Edit tour
Windows
Analysis Report
SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe
Overview
General Information
| Sample name: | SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe |
| Analysis ID: | 1538275 |
| MD5: | 020190d9efd22d6802dd276ee65bdc06 |
| SHA1: | 95de68aa282afdc863b440c61a5efcd472430ed5 |
| SHA256: | eee093a0a6fa52d75ee39a29c4bf9dbf835ff8b69ff7a18e06b50a1f3b0f5b88 |
| Tags: | exe |
| Infos: | |
 | |
Detection
| Score: | 60 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to detect sandboxes (foreground window change detection)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Classification
- System is w10x64
SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe (PID: 8028 cmdline: "C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Gen eric.36879 400.484.73 64.exe" MD5: 020190D9EFD22D6802DD276EE65BDC06) 
conhost.exe (PID: 8036 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
WerFault.exe (PID: 7452 cmdline: C:\Windows \system32\ WerFault.e xe -u -p 8 028 -s 524 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Binary or memory string: | memstr_084eee70-f | |
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_00007FF749B5BC40 | |
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00007FF749AF8A50 | |
| Source: | Code function: | 0_2_00007FF749AF8A50 | |
| Source: | Code function: | 0_2_00007FF749AF88F0 | |
| Source: | Code function: | 0_2_00007FF749AD3710 | |
| Source: | Code function: | 0_2_00007FF749B10660 | |
| Source: | Code function: | 0_2_00007FF749AD6690 | |
| Source: | Code function: | 0_2_00007FF749ADED60 | |
| Source: | Code function: | 0_2_00007FF749AD5310 | |
| Source: | Code function: | 0_2_00007FF749AD4C70 | |
| Source: | Code function: | 0_2_00007FF749AD6690 | |
| Source: | Code function: | 0_2_00007FF749B0EB00 | |
| Source: | Code function: | 0_2_00007FF749B18AD0 | |
| Source: | Code function: | 0_2_00007FF749B20280 | |
| Source: | Code function: | 0_2_00007FF749AC9A90 | |
| Source: | Code function: | 0_2_00007FF749B31220 | |
| Source: | Code function: | 0_2_00007FF749B0D230 | |
| Source: | Code function: | 0_2_00007FF749AC2A60 | |
| Source: | Code function: | 0_2_00007FF749AF61C0 | |
| Source: | Code function: | 0_2_00007FF749B3CA10 | |
| Source: | Code function: | 0_2_00007FF749AEB210 | |
| Source: | Code function: | 0_2_00007FF749B0B9A0 | |
| Source: | Code function: | 0_2_00007FF749AF3140 | |
| Source: | Code function: | 0_2_00007FF749B12980 | |
| Source: | Code function: | 0_2_00007FF749B03120 | |
| Source: | Code function: | 0_2_00007FF749AEF120 | |
| Source: | Code function: | 0_2_00007FF749B004D0 | |
| Source: | Code function: | 0_2_00007FF749AC24C0 | |
| Source: | Code function: | 0_2_00007FF749AFDCA0 | |
| Source: | Code function: | 0_2_00007FF749B14CB0 | |
| Source: | Code function: | 0_2_00007FF749B0ECD0 | |
| Source: | Code function: | 0_2_00007FF749B16C70 | |
| Source: | Code function: | 0_2_00007FF749AC5430 | |
| Source: | Code function: | 0_2_00007FF749AE5420 | |
| Source: | Code function: | 0_2_00007FF749AE4470 | |
| Source: | Code function: | 0_2_00007FF749AE43D0 | |
| Source: | Code function: | 0_2_00007FF749B213F0 | |
| Source: | Code function: | 0_2_00007FF749AFCC00 | |
| Source: | Code function: | 0_2_00007FF749B01320 | |
| Source: | Code function: | 0_2_00007FF749B13B90 | |
| Source: | Code function: | 0_2_00007FF749AC1390 | |
| Source: | Code function: | 0_2_00007FF749B0F700 | |
| Source: | Code function: | 0_2_00007FF749B2A6A0 | |
| Source: | Code function: | 0_2_00007FF749B5EEA0 | |
| Source: | Code function: | 0_2_00007FF749B0AEB0 | |
| Source: | Code function: | 0_2_00007FF749AE96F0 | |
| Source: | Code function: | 0_2_00007FF749B10660 | |
| Source: | Code function: | 0_2_00007FF749AF0620 | |
| Source: | Code function: | 0_2_00007FF749B015B0 | |
| Source: | Code function: | 0_2_00007FF749B2EDA0 | |
| Source: | Code function: | 0_2_00007FF749B5C5C0 | |
| Source: | Code function: | 0_2_00007FF749AFB520 | |
| Source: | Code function: | 0_2_00007FF749B51540 | |
| Source: | Code function: | 0_2_00007FF749B13110 | |
| Source: | Code function: | 0_2_00007FF749B230B0 | |
| Source: | Code function: | 0_2_00007FF749B098B0 | |
| Source: | Code function: | 0_2_00007FF749AFF0F0 | |
| Source: | Code function: | 0_2_00007FF749B340C0 | |
| Source: | Code function: | 0_2_00007FF749ACA050 | |
| Source: | Code function: | 0_2_00007FF749B18080 | |
| Source: | Code function: | 0_2_00007FF749B01090 | |
| Source: | Code function: | 0_2_00007FF749ACB060 | |
| Source: | Code function: | 0_2_00007FF749B0FFEE | |
| Source: | Code function: | 0_2_00007FF749B10010 | |
| Source: | Code function: | 0_2_00007FF749B407B0 | |
| Source: | Code function: | 0_2_00007FF749B2B7D0 | |
| Source: | Code function: | 0_2_00007FF749AFF730 | |
| Source: | Code function: | 0_2_00007FF749B25790 | |
| Source: | Code function: | 0_2_00007FF749B50720 | |
| Source: | Code function: | 0_2_00007FF749B07770 | |
| Source: | Code function: | 0_2_00007FF749AFFF70 | |
| Source: | Code function: | ||
| Source: | Process created: | ||
| Source: | Binary string: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00007FF749ADED60 | |
| Source: | Code function: | 0_2_00007FF749AD5310 | |
| Source: | Code function: | 0_2_00007FF749ADECC0 | |
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | String found in binary or memory: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00007FF749B0FD00 | |
| Source: | Code function: | 0_2_00007FF749ADECC0 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00007FF749AD6690 | |
| Source: | API coverage: | ||
| Source: | Last function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF749BEFD38 | |
| Source: | Code function: | 0_2_00007FF749BEFD38 | |
| Source: | Code function: | 0_2_00007FF749B0FD00 | |
| Source: | Code function: | 0_2_00007FF749B3B3B0 | |
| Source: | Code function: | 0_2_00007FF749BEF6B0 | |
| Source: | Code function: | 0_2_00007FF749BEEC78 | |
| Source: | Code function: | 0_2_00007FF749BEFBB0 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00007FF749B5BC40 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 12 Windows Service | 12 Windows Service | 1 Virtualization/Sandbox Evasion | 21 Input Capture | 1 System Time Discovery | Remote Services | 21 Input Capture | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 12 Service Execution | 1 DLL Side-Loading | 1 Process Injection | 1 Process Injection | LSASS Memory | 161 Security Software Discovery | Remote Desktop Protocol | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 1 Native API | Logon Script (Windows) | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 3 Clipboard Data | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 58% | ReversingLabs | Win64.Trojan.Lazy | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| keyauth.win | 104.26.1.5 | true | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.1.5 | keyauth.win | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1538275 |
| Start date and time: | 2024-10-20 23:30:08 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 5s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Run with higher sleep bypass |
| Number of analysed new started processes analysed: | 11 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe |
| Detection: | MAL |
| Classification: | mal60.evad.winEXE@3/6@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.168.117.173
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.1.5 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| keyauth.win | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_11703222d651f7cb7eac8e334cfee763df7c3275_d61f64e4_199d474c-6afe-436b-9761-545eb6cdaf81\Report.wer
Download File
| Process: | C:\Windows\System32\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 1.040757212596145 |
| Encrypted: | false |
| SSDEEP: | 96:s+Feynd92skh4GhiXSKQXIDcQtc6ocE2cw3Gwz+HbHg/8BRTf3o8Fa94OyYUaFQ/:70U2D0jssCwwjoLbdzuiFwZ24lO85 |
| MD5: | CC3C87E991A3FC885F354D08D9A35101 |
| SHA1: | 0BE2C89F7F7BB658145008E21747EA0A9EFE1A4E |
| SHA-256: | 74B6861E7D51FBF555A5E46158DCBDA3912422DC588EE907B54B5D1109EA4826 |
| SHA-512: | 73F6E08A6AB986D5D505AAC4D4373D408EB73E460B4A77B841966DC1D84DF9D1EF4BB91360A4168E9DAC415BECB88F03E8F00045F7762525C7170E87F18461A6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\System32\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 190474 |
| Entropy (8bit): | 1.396155204357573 |
| Encrypted: | false |
| SSDEEP: | 384:fYUz1H/PBMm1BpyKL8cxzOlWQz8r66WFr/:f3x/PBMmvpyKL8B8r8 |
| MD5: | A07E49A74BFE741618A98FA547EC0B03 |
| SHA1: | B216AFCA1A7920332D850430E94F7A5CF15E826B |
| SHA-256: | 405934D9FDB5128ED8579E6FA64653AF51EB57D4743B5A5D838D961D6D9BB27D |
| SHA-512: | 19F9D4B1B31A51D36FF4C776353FD550750B17AEC16743B27A93B41C5F88A99630CE3FC1423ECE0E74643D2D5A9C186546790AF4F9D1161348722ED108892A6C |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\System32\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8978 |
| Entropy (8bit): | 3.6992500119131906 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJqqwL6YWLqGlgmfZJFFwppD3q89bvuz5+fuFm:R6lXJf86YaqGlgmfZb4vq5+fN |
| MD5: | 7E74288269E27EB78F854994B8346030 |
| SHA1: | 806DDD0323E814C06AD0AA20776A93168EB77F90 |
| SHA-256: | 715639152DCEFB25A67C218FB6E0B214D5E8D158B352B6942525C6C941FE00FB |
| SHA-512: | F4D00CCDA912AB21FB70F5F43A59CDF880E747DA4DA002BF75472ED5426F02931B98AD9630E3746A5F0B80AEDA0F52BB2C31A699A7E40616ABC33937FB44DCD4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\System32\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4961 |
| Entropy (8bit): | 4.526447645870927 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zseJg771I9hmWpW8VY4iYm8M4JfJsF6Msyq8vlJ0PLLEE+LAd:uIjfUI7yn7VBLJZMsWI3EE+LAd |
| MD5: | 47EFFBB66CB6D9A7C321D8E551463831 |
| SHA1: | 6949F14B4349884BFAC38F373ADB4721BC85DF81 |
| SHA-256: | E0B3152ECDC3201C305200FE6F7F16BEE0EE7DFC85EF8B012A2B8821CCBE2F76 |
| SHA-512: | DF92E887092DE1A36E5683A107A9B0F3B4C894BF3529F0871A3E357D13294B5451A82100CEEAE71548421D10662A4A9AE7849B6F0D22EAF74D921A6DF67DA9CE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\System32\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.295934138749564 |
| Encrypted: | false |
| SSDEEP: | 6144:p41fWRYkg7Di2vXoy00lWZgiWaaKxC44Q0NbuDs++YmBMZJh1Vj8:+1/YCW2AoQ0NicYwMHrVI |
| MD5: | 84D9A5D5D15A024C83A268F12E3DC20A |
| SHA1: | 3CEBBB2AAF8D00B4DFE07594C78671670A8305BF |
| SHA-256: | 4B45F7329AAE11D298207DA115CA61CEBB6B34D4E06B1955827E906AC1C199E8 |
| SHA-512: | 0A68AF30078490D986DF57E61C8E6F7B2FF347C10963E3F113086B47D25C7C6DA80690F9AE64013C13D68178625F5070909D4C9D723071F3C581468F09FC1688 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 208 |
| Entropy (8bit): | 2.4305258110308814 |
| Encrypted: | false |
| SSDEEP: | 3:rRRqmIEaGj3F/9Dqa+I4AuGLXmuLx:H041lVuGLWm |
| MD5: | FC51E3860D2A83AD586811F10DFB46C0 |
| SHA1: | 14CCE86E0918FA8ED1191D7D7425E44F0EF4138D |
| SHA-256: | 0B1E88DE9B81FA2187463C8465A4C5863402A66AD134CE7CC46E5970FD759BEA |
| SHA-512: | EFBC52214A547A11EBD8A751EE50CBC1315959A1145538439AF98BB0D4E718ABFB84AB02397386890FC36AC9262C5B3A1A608A85A072F943EDD01C61D61B4026 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.675898394290311 |
| TrID: |
|
| File name: | SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe |
| File size: | 1'972'224 bytes |
| MD5: | 020190d9efd22d6802dd276ee65bdc06 |
| SHA1: | 95de68aa282afdc863b440c61a5efcd472430ed5 |
| SHA256: | eee093a0a6fa52d75ee39a29c4bf9dbf835ff8b69ff7a18e06b50a1f3b0f5b88 |
| SHA512: | e57f3190a38ae6fd2aa2c10ac9142cfb39cfee51552fa2542ee85145c74b4b75e39fbd0b27b4f83abcd658de634fba8a2b41e6e874970355c777144e0e83115e |
| SSDEEP: | 49152:vCaRTQ7ZaNdbb6oFPg5F5r7gmohnnFsLm:KaRTQgTgb5fm |
| TLSH: | 4995BF43A3A542ECC16791388257D707E77274061B109BCB67E84AA96F63BE12F7F390 |
| File Content Preview: | MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......8...|...|...|...u.D.j...z&*.u...z&..v...z&..x...z&..Z...z&..z.......f...............~.......~...7...Y...|...^....&..v....&(.}.. |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x14012f47c |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows cui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x670DCAAB [Tue Oct 15 01:51:39 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 36df9176191cadc47b96522ce524f4bc |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| call 00007F6B84BB68A0h |
| dec eax |
| add esp, 28h |
| jmp 00007F6B84BB5FE7h |
| int3 |
| int3 |
| dec eax |
| sub esp, 28h |
| dec ebp |
| mov eax, dword ptr [ecx+38h] |
| dec eax |
| mov ecx, edx |
| dec ecx |
| mov edx, ecx |
| call 00007F6B84BB6182h |
| mov eax, 00000001h |
| dec eax |
| add esp, 28h |
| ret |
| int3 |
| int3 |
| int3 |
| inc eax |
| push ebx |
| inc ebp |
| mov ebx, dword ptr [eax] |
| dec eax |
| mov ebx, edx |
| inc ecx |
| and ebx, FFFFFFF8h |
| dec esp |
| mov ecx, ecx |
| inc ecx |
| test byte ptr [eax], 00000004h |
| dec esp |
| mov edx, ecx |
| je 00007F6B84BB6185h |
| inc ecx |
| mov eax, dword ptr [eax+08h] |
| dec ebp |
| arpl word ptr [eax+04h], dx |
| neg eax |
| dec esp |
| add edx, ecx |
| dec eax |
| arpl ax, cx |
| dec esp |
| and edx, ecx |
| dec ecx |
| arpl bx, ax |
| dec edx |
| mov edx, dword ptr [eax+edx] |
| dec eax |
| mov eax, dword ptr [ebx+10h] |
| mov ecx, dword ptr [eax+08h] |
| dec eax |
| mov eax, dword ptr [ebx+08h] |
| test byte ptr [ecx+eax+03h], 0000000Fh |
| je 00007F6B84BB617Dh |
| movzx eax, byte ptr [ecx+eax+03h] |
| and eax, FFFFFFF0h |
| dec esp |
| add ecx, eax |
| dec esp |
| xor ecx, edx |
| dec ecx |
| mov ecx, ecx |
| pop ebx |
| jmp 00007F6B84BB620Ah |
| int3 |
| dec eax |
| mov eax, esp |
| dec eax |
| mov dword ptr [eax+08h], ebx |
| dec eax |
| mov dword ptr [eax+10h], ebp |
| dec eax |
| mov dword ptr [eax+18h], esi |
| dec eax |
| mov dword ptr [eax+20h], edi |
| inc ecx |
| push esi |
| dec eax |
| sub esp, 20h |
| dec ecx |
| mov ebx, dword ptr [ecx+38h] |
| dec eax |
| mov esi, edx |
| dec ebp |
| mov esi, eax |
| dec eax |
| mov ebp, ecx |
| dec ecx |
| mov edx, ecx |
| dec eax |
| mov ecx, esi |
| dec ecx |
| mov edi, ecx |
| dec esp |
| lea eax, dword ptr [ebx+04h] |
| call 00007F6B84BB60E1h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x17b0e8 | 0x258 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1e4000 | 0x1e8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x1d6000 | 0xd29c | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1e5000 | 0x13c0 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x166380 | 0x70 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x166400 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x166240 | 0x140 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x133000 | 0xe48 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x1314f0 | 0x131600 | 6dc2eedac3dafd2dd2b047277ea494b4 | False | 0.5417943166700778 | data | 6.497397183756386 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x133000 | 0x4b910 | 0x4ba00 | 3d4496e5280b114d37fd9f2d3d295c9d | False | 0.4512428977272727 | data | 6.240530533087005 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x17f000 | 0x56c28 | 0x55a00 | f583970018bcffebc3544f435d27c87c | False | 0.4868099908759124 | data | 6.343408364501885 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .pdata | 0x1d6000 | 0xd29c | 0xd400 | 1211a2861dc79cf0217410f7583d3455 | False | 0.4769494398584906 | data | 6.17972589976873 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x1e4000 | 0x1e8 | 0x200 | 6c94243ac11a20caa150e2383dfc7606 | False | 0.541015625 | data | 4.772037401703051 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x1e5000 | 0x13c0 | 0x1400 | bc9ec2dfcd6eb2761e4d0798ae08b114 | False | 0.4150390625 | data | 5.4086836016311475 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_MANIFEST | 0x1e4060 | 0x188 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5892857142857143 |
| DLL | Import |
|---|---|
| d3d11.dll | D3D11CreateDeviceAndSwapChain |
| D3DCOMPILER_47.dll | D3DCompile |
| KERNEL32.dll | ReadFile, PeekNamedPipe, WaitForMultipleObjects, GetFileSizeEx, CreateFileMappingA, GetEnvironmentVariableA, WaitForSingleObjectEx, MoveFileExA, GetTickCount, GetModuleFileNameA, GetModuleHandleW, QueryFullProcessImageNameW, SetLastError, FormatMessageA, LocalFree, EnterCriticalSection, LeaveCriticalSection, QueryPerformanceCounter, VerifyVersionInfoA, ReleaseSRWLockExclusive, CreateFileMappingW, WakeAllConditionVariable, SleepConditionVariableSRW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, IsDebuggerPresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, OutputDebugStringW, FreeLibrary, VerSetConditionMask, GetProcAddress, QueryPerformanceFrequency, LoadLibraryA, GetModuleHandleA, GlobalUnlock, GlobalLock, GlobalFree, GlobalAlloc, GetLastError, GetFileAttributesW, lstrcmpiW, GetConsoleWindow, WideCharToMultiByte, CreateThread, CloseHandle, Process32FirstW, CreateFileA, CreateFileW, HeapDestroy, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, GetFileType, InitializeCriticalSectionEx, DeleteCriticalSection, GetCurrentProcess, MapViewOfFile, Process32NextW, GetSystemDirectoryA, Sleep, MultiByteToWideChar, CreateToolhelp32Snapshot, SetConsoleWindowInfo, TerminateProcess, DeviceIoControl, GetStdHandle, SetConsoleScreenBufferSize, SetConsoleTitleA, SetConsoleTextAttribute, VirtualProtect, AcquireSRWLockExclusive, SleepEx, UnmapViewOfFile |
| USER32.dll | SetCursor, SetCursorPos, OpenClipboard, ScreenToClient, GetCursorPos, CloseClipboard, UpdateWindow, FindWindowA, GetClientRect, FindWindowW, TranslateMessage, SetLayeredWindowAttributes, GetForegroundWindow, PeekMessageW, ClientToScreen, DispatchMessageW, LoadCursorW, GetAsyncKeyState, ShowWindow, EmptyClipboard, GetClipboardData, SetClipboardData, GetKeyState, GetWindow, DestroyWindow, SetWindowPos, SetWindowLongPtrW, GetSystemMetrics, GetWindowLongPtrW, MessageBoxA |
| ADVAPI32.dll | ControlService, StartServiceW, DeleteService, OpenSCManagerW, CloseServiceHandle, QueryServiceStatus, CreateServiceW, OpenProcessToken, AddAccessAllowedAce, GetLengthSid, GetTokenInformation, InitializeAcl, IsValidSid, SetSecurityInfo, CopySid, CryptEncrypt, CryptImportKey, CryptDestroyKey, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGenRandom, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextA, ConvertSidToStringSidA, OpenServiceW |
| MSVCP140.dll | ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z, ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ, ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ, ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z, ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z, ?always_noconv@codecvt_base@std@@QEBA_NXZ, ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z, ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ, ?_Incref@facet@locale@std@@UEAAXXZ, ??Bid@locale@std@@QEAA_KXZ, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z, ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z, ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z, ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z, ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z, ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, _Mtx_unlock, _Thrd_join, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ, _Xtime_get_ticks, _Query_perf_counter, _Thrd_id, _Thrd_sleep, _Cnd_do_broadcast_at_thread_exit, _Mtx_init_in_situ, _Mtx_lock, _Mtx_destroy_in_situ, ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A, ?_Xlength_error@std@@YAXPEBD@Z, ?id@?$ctype@D@std@@2V0locale@2@A, ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z, ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z, ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A, ?_Xbad_function_call@std@@YAXXZ, ?_Xout_of_range@std@@YAXPEBD@Z, ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A, _Query_perf_frequency, ??1_Lockit@std@@QEAA@XZ, ??0_Lockit@std@@QEAA@H@Z, ?_Throw_Cpp_error@std@@YAXH@Z, ?uncaught_exceptions@std@@YAHXZ, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z, ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ, ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z |
| dwmapi.dll | DwmExtendFrameIntoClientArea |
| WINHTTP.dll | WinHttpSendRequest, WinHttpCloseHandle, WinHttpOpenRequest, WinHttpOpen, WinHttpReceiveResponse, WinHttpConnect, WinHttpQueryOption |
| CRYPT32.dll | CertCreateCertificateChainEngine, CryptQueryObject, CertGetNameStringA, CertFindExtension, CertAddCertificateContextToStore, CryptDecodeObjectEx, PFXImportCertStore, CertFreeCertificateChainEngine, CryptStringToBinaryA, CertFindCertificateInStore, CertEnumCertificatesInStore, CertCloseStore, CertOpenStore, CertGetCertificateChain, CertGetCertificateContextProperty, CertFreeCertificateChain, CertFreeCertificateContext |
| IMM32.dll | ImmReleaseContext, ImmSetCompositionWindow, ImmGetContext, ImmSetCandidateWindow |
| Normaliz.dll | IdnToAscii |
| WLDAP32.dll | |
| WS2_32.dll | ntohs, ntohl, closesocket, gethostname, sendto, recvfrom, freeaddrinfo, recv, send, WSAGetLastError, getaddrinfo, select, __WSAFDIsSet, ioctlsocket, listen, htonl, bind, WSACleanup, WSAStartup, WSAIoctl, WSASetLastError, connect, socket, setsockopt, accept, htons, getsockopt, getsockname, getpeername |
| RPCRT4.dll | UuidCreate, UuidToStringA, RpcStringFreeA |
| PSAPI.DLL | GetModuleInformation |
| USERENV.dll | UnloadUserProfile |
| VCRUNTIME140_1.dll | __CxxFrameHandler4 |
| VCRUNTIME140.dll | __current_exception_context, __current_exception, longjmp, strrchr, strchr, memset, memmove, __intrinsic_setjmp, memcmp, memchr, _CxxThrowException, strstr, __std_terminate, __std_exception_copy, __std_exception_destroy, memcpy, __C_specific_handler |
| api-ms-win-crt-runtime-l1-1-0.dll | exit, _invalid_parameter_noinfo, strerror, __sys_nerr, _resetstkoflw, _errno, terminate, system, _beginthreadex, _getpid, _register_thread_local_exe_atexit_callback, _c_exit, __p___argv, __p___argc, _exit, _initterm_e, _initterm, _get_initial_narrow_environment, _set_app_type, _seh_filter_exe, _cexit, _crt_atexit, _register_onexit_function, _initialize_onexit_table, _initialize_narrow_environment, _configure_narrow_argv, _invalid_parameter_noinfo_noreturn |
| api-ms-win-crt-stdio-l1-1-0.dll | __stdio_common_vsprintf_s, fgetc, __p__commode, _lseeki64, __stdio_common_vfprintf, _read, fputc, fwrite, feof, fputs, fopen, _close, _open, __stdio_common_vsprintf, _write, fclose, _popen, _pclose, fgets, fgetpos, setvbuf, __stdio_common_vsscanf, _wfopen, ungetc, fflush, fseek, ftell, _get_stream_buffer_pointers, _set_fmode, _fseeki64, fread, fsetpos, __acrt_iob_func |
| api-ms-win-crt-heap-l1-1-0.dll | calloc, _callnewh, realloc, free, malloc, _set_new_mode |
| api-ms-win-crt-math-l1-1-0.dll | asinf, atanf, ceilf, acosf, _dclass, cosf, fmodf, tanf, cos, powf, sin, sinf, sqrtf, __setusermatherr |
| api-ms-win-crt-string-l1-1-0.dll | strncmp, _strdup, tolower, strpbrk, isupper, strcmp, strcspn, strspn, strncpy |
| api-ms-win-crt-convert-l1-1-0.dll | atoi, atof, strtoll, strtod, strtoul, strtol, strtoull |
| api-ms-win-crt-utility-l1-1-0.dll | qsort, rand |
| api-ms-win-crt-filesystem-l1-1-0.dll | _unlink, _stat64, _fstat64, _lock_file, _access, _unlock_file |
| api-ms-win-crt-locale-l1-1-0.dll | _configthreadlocale, localeconv |
| api-ms-win-crt-time-l1-1-0.dll | _time64, _gmtime64 |
| SHELL32.dll | ShellExecuteA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 20, 2024 23:31:02.029261112 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:02.029299974 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:02.029370070 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:02.031291962 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:02.031312943 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:02.798646927 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:02.798722029 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:02.810987949 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:02.811001062 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:02.811367989 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:02.860141039 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:03.168152094 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:03.215400934 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.340550900 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.340601921 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.340637922 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.340671062 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.340717077 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.340738058 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:03.340753078 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.340783119 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.340790033 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:03.340811968 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:03.340816975 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.341413021 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.341468096 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:03.341475010 CEST | 443 | 49703 | 104.26.1.5 | 192.168.2.10 |
| Oct 20, 2024 23:31:03.341515064 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Oct 20, 2024 23:31:03.354849100 CEST | 49703 | 443 | 192.168.2.10 | 104.26.1.5 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 20, 2024 23:31:02.004791021 CEST | 55441 | 53 | 192.168.2.10 | 1.1.1.1 |
| Oct 20, 2024 23:31:02.012037039 CEST | 53 | 55441 | 1.1.1.1 | 192.168.2.10 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 20, 2024 23:31:02.004791021 CEST | 192.168.2.10 | 1.1.1.1 | 0x68 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 20, 2024 23:31:02.012037039 CEST | 1.1.1.1 | 192.168.2.10 | 0x68 | No error (0) | 104.26.1.5 | A (IP address) | IN (0x0001) | false | ||
| Oct 20, 2024 23:31:02.012037039 CEST | 1.1.1.1 | 192.168.2.10 | 0x68 | No error (0) | 104.26.0.5 | A (IP address) | IN (0x0001) | false | ||
| Oct 20, 2024 23:31:02.012037039 CEST | 1.1.1.1 | 192.168.2.10 | 0x68 | No error (0) | 172.67.72.57 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.10 | 49703 | 104.26.1.5 | 443 | 8028 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-20 21:31:03 UTC | 95 | OUT | |
| 2024-10-20 21:31:03 UTC | 1135 | IN | |
| 2024-10-20 21:31:03 UTC | 234 | IN | |
| 2024-10-20 21:31:03 UTC | 1369 | IN | |
| 2024-10-20 21:31:03 UTC | 1369 | IN | |
| 2024-10-20 21:31:03 UTC | 1369 | IN | |
| 2024-10-20 21:31:03 UTC | 1369 | IN | |
| 2024-10-20 21:31:03 UTC | 1369 | IN | |
| 2024-10-20 21:31:03 UTC | 1369 | IN | |
| 2024-10-20 21:31:03 UTC | 1369 | IN | |
| 2024-10-20 21:31:03 UTC | 1369 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 17:31:00 |
| Start date: | 20/10/2024 |
| Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Generic.36879400.484.7364.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff749ac0000 |
| File size: | 1'972'224 bytes |
| MD5 hash: | 020190D9EFD22D6802DD276EE65BDC06 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 17:31:00 |
| Start date: | 20/10/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff620390000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 17:31:02 |
| Start date: | 20/10/2024 |
| Path: | C:\Windows\System32\WerFault.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff69ad40000 |
| File size: | 570'736 bytes |
| MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 1.8% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 38.7% |
| Total number of Nodes: | 346 |
| Total number of Limit Nodes: | 16 |
Graph
Function 00007FF749AD6690 Relevance: 163.6, APIs: 75, Strings: 18, Instructions: 804sleepprocessfileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AD5310 Relevance: 77.5, APIs: 3, Strings: 41, Instructions: 502processCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AD4C70 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 257encryptionCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749BEEC78 Relevance: 4.6, APIs: 3, Instructions: 127COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AD5100 Relevance: 87.6, APIs: 7, Strings: 43, Instructions: 125COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B31220 Relevance: 58.7, APIs: 21, Strings: 12, Instructions: 908windowthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B407B0 Relevance: 58.5, APIs: 14, Strings: 19, Instructions: 794stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AE5420 Relevance: 48.3, APIs: 15, Strings: 12, Instructions: 1085fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AC2A60 Relevance: 45.1, APIs: 1, Strings: 28, Instructions: 1600COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ADED60 Relevance: 42.1, APIs: 22, Strings: 2, Instructions: 130servicesleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B50720 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 191libraryloadernetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ACB060 Relevance: 37.9, APIs: 2, Strings: 18, Instructions: 2907sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B2A6A0 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 483COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B2B7D0 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 472COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AD3710 Relevance: 29.8, APIs: 8, Strings: 9, Instructions: 97windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B2EDA0 Relevance: 28.4, APIs: 13, Strings: 3, Instructions: 358COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B0FD00 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 96libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B5BC40 Relevance: 24.1, APIs: 16, Instructions: 127networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B07770 Relevance: 23.7, APIs: 12, Strings: 1, Instructions: 901COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B0F700 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 267COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B20280 Relevance: 20.5, APIs: 1, Strings: 12, Instructions: 962COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B5EEA0 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 422stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B10660 Relevance: 16.7, APIs: 11, Instructions: 192keyboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AF8A50 Relevance: 15.0, APIs: 10, Instructions: 50clipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AF88F0 Relevance: 13.6, APIs: 9, Instructions: 96clipboardCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B340C0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 399COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ADECC0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44serviceCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B213F0 Relevance: 10.3, APIs: 2, Strings: 4, Instructions: 1329COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749BEFD38 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AF0620 Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 356COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749BEFBB0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B13B90 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 601COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AC9A90 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 328COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ACA050 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 328COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B12980 Relevance: .5, Instructions: 493COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B51540 Relevance: .5, Instructions: 462COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B015B0 Relevance: .4, Instructions: 438COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B10010 Relevance: .4, Instructions: 430COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B18080 Relevance: .4, Instructions: 421COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B0FFEE Relevance: .4, Instructions: 407COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AEF120 Relevance: .4, Instructions: 399COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AFF0F0 Relevance: .4, Instructions: 367COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B25790 Relevance: .4, Instructions: 361COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B14CB0 Relevance: .3, Instructions: 292COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AF3140 Relevance: .3, Instructions: 272COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AF61C0 Relevance: .3, Instructions: 270COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AFDCA0 Relevance: .2, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AFB520 Relevance: .2, Instructions: 179COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B0EB00 Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B0D230 Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AE4470 Relevance: .1, Instructions: 104COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AE43D0 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AD6100 Relevance: 47.3, APIs: 21, Strings: 6, Instructions: 88processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ADE930 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 207COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B3B7E0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 284COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AD62C0 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 204sleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B348D0 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 361COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B421B0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 154COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B50400 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128librarystringloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B2F370 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 282COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ACAF60 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ADF1D0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 488COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B33880 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 335COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AD3B70 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B34E50 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 217COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B41E30 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 161fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B301D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 131processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B5CE20 Relevance: 10.7, APIs: 7, Instructions: 242sleepnetworkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B3C1B0 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 217stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B35190 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 209COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B5EAE0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 165stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AD8A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AF8B20 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B15D90 Relevance: 9.4, APIs: 1, Strings: 5, Instructions: 405COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AEDA20 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 280COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B087C0 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 263COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AE3040 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 230COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AE3D30 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 227COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B32750 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 219COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AC2890 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 113threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B288B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ADC720 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B235C0 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 206COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B5C970 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 206COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ACAC90 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 175COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B4D8A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B79520 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B0C980 Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 403COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AE0300 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 85COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AF9A50 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 39COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AF9CB0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AFA0B0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AF9800 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AF9E60 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AEA630 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 424COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ACE270 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 278COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749B15AE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749ACAA80 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AE1370 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00007FF749AC2140 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|