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:31.133357048 CEST | 49969 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:31.179600000 CEST | 49969 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:31.185365915 CEST | 22781 | 49969 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:31.733128071 CEST | 22781 | 49969 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:31.733242989 CEST | 49969 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:38.405497074 CEST | 49969 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:38.407816887 CEST | 49988 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:38.414104939 CEST | 22781 | 49969 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:38.415189028 CEST | 22781 | 49988 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:38.420782089 CEST | 49988 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:38.438407898 CEST | 49988 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:38.444690943 CEST | 22781 | 49988 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:39.041681051 CEST | 22781 | 49988 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:39.044807911 CEST | 49988 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:44.356978893 CEST | 49988 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:44.359977961 CEST | 49989 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:44.362045050 CEST | 22781 | 49988 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:44.365130901 CEST | 22781 | 49989 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:44.365207911 CEST | 49989 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:44.636419058 CEST | 49989 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:44.651741028 CEST | 22781 | 49989 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:44.969738960 CEST | 22781 | 49989 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:44.969871044 CEST | 49989 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:53.437117100 CEST | 49989 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:53.439157009 CEST | 49991 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:53.442145109 CEST | 22781 | 49989 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:53.444154978 CEST | 22781 | 49991 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:53.444272995 CEST | 49991 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:53.484209061 CEST | 49991 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:15:53.489444971 CEST | 22781 | 49991 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:54.048615932 CEST | 22781 | 49991 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:15:54.048775911 CEST | 49991 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:02.905508995 CEST | 49991 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:02.906759977 CEST | 49992 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:02.910660982 CEST | 22781 | 49991 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:02.911787033 CEST | 22781 | 49992 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:02.911900997 CEST | 49992 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:02.963968992 CEST | 49992 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:02.969211102 CEST | 22781 | 49992 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:03.532654047 CEST | 22781 | 49992 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:03.532751083 CEST | 49992 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:06.796629906 CEST | 49992 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:06.799014091 CEST | 49993 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:06.807024956 CEST | 22781 | 49992 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:06.808754921 CEST | 22781 | 49993 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:06.808976889 CEST | 49993 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:06.982337952 CEST | 49993 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:07.000596046 CEST | 22781 | 49993 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:07.434456110 CEST | 22781 | 49993 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:07.434520960 CEST | 49993 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:11.141573906 CEST | 49993 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:11.144608021 CEST | 49994 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:11.147054911 CEST | 22781 | 49993 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:11.149610043 CEST | 22781 | 49994 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:11.149679899 CEST | 49994 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:11.580806017 CEST | 49994 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:11.588001013 CEST | 22781 | 49994 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:11.763159990 CEST | 22781 | 49994 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:11.763247013 CEST | 49994 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:42.303075075 CEST | 49994 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:42.306780100 CEST | 50006 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:42.308146000 CEST | 22781 | 49994 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:42.312840939 CEST | 22781 | 50006 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:42.312948942 CEST | 50006 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:42.358803988 CEST | 50006 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:42.366482019 CEST | 22781 | 50006 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:42.925292969 CEST | 22781 | 50006 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:42.925364017 CEST | 50006 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:47.452393055 CEST | 50006 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:47.453150034 CEST | 50007 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:47.457622051 CEST | 22781 | 50006 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:47.460371971 CEST | 22781 | 50007 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:47.460481882 CEST | 50007 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:47.478496075 CEST | 50007 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:47.485121012 CEST | 22781 | 50007 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:48.073215961 CEST | 22781 | 50007 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:48.073339939 CEST | 50007 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:56.561638117 CEST | 50007 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:56.562366009 CEST | 50008 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:56.567109108 CEST | 22781 | 50007 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:56.567620993 CEST | 22781 | 50008 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:56.567715883 CEST | 50008 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:56.583858013 CEST | 50008 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:16:56.589842081 CEST | 22781 | 50008 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:57.180321932 CEST | 22781 | 50008 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:16:57.180403948 CEST | 50008 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:03.593190908 CEST | 50008 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:03.594907045 CEST | 50009 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:03.598175049 CEST | 22781 | 50008 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:17:03.600013018 CEST | 22781 | 50009 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:17:03.600141048 CEST | 50009 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:03.623584032 CEST | 50009 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:03.628757000 CEST | 22781 | 50009 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:17:04.208605051 CEST | 22781 | 50009 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:17:04.208681107 CEST | 50009 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:09.436639071 CEST | 50009 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:09.437527895 CEST | 50010 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:09.441684008 CEST | 22781 | 50009 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:17:09.442471981 CEST | 22781 | 50010 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:17:09.442624092 CEST | 50010 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:09.462057114 CEST | 50010 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:09.467220068 CEST | 22781 | 50010 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:17:10.046034098 CEST | 22781 | 50010 | 167.71.56.116 | 192.168.2.5 |
Oct 18, 2024 14:17:10.046114922 CEST | 50010 | 22781 | 192.168.2.5 | 167.71.56.116 |
Oct 18, 2024 14:17:15.227372885 CEST | 50010 | 22781 | 192.168.2.5 | 167.71.56.116 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:14:29 |
Start date: | 18/10/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa00000 |
File size: | 2'121'456 bytes |
MD5 hash: | 09289584ED12A81A0A2A2D6DF31DF6DA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 08:14:29 |
Start date: | 18/10/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x140000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 08:16:16 |
Start date: | 18/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x5f0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 18.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 224 |
Total number of Limit Nodes: | 19 |
Graph
Function 00918390 Relevance: 5.3, Strings: 4, Instructions: 332COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 009156B8 Relevance: .3, Instructions: 281COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00915F88 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00917999 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0091792C Relevance: 1.6, APIs: 1, Instructions: 55COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00910BA0 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00915370 Relevance: .2, Instructions: 238COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|