Windows
Analysis Report
TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe
Overview
General Information
Sample name: | TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exerenamed because original name is a hash value |
Original sample name: | TEKLF STE - TUSA TRK HAVACILIK UZAY SANAY_xlsx.exe |
Analysis ID: | 1576047 |
MD5: | e984d47ddddd227739d93d4712eec8fa |
SHA1: | c10c8fbb4afc6d0ec5754ee95cfd4b3e4df4b3f8 |
SHA256: | 1349316e7a40b141bed9b55a8271d86434e168ff6efd248c1fa5af4e05c1c248 |
Tags: | exegeoMassLoggerTURuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe (PID: 2216 cmdline:
"C:\Users\ user\Deskt op\TEKL#U0 130F #U013 0STE#U011e #U0130 - T USA#U015e T#U00dcRK HAVACILIK UZAY SANAY #U0130#U01 30_xlsx.ex e" MD5: E984D47DDDDD227739D93D4712EEC8FA) - RegSvcs.exe (PID: 4780 cmdline:
"C:\Users\ user\Deskt op\TEKL#U0 130F #U013 0STE#U011e #U0130 - T USA#U015e T#U00dcRK HAVACILIK UZAY SANAY #U0130#U01 30_xlsx.ex e" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Email ID": "royals@htcp.homes", "Password": "7213575aceACE@@", "Host": "mail.htcp.homes", "Port": "587", "Version": "4.4"}
{"Exfil Mode": "SMTP", "Username": "royals@htcp.homes", "Password": "7213575aceACE@@", "Host": "mail.htcp.homes", "Port": "587", "Version": "4.4"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Click to see the 16 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_VIPKeylogger | Yara detected VIP Keylogger | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
Click to see the 15 entries |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-16T13:37:12.992245+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.8 | 49707 | 104.21.67.152 | 443 | TCP |
2024-12-16T13:37:15.900329+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.8 | 49709 | 104.21.67.152 | 443 | TCP |
2024-12-16T13:37:27.957196+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.8 | 49721 | 104.21.67.152 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-16T13:37:08.701345+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49705 | 193.122.130.0 | 80 | TCP |
2024-12-16T13:37:11.373100+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49705 | 193.122.130.0 | 80 | TCP |
2024-12-16T13:37:14.279449+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.8 | 49708 | 193.122.130.0 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0100445A | |
Source: | Code function: | 0_2_0100C75C | |
Source: | Code function: | 0_2_0100C6D1 | |
Source: | Code function: | 0_2_0100EF95 | |
Source: | Code function: | 0_2_0100F0F2 | |
Source: | Code function: | 0_2_0100F3F3 | |
Source: | Code function: | 0_2_010037EF | |
Source: | Code function: | 0_2_01003B12 | |
Source: | Code function: | 0_2_0100BCBC |
Source: | Code function: | 2_2_0247F644 | |
Source: | Code function: | 2_2_0247FA88 |
Networking |
---|
Source: | DNS query: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_010122EE |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: |
Source: | .Net Code: |
Source: | Code function: | 0_2_01014164 |
Source: | Code function: | 0_2_01014164 |
Source: | Code function: | 0_2_01013F66 |
Source: | Code function: | 0_2_0100001C |
Source: | Code function: | 0_2_0102CABC |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00FA3B3A | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_9c41c4a5-8 | |
Source: | String found in binary or memory: | memstr_3407b881-6 | |
Source: | String found in binary or memory: | memstr_92b48fec-3 | |
Source: | String found in binary or memory: | memstr_df0f59d9-d |
Source: | Code function: | 0_2_0100A1EF |
Source: | Code function: | 0_2_00FF8310 |
Source: | Code function: | 0_2_010051BD |
Source: | Code function: | 0_2_00FAE6A0 | |
Source: | Code function: | 0_2_00FCD975 | |
Source: | Code function: | 0_2_00FC21C5 | |
Source: | Code function: | 0_2_00FD62D2 | |
Source: | Code function: | 0_2_010203DA | |
Source: | Code function: | 0_2_00FD242E | |
Source: | Code function: | 0_2_00FC25FA | |
Source: | Code function: | 0_2_00FB66E1 | |
Source: | Code function: | 0_2_00FFE616 | |
Source: | Code function: | 0_2_00FD878F | |
Source: | Code function: | 0_2_00FD6844 | |
Source: | Code function: | 0_2_00FB8808 | |
Source: | Code function: | 0_2_01020857 | |
Source: | Code function: | 0_2_01008889 | |
Source: | Code function: | 0_2_00FCCB21 | |
Source: | Code function: | 0_2_00FD6DB6 | |
Source: | Code function: | 0_2_00FB6F9E | |
Source: | Code function: | 0_2_00FB3030 | |
Source: | Code function: | 0_2_00FCF1D9 | |
Source: | Code function: | 0_2_00FC3187 | |
Source: | Code function: | 0_2_00FA1287 | |
Source: | Code function: | 0_2_00FC1484 | |
Source: | Code function: | 0_2_00FB5520 | |
Source: | Code function: | 0_2_00FC7696 | |
Source: | Code function: | 0_2_00FB5760 | |
Source: | Code function: | 0_2_00FC1978 | |
Source: | Code function: | 0_2_00FD9AB5 | |
Source: | Code function: | 0_2_00FAFCE0 | |
Source: | Code function: | 0_2_01027DDB | |
Source: | Code function: | 0_2_00FCBDA6 | |
Source: | Code function: | 0_2_00FC1D90 | |
Source: | Code function: | 0_2_00FB3FE0 | |
Source: | Code function: | 0_2_00FADF00 | |
Source: | Code function: | 0_2_01261BA8 | |
Source: | Code function: | 2_2_0247D278 | |
Source: | Code function: | 2_2_02475362 | |
Source: | Code function: | 2_2_0247A088 | |
Source: | Code function: | 2_2_0247C146 | |
Source: | Code function: | 2_2_0247C738 | |
Source: | Code function: | 2_2_0247C46C | |
Source: | Code function: | 2_2_0247CA08 | |
Source: | Code function: | 2_2_0247E988 | |
Source: | Code function: | 2_2_024769A0 | |
Source: | Code function: | 2_2_02473E09 | |
Source: | Code function: | 2_2_02476FC8 | |
Source: | Code function: | 2_2_0247CFAA | |
Source: | Code function: | 2_2_0247CCD8 | |
Source: | Code function: | 2_2_0247F644 | |
Source: | Code function: | 2_2_0247FA88 | |
Source: | Code function: | 2_2_02473AA1 | |
Source: | Code function: | 2_2_0247E97A | |
Source: | Code function: | 2_2_024729EC |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_0100A06A |
Source: | Code function: | 0_2_00FF81CB | |
Source: | Code function: | 0_2_00FF87E1 |
Source: | Code function: | 0_2_0100B333 |
Source: | Code function: | 0_2_0101EE0D |
Source: | Code function: | 0_2_0100C397 |
Source: | Code function: | 0_2_00FA4E89 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00FA4B37 |
Source: | Code function: | 0_2_00FC8958 |
Source: | File created: | |||
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00FA48D7 | |
Source: | Code function: | 0_2_01025376 |
Source: | Code function: | 0_2_00FC3187 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | API/Special instruction interceptor: |
Source: | Binary or memory string: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-105884 |
Source: | API coverage: |
Source: | Code function: | 0_2_0100445A | |
Source: | Code function: | 0_2_0100C75C | |
Source: | Code function: | 0_2_0100C6D1 | |
Source: | Code function: | 0_2_0100EF95 | |
Source: | Code function: | 0_2_0100F0F2 | |
Source: | Code function: | 0_2_0100F3F3 | |
Source: | Code function: | 0_2_010037EF | |
Source: | Code function: | 0_2_01003B12 | |
Source: | Code function: | 0_2_0100BCBC |
Source: | Code function: | 0_2_00FA49A0 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-104309 |
Source: | Code function: | 0_2_01013F09 |
Source: | Code function: | 0_2_00FA3B3A |
Source: | Code function: | 0_2_00FD5A7C |
Source: | Code function: | 0_2_00FA4B37 |
Source: | Code function: | 0_2_01260408 | |
Source: | Code function: | 0_2_01261A38 | |
Source: | Code function: | 0_2_01261A98 |
Source: | Code function: | 0_2_00FF80A9 |
Source: | Code function: | 0_2_00FCA155 | |
Source: | Code function: | 0_2_00FCA124 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_00FF87B1 |
Source: | Code function: | 0_2_00FA3B3A |
Source: | Code function: | 0_2_00FA48D7 |
Source: | Code function: | 0_2_01004C27 |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00FF7CAF |
Source: | Code function: | 0_2_00FF874B |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00FC862B |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00FD4E87 |
Source: | Code function: | 0_2_00FE1E06 |
Source: | Code function: | 0_2_00FD3F3A |
Source: | Code function: | 0_2_00FA49A0 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_01016283 | |
Source: | Code function: | 0_2_01016747 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 12 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 2 Valid Accounts | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 121 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 4 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 2 Valid Accounts | 3 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | 1 Screen Capture | 11 Encrypted Channel | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 127 System Information Discovery | Distributed Component Object Model | 1 Email Collection | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 2 Valid Accounts | LSA Secrets | 231 Security Software Discovery | SSH | 121 Input Capture | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 11 Virtualization/Sandbox Evasion | Cached Domain Credentials | 11 Virtualization/Sandbox Evasion | VNC | 3 Clipboard Data | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Access Token Manipulation | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 212 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Win32.Trojan.AutoitInject | ||
100% | Joe Sandbox ML |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 104.21.67.152 | true | false | high | |
api.telegram.org | 149.154.167.220 | true | false | high | |
checkip.dyndns.com | 193.122.130.0 | true | false | high | |
checkip.dyndns.org | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
104.21.67.152 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
193.122.130.0 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1576047 |
Start date and time: | 2024-12-16 13:36:03 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exerenamed because original name is a hash value |
Original Sample Name: | TEKLF STE - TUSA TRK HAVACILIK UZAY SANAY_xlsx.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/2@3/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegSvcs.exe, PID 4780 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe
Time | Type | Description |
---|---|---|
07:37:09 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | GuLoader, MassLogger RAT | Browse | ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
Get hash | malicious | ScreenConnect Tool, Amadey, LummaC Stealer, PureLog Stealer, Vidar, Xmrig | Browse | |||
Get hash | malicious | 77Rootkit, XWorm | Browse | |||
Get hash | malicious | Discord Token Stealer, DotStealer | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | Discord Token Stealer, Millenuim RAT | Browse | |||
Get hash | malicious | Discord Token Stealer, DotStealer | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
104.21.67.152 | Get hash | malicious | GuLoader | Browse | ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
Get hash | malicious | GuLoader, MassLogger RAT | Browse | |||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
Get hash | malicious | MassLogger RAT | Browse | |||
Get hash | malicious | MassLogger RAT | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | Snake Keylogger | Browse | |||
Get hash | malicious | MassLogger RAT | Browse | |||
193.122.130.0 | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc | Browse |
| ||
Get hash | malicious | AsyncRAT, HVNC, PureLog Stealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
checkip.dyndns.com | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
reallyfreegeoip.org | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
api.telegram.org | Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| |
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | 77Rootkit, XWorm | Browse |
| ||
Get hash | malicious | Discord Token Stealer, DotStealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Discord Token Stealer, Millenuim RAT | Browse |
| ||
Get hash | malicious | Discord Token Stealer, DotStealer | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| |
Get hash | malicious | Stealc, Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Cryptbot, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | PureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, Vidar | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | AgentTesla, GuLoader | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Lokibot, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
ORACLE-BMC-31898US | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
Get hash | malicious | AsyncRAT, HVNC, PureLog Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
| ||
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla, GuLoader | Browse |
| |
Get hash | malicious | Lokibot, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
|
Process: | C:\Users\user\Desktop\TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131260 |
Entropy (8bit): | 7.927629359842594 |
Encrypted: | false |
SSDEEP: | 3072:GXd3q/RvJrnoMEIY3o+VoHWZVCnMinmUysUXuimfTU:Wa9JLKon0SiqTU |
MD5: | B786E54FFB3DE50B5154B4255F156F4A |
SHA1: | 387972FA1376F21A589E0C54473EC0961A2792EE |
SHA-256: | A7442736F4CD5413DBB215DCCEA715ED6A1C5AE952AB4B7639A95F34416265AE |
SHA-512: | DE1DFC2B55C97353C5133E5F8065081558F4C9BBF1021B7CCB348619FF107E0DAD8A2D3633381A70C8091A3F65B13B2114EAAF7DA94B031F923B4CDA278D954D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 274432 |
Entropy (8bit): | 6.837989100231251 |
Encrypted: | false |
SSDEEP: | 6144:hOCWm/dAZdjO0aHta8ZIuaqe6a2EauSVVmaXYFn1rnU:8CWm1ajO1ta9DsuSmp1rnU |
MD5: | 6880758A850062FD30B92F05A84AF4A2 |
SHA1: | DF25C701A9C45EF5F737A6A85565D25C6305E761 |
SHA-256: | 43D57E4EB75AD957405A8CD679AC2BFE0A2DB85364894767BB2921117F45512C |
SHA-512: | 5B2049D90942B03C0025782877A8AE77C8738F7DB1D5CB6268FE7046901B8108A28D9D7A38C28FFC09624DCB162CF6C0072CA6A77853F1A5DF75288ECC9871C8 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.016512045433539 |
TrID: |
|
File name: | TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe |
File size: | 1'029'120 bytes |
MD5: | e984d47ddddd227739d93d4712eec8fa |
SHA1: | c10c8fbb4afc6d0ec5754ee95cfd4b3e4df4b3f8 |
SHA256: | 1349316e7a40b141bed9b55a8271d86434e168ff6efd248c1fa5af4e05c1c248 |
SHA512: | 67c5fe2605be68f0f35193df1186924ee34fe3c1d65909bcdb34def6863f07aa9b444064690080a8e018efae9e1ac08c26442364d1a3e2488ebf932f8e05c643 |
SSDEEP: | 24576:cu6J33O0c+JY5UZ+XC0kGso6FacEjfddHksiaZhdcWY:Gu0c++OCvkGs9Facqf/iafY |
TLSH: | 9A25BE22B3DDC360CB669173BF69B3056EBF7C610630B85B2F980D79A950171266C7A3 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}. |
Icon Hash: | 3570b480858580c5 |
Entrypoint: | 0x427dcd |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x675FC424 [Mon Dec 16 06:09:40 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | afcdf79be1557326c854b6e20cb900a7 |
Instruction |
---|
call 00007FE88501226Ah |
jmp 00007FE885005034h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push edi |
push esi |
mov esi, dword ptr [esp+10h] |
mov ecx, dword ptr [esp+14h] |
mov edi, dword ptr [esp+0Ch] |
mov eax, ecx |
mov edx, ecx |
add eax, esi |
cmp edi, esi |
jbe 00007FE8850051BAh |
cmp edi, eax |
jc 00007FE88500551Eh |
bt dword ptr [004C31FCh], 01h |
jnc 00007FE8850051B9h |
rep movsb |
jmp 00007FE8850054CCh |
cmp ecx, 00000080h |
jc 00007FE885005384h |
mov eax, edi |
xor eax, esi |
test eax, 0000000Fh |
jne 00007FE8850051C0h |
bt dword ptr [004BE324h], 01h |
jc 00007FE885005690h |
bt dword ptr [004C31FCh], 00000000h |
jnc 00007FE88500535Dh |
test edi, 00000003h |
jne 00007FE88500536Eh |
test esi, 00000003h |
jne 00007FE88500534Dh |
bt edi, 02h |
jnc 00007FE8850051BFh |
mov eax, dword ptr [esi] |
sub ecx, 04h |
lea esi, dword ptr [esi+04h] |
mov dword ptr [edi], eax |
lea edi, dword ptr [edi+04h] |
bt edi, 03h |
jnc 00007FE8850051C3h |
movq xmm1, qword ptr [esi] |
sub ecx, 08h |
lea esi, dword ptr [esi+08h] |
movq qword ptr [edi], xmm1 |
lea edi, dword ptr [edi+08h] |
test esi, 00000007h |
je 00007FE885005215h |
bt esi, 03h |
jnc 00007FE885005268h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xba44c | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc7000 | 0x32a58 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xfa000 | 0x711c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x92bc0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xa4870 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8f000 | 0x884 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x8dcc4 | 0x8de00 | d28a820a1d9ff26cda02d12b888ba4b4 | False | 0.5728679102422908 | data | 6.676118058520316 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8f000 | 0x2e10e | 0x2e200 | 79b14b254506b0dbc8cd0ad67fb70ad9 | False | 0.33535526761517614 | OpenPGP Public Key | 5.76010872795207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xbe000 | 0x8f74 | 0x5200 | 9f9d6f746f1a415a63de45f8b7983d33 | False | 0.1017530487804878 | data | 1.198745897703538 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xc7000 | 0x32a58 | 0x32c00 | 3749d4297d05ed808fab04e96093e91b | False | 0.9559392318349754 | data | 7.930009937809749 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xfa000 | 0x711c | 0x7200 | 6fcae3cbbf6bfbabf5ec5bbe7cf612c3 | False | 0.7650767543859649 | data | 6.779031650454199 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xc7458 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xc7580 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xc76a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xc77d0 | 0x162c | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | Great Britain | 0.906800563777308 |
RT_MENU | 0xc8dfc | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0xc8e4c | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0xc93e0 | 0x68a | data | English | Great Britain | 0.2747909199522103 |
RT_STRING | 0xc9a6c | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0xc9efc | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xca4f8 | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xcab54 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0xcafbc | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0xcb114 | 0x2e425 | data | 1.0003483272376066 | ||
RT_GROUP_ICON | 0xf953c | 0x14 | data | English | Great Britain | 1.2 |
RT_GROUP_ICON | 0xf9550 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0xf9564 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0xf9578 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0xf958c | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0xf9668 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | WSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W |
WININET.dll | InternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho |
USERENV.dll | DestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA |
USER32.dll | AdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW |
GDI32.dll | StrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath |
COMDLG32.dll | GetOpenFileNameW, GetSaveFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW |
SHELL32.dll | DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity |
OLEAUT32.dll | LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-12-16T13:37:08.701345+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49705 | 193.122.130.0 | 80 | TCP |
2024-12-16T13:37:11.373100+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49705 | 193.122.130.0 | 80 | TCP |
2024-12-16T13:37:12.992245+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.8 | 49707 | 104.21.67.152 | 443 | TCP |
2024-12-16T13:37:14.279449+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.8 | 49708 | 193.122.130.0 | 80 | TCP |
2024-12-16T13:37:15.900329+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.8 | 49709 | 104.21.67.152 | 443 | TCP |
2024-12-16T13:37:27.957196+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.8 | 49721 | 104.21.67.152 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 16, 2024 13:37:06.772269964 CET | 49705 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:06.892482996 CET | 80 | 49705 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:06.892573118 CET | 49705 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:06.892929077 CET | 49705 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:07.013078928 CET | 80 | 49705 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:08.265475035 CET | 80 | 49705 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:08.272860050 CET | 49705 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:08.425751925 CET | 80 | 49705 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:08.645967007 CET | 80 | 49705 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:08.701344967 CET | 49705 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:09.179127932 CET | 49706 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:09.179169893 CET | 443 | 49706 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:09.179229975 CET | 49706 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:09.312755108 CET | 49706 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:09.312777042 CET | 443 | 49706 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:10.531255007 CET | 443 | 49706 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:10.531384945 CET | 49706 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:10.537236929 CET | 49706 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:10.537256956 CET | 443 | 49706 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:10.537558079 CET | 443 | 49706 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:10.587120056 CET | 49706 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:10.631331921 CET | 443 | 49706 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:10.974216938 CET | 443 | 49706 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:10.974280119 CET | 443 | 49706 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:10.974348068 CET | 49706 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:10.980340004 CET | 49706 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:10.983530998 CET | 49705 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:11.103348970 CET | 80 | 49705 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:11.325221062 CET | 80 | 49705 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:11.328367949 CET | 49707 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:11.328411102 CET | 443 | 49707 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:11.328496933 CET | 49707 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:11.328866959 CET | 49707 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:11.328876019 CET | 443 | 49707 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:11.373100042 CET | 49705 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:12.544233084 CET | 443 | 49707 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:12.546489000 CET | 49707 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:12.546499014 CET | 443 | 49707 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:12.992263079 CET | 443 | 49707 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:12.992327929 CET | 443 | 49707 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:12.992394924 CET | 49707 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:12.992813110 CET | 49707 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:12.996093988 CET | 49705 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:12.997432947 CET | 49708 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:13.118316889 CET | 80 | 49708 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:13.118434906 CET | 49708 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:13.118542910 CET | 49708 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:13.118592978 CET | 80 | 49705 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:13.118668079 CET | 49705 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:13.238481045 CET | 80 | 49708 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:14.230257034 CET | 80 | 49708 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:14.231736898 CET | 49709 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:14.231786966 CET | 443 | 49709 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:14.231858969 CET | 49709 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:14.232156992 CET | 49709 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:14.232170105 CET | 443 | 49709 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:14.279448986 CET | 49708 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:15.445518970 CET | 443 | 49709 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:15.448102951 CET | 49709 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:15.448126078 CET | 443 | 49709 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:15.900348902 CET | 443 | 49709 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:15.900413990 CET | 443 | 49709 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:15.900494099 CET | 49709 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:15.901135921 CET | 49709 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:16.336560965 CET | 49710 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:16.456681967 CET | 80 | 49710 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:16.456777096 CET | 49710 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:16.457046986 CET | 49710 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:16.577110052 CET | 80 | 49710 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:17.554649115 CET | 80 | 49710 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:17.556231976 CET | 49711 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:17.556271076 CET | 443 | 49711 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:17.556374073 CET | 49711 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:17.556663036 CET | 49711 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:17.556678057 CET | 443 | 49711 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:17.607485056 CET | 49710 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:18.837696075 CET | 443 | 49711 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:18.869643927 CET | 49711 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:18.869679928 CET | 443 | 49711 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:19.284445047 CET | 443 | 49711 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:19.284507036 CET | 443 | 49711 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:19.284554958 CET | 49711 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:19.285470963 CET | 49711 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:19.290592909 CET | 49710 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:19.292072058 CET | 49712 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:19.410686016 CET | 80 | 49710 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:19.410769939 CET | 49710 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:19.411854982 CET | 80 | 49712 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:19.411962032 CET | 49712 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:19.418664932 CET | 49712 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:19.538768053 CET | 80 | 49712 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:20.507086992 CET | 80 | 49712 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:20.509010077 CET | 49713 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:20.509054899 CET | 443 | 49713 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:20.509129047 CET | 49713 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:20.509516954 CET | 49713 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:20.509531975 CET | 443 | 49713 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:20.560688019 CET | 49712 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:21.721535921 CET | 443 | 49713 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:21.739442110 CET | 49713 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:21.739476919 CET | 443 | 49713 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:22.170304060 CET | 443 | 49713 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:22.170372009 CET | 443 | 49713 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:22.170445919 CET | 49713 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:22.172338963 CET | 49713 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:22.177422047 CET | 49712 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:22.187901974 CET | 49714 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:22.297648907 CET | 80 | 49712 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:22.297712088 CET | 49712 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:22.308480024 CET | 80 | 49714 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:22.308557987 CET | 49714 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:22.308821917 CET | 49714 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:22.429163933 CET | 80 | 49714 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:23.404773951 CET | 80 | 49714 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:23.407084942 CET | 49717 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:23.407126904 CET | 443 | 49717 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:23.407365084 CET | 49717 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:23.407677889 CET | 49717 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:23.407691002 CET | 443 | 49717 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:23.451252937 CET | 49714 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:24.620472908 CET | 443 | 49717 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:24.622884035 CET | 49717 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:24.622917891 CET | 443 | 49717 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:25.071387053 CET | 443 | 49717 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:25.071454048 CET | 443 | 49717 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:25.072262049 CET | 49717 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:25.072262049 CET | 49717 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:25.076711893 CET | 49714 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:25.078221083 CET | 49719 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:25.196897984 CET | 80 | 49714 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:25.197995901 CET | 80 | 49719 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:25.198168039 CET | 49714 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:25.198427916 CET | 49719 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:25.198427916 CET | 49719 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:25.318306923 CET | 80 | 49719 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:26.296544075 CET | 80 | 49719 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:26.299184084 CET | 49721 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:26.299237967 CET | 443 | 49721 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:26.299319029 CET | 49721 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:26.299597025 CET | 49721 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:26.299611092 CET | 443 | 49721 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:26.341907978 CET | 49719 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:27.511307001 CET | 443 | 49721 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:27.520122051 CET | 49721 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:27.520148993 CET | 443 | 49721 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:27.957217932 CET | 443 | 49721 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:27.957295895 CET | 443 | 49721 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:27.957508087 CET | 49721 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:27.958175898 CET | 49721 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:27.961738110 CET | 49719 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:27.963016033 CET | 49723 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:28.081945896 CET | 80 | 49719 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:28.082048893 CET | 49719 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:28.082979918 CET | 80 | 49723 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:28.083059072 CET | 49723 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:28.083249092 CET | 49723 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:28.203670025 CET | 80 | 49723 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:29.183563948 CET | 80 | 49723 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:29.185334921 CET | 49724 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:29.185434103 CET | 443 | 49724 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:29.185570002 CET | 49724 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:29.185868025 CET | 49724 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:29.185899019 CET | 443 | 49724 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:29.232533932 CET | 49723 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:30.398967028 CET | 443 | 49724 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:30.451297045 CET | 49724 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:30.551383018 CET | 49724 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:30.551398039 CET | 443 | 49724 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:30.878866911 CET | 443 | 49724 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:30.878942013 CET | 443 | 49724 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:30.879076004 CET | 49724 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:30.879659891 CET | 49724 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:30.883002043 CET | 49723 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:30.884324074 CET | 49725 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:31.003094912 CET | 80 | 49723 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:31.003249884 CET | 49723 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:31.004095078 CET | 80 | 49725 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:31.004180908 CET | 49725 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:31.004462004 CET | 49725 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:31.124814034 CET | 80 | 49725 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:32.101073980 CET | 80 | 49725 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:32.105231047 CET | 49726 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:32.105278015 CET | 443 | 49726 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:32.105375051 CET | 49726 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:32.105662107 CET | 49726 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:32.105675936 CET | 443 | 49726 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:32.154403925 CET | 49725 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:33.321366072 CET | 443 | 49726 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:33.329333067 CET | 49726 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:33.329380989 CET | 443 | 49726 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:33.768723965 CET | 443 | 49726 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:33.768898010 CET | 443 | 49726 | 104.21.67.152 | 192.168.2.8 |
Dec 16, 2024 13:37:33.769143105 CET | 49726 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:33.769454956 CET | 49726 | 443 | 192.168.2.8 | 104.21.67.152 |
Dec 16, 2024 13:37:33.787465096 CET | 49725 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:33.908034086 CET | 80 | 49725 | 193.122.130.0 | 192.168.2.8 |
Dec 16, 2024 13:37:33.908801079 CET | 49725 | 80 | 192.168.2.8 | 193.122.130.0 |
Dec 16, 2024 13:37:33.930661917 CET | 49727 | 443 | 192.168.2.8 | 149.154.167.220 |
Dec 16, 2024 13:37:33.930726051 CET | 443 | 49727 | 149.154.167.220 | 192.168.2.8 |
Dec 16, 2024 13:37:33.930836916 CET | 49727 | 443 | 192.168.2.8 | 149.154.167.220 |
Dec 16, 2024 13:37:33.931432962 CET | 49727 | 443 | 192.168.2.8 | 149.154.167.220 |
Dec 16, 2024 13:37:33.931457996 CET | 443 | 49727 | 149.154.167.220 | 192.168.2.8 |
Dec 16, 2024 13:37:35.300967932 CET | 443 | 49727 | 149.154.167.220 | 192.168.2.8 |
Dec 16, 2024 13:37:35.301131964 CET | 49727 | 443 | 192.168.2.8 | 149.154.167.220 |
Dec 16, 2024 13:37:35.305711985 CET | 49727 | 443 | 192.168.2.8 | 149.154.167.220 |
Dec 16, 2024 13:37:35.305722952 CET | 443 | 49727 | 149.154.167.220 | 192.168.2.8 |
Dec 16, 2024 13:37:35.306216002 CET | 443 | 49727 | 149.154.167.220 | 192.168.2.8 |
Dec 16, 2024 13:37:35.307867050 CET | 49727 | 443 | 192.168.2.8 | 149.154.167.220 |
Dec 16, 2024 13:37:35.355329037 CET | 443 | 49727 | 149.154.167.220 | 192.168.2.8 |
Dec 16, 2024 13:37:35.803402901 CET | 443 | 49727 | 149.154.167.220 | 192.168.2.8 |
Dec 16, 2024 13:37:35.803489923 CET | 443 | 49727 | 149.154.167.220 | 192.168.2.8 |
Dec 16, 2024 13:37:35.803596020 CET | 49727 | 443 | 192.168.2.8 | 149.154.167.220 |
Dec 16, 2024 13:37:35.879654884 CET | 49727 | 443 | 192.168.2.8 | 149.154.167.220 |
Dec 16, 2024 13:37:50.368917942 CET | 49708 | 80 | 192.168.2.8 | 193.122.130.0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 16, 2024 13:37:06.623429060 CET | 61521 | 53 | 192.168.2.8 | 1.1.1.1 |
Dec 16, 2024 13:37:06.761351109 CET | 53 | 61521 | 1.1.1.1 | 192.168.2.8 |
Dec 16, 2024 13:37:08.687918901 CET | 53554 | 53 | 192.168.2.8 | 1.1.1.1 |
Dec 16, 2024 13:37:09.155798912 CET | 53 | 53554 | 1.1.1.1 | 192.168.2.8 |
Dec 16, 2024 13:37:33.788218975 CET | 51235 | 53 | 192.168.2.8 | 1.1.1.1 |
Dec 16, 2024 13:37:33.927192926 CET | 53 | 51235 | 1.1.1.1 | 192.168.2.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 16, 2024 13:37:06.623429060 CET | 192.168.2.8 | 1.1.1.1 | 0x507f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 16, 2024 13:37:08.687918901 CET | 192.168.2.8 | 1.1.1.1 | 0xc50b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 16, 2024 13:37:33.788218975 CET | 192.168.2.8 | 1.1.1.1 | 0xfbc8 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 16, 2024 13:37:06.761351109 CET | 1.1.1.1 | 192.168.2.8 | 0x507f | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 16, 2024 13:37:06.761351109 CET | 1.1.1.1 | 192.168.2.8 | 0x507f | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Dec 16, 2024 13:37:06.761351109 CET | 1.1.1.1 | 192.168.2.8 | 0x507f | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Dec 16, 2024 13:37:06.761351109 CET | 1.1.1.1 | 192.168.2.8 | 0x507f | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Dec 16, 2024 13:37:06.761351109 CET | 1.1.1.1 | 192.168.2.8 | 0x507f | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Dec 16, 2024 13:37:06.761351109 CET | 1.1.1.1 | 192.168.2.8 | 0x507f | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Dec 16, 2024 13:37:09.155798912 CET | 1.1.1.1 | 192.168.2.8 | 0xc50b | No error (0) | 104.21.67.152 | A (IP address) | IN (0x0001) | false | ||
Dec 16, 2024 13:37:09.155798912 CET | 1.1.1.1 | 192.168.2.8 | 0xc50b | No error (0) | 172.67.177.134 | A (IP address) | IN (0x0001) | false | ||
Dec 16, 2024 13:37:33.927192926 CET | 1.1.1.1 | 192.168.2.8 | 0xfbc8 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49705 | 193.122.130.0 | 80 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 16, 2024 13:37:06.892929077 CET | 151 | OUT | |
Dec 16, 2024 13:37:08.265475035 CET | 321 | IN | |
Dec 16, 2024 13:37:08.272860050 CET | 127 | OUT | |
Dec 16, 2024 13:37:08.645967007 CET | 321 | IN | |
Dec 16, 2024 13:37:10.983530998 CET | 127 | OUT | |
Dec 16, 2024 13:37:11.325221062 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.8 | 49708 | 193.122.130.0 | 80 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 16, 2024 13:37:13.118542910 CET | 127 | OUT | |
Dec 16, 2024 13:37:14.230257034 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.8 | 49710 | 193.122.130.0 | 80 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 16, 2024 13:37:16.457046986 CET | 151 | OUT | |
Dec 16, 2024 13:37:17.554649115 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.8 | 49712 | 193.122.130.0 | 80 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 16, 2024 13:37:19.418664932 CET | 151 | OUT | |
Dec 16, 2024 13:37:20.507086992 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.8 | 49714 | 193.122.130.0 | 80 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 16, 2024 13:37:22.308821917 CET | 151 | OUT | |
Dec 16, 2024 13:37:23.404773951 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.8 | 49719 | 193.122.130.0 | 80 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 16, 2024 13:37:25.198427916 CET | 151 | OUT | |
Dec 16, 2024 13:37:26.296544075 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.8 | 49723 | 193.122.130.0 | 80 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 16, 2024 13:37:28.083249092 CET | 151 | OUT | |
Dec 16, 2024 13:37:29.183563948 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.8 | 49725 | 193.122.130.0 | 80 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 16, 2024 13:37:31.004462004 CET | 151 | OUT | |
Dec 16, 2024 13:37:32.101073980 CET | 321 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49706 | 104.21.67.152 | 443 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-16 12:37:10 UTC | 85 | OUT | |
2024-12-16 12:37:10 UTC | 870 | IN | |
2024-12-16 12:37:10 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.8 | 49707 | 104.21.67.152 | 443 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-16 12:37:12 UTC | 61 | OUT | |
2024-12-16 12:37:12 UTC | 886 | IN | |
2024-12-16 12:37:12 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.8 | 49709 | 104.21.67.152 | 443 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-16 12:37:15 UTC | 61 | OUT | |
2024-12-16 12:37:15 UTC | 882 | IN | |
2024-12-16 12:37:15 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.8 | 49711 | 104.21.67.152 | 443 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-16 12:37:18 UTC | 85 | OUT | |
2024-12-16 12:37:19 UTC | 881 | IN | |
2024-12-16 12:37:19 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.8 | 49713 | 104.21.67.152 | 443 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-16 12:37:21 UTC | 85 | OUT | |
2024-12-16 12:37:22 UTC | 886 | IN | |
2024-12-16 12:37:22 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.8 | 49717 | 104.21.67.152 | 443 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-16 12:37:24 UTC | 85 | OUT | |
2024-12-16 12:37:25 UTC | 878 | IN | |
2024-12-16 12:37:25 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.8 | 49721 | 104.21.67.152 | 443 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-16 12:37:27 UTC | 61 | OUT | |
2024-12-16 12:37:27 UTC | 874 | IN | |
2024-12-16 12:37:27 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.8 | 49724 | 104.21.67.152 | 443 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-16 12:37:30 UTC | 85 | OUT | |
2024-12-16 12:37:30 UTC | 876 | IN | |
2024-12-16 12:37:30 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.8 | 49726 | 104.21.67.152 | 443 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-16 12:37:33 UTC | 85 | OUT | |
2024-12-16 12:37:33 UTC | 869 | IN | |
2024-12-16 12:37:33 UTC | 362 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.8 | 49727 | 149.154.167.220 | 443 | 4780 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-12-16 12:37:35 UTC | 349 | OUT | |
2024-12-16 12:37:35 UTC | 344 | IN | |
2024-12-16 12:37:35 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:37:03 |
Start date: | 16/12/2024 |
Path: | C:\Users\user\Desktop\TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfa0000 |
File size: | 1'029'120 bytes |
MD5 hash: | E984D47DDDDD227739D93D4712EEC8FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 07:37:04 |
Start date: | 16/12/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3a0000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 3.5% |
Dynamic/Decrypted Code Coverage: | 0.4% |
Signature Coverage: | 7% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 162 |
Graph
Function 00FA3B3A Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA49A0 Relevance: 10.7, APIs: 7, Instructions: 223COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100445A Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAE6A0 Relevance: 2.4, Strings: 1, Instructions: 1102COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB09D0 Relevance: 57.3, APIs: 27, Strings: 5, Instructions: 1300windowsleeptimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01009155 Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA3015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 73windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA3041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA708B Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA3A46 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA3633 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01260B88 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01260948 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 149fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA407C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA35B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100955B Relevance: 6.2, APIs: 4, Instructions: 155COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC470A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0101CADD Relevance: 4.9, APIs: 3, Instructions: 392COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAF76F Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA434A Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC571C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01008D0D Relevance: 4.5, APIs: 3, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01005B7A Relevance: 3.1, APIs: 2, Instructions: 142COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA7A51 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA47D0 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC0C08 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FDFCAC Relevance: 1.6, APIs: 1, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC06FE Relevance: 1.6, APIs: 1, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA4DDD Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FDFD85 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC4863 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA4E4A Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC0791 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01008E9F Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC525B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01260838 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102CABC Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 632windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA48D7 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100C75C Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100EF95 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01020857 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100F0F2 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100A1EF Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB66E1 Relevance: 18.4, Strings: 14, Instructions: 889COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01014164 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010037EF Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100F3F3 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB5760 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01003B12 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010051BD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01016283 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB5520 Relevance: 8.0, APIs: 5, Instructions: 516COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01025376 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF80A9 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA4B37 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB3030 Relevance: 6.6, APIs: 4, Instructions: 587COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAFCE0 Relevance: 5.5, APIs: 3, Instructions: 1040COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFE616 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100B333 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF87E1 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF874B Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100C6D1 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100A06A Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF81CB Relevance: 3.0, APIs: 2, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FCF1D9 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FD242E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01008889 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01004C27 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF87B1 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FCA124 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB8808 Relevance: .6, Instructions: 590COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC21C5 Relevance: .3, Instructions: 345COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC25FA Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC1978 Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01017806 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102356B Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102A5DA Relevance: 49.8, APIs: 33, Instructions: 260COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA2C18 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010174AB Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01029A1C Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 455windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010289D5 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102488F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA27D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFA439 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01014FFD Relevance: 25.6, APIs: 17, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102A1B9 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102C5FE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01007D1A Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 378timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01024392 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102B7FE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFF8AA Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102C1AC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0101731A Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF77DC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFF7A1 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010046B7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01004F75 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100D58D Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFC267 Relevance: 18.2, APIs: 12, Instructions: 174COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA21A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01027152 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010274BB Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC6E03 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010183BB Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01015732 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8F8F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF907A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF9163 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010188AB Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01007990 Relevance: 15.3, APIs: 10, Instructions: 292COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FAFA5D Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA2E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01011A15 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01018C46 Relevance: 13.9, APIs: 9, Instructions: 438COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01028645 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF966E Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01026D80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01002F94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010042F8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA2A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010070C6 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010261D3 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFBBAF Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010055FD Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01003671 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01027291 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010262CD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFDAEB Relevance: 10.6, APIs: 7, Instructions: 95memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFDBC4 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010275CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC9AE6 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC406B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010064B8 Relevance: 9.2, APIs: 6, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01025799 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFEEEC Relevance: 9.2, APIs: 6, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100220A Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102B69E Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0101709E Relevance: 9.1, APIs: 6, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8879 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF85B1 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFB790 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01007230 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8992 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01002A96 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFD56C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01002753 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0101182D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010263E7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01006D9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01006E6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0101EB55 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100E571 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102A056 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF63AA Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFB1EC Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102B14B Relevance: 7.6, APIs: 5, Instructions: 85COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF9307 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01015A4D Relevance: 7.6, APIs: 5, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA12F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01004A93 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8202 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF710A Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01005244 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF810A Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA13B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF97F5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010273D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01027B93 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01026CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102770E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA4C36 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01020DE7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA4C03 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010190E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF717D Relevance: 6.3, APIs: 4, Instructions: 333COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0101E02A Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01018093 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF7530 Relevance: 6.2, APIs: 4, Instructions: 231COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF687D Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010297F4 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF9A80 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0101641A Relevance: 6.1, APIs: 4, Instructions: 116COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100B7F4 Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01028851 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102AB37 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01024EEE Relevance: 6.1, APIs: 4, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102C498 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8656 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FC098C Relevance: 6.1, APIs: 4, Instructions: 79COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01011767 Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01003A2A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01025D11 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FFDCBE Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01016369 Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8B41 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA1290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01001142 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102B2C5 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102B635 Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01006BDA Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0102BD1C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FA2218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8712 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0100AFAC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FB2957 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0101258E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01027A71 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010028A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010266D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01026920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010029AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010121D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8E05 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8CFD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00FF8D82 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01025964 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 01025998 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|