Edit tour

Windows Analysis Report
mmbasic.exe

Overview

General Information

Sample name:	mmbasic.exe
Analysis ID:	1583528
MD5:	ac516514b43b8efa0e2a4943f3b12d82
SHA1:	2cab1962c5bf39c227686299ca2d0c2208ba0e55
SHA256:	fddce09702a195c3b25696e560824c83b84637426e0d4e8abfd6a994e056e988
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

PE file has nameless sections

Tries to detect sandboxes / dynamic malware analysis system (QueryWinSAT)

Creates a process in suspended mode (likely to inject code)

Drops PE files

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Classification

Process Tree

System is w10x64_ra

mmbasic.exe (PID: 6444 cmdline: "C:\Users\user\Desktop\mmbasic.exe" MD5: AC516514B43B8EFA0E2A4943F3B12D82)

MMANAGALBasic35.exe (PID: 2792 cmdline: "C:\MMANA-GALBasic3\MMANAGALBasic35.exe" MD5: 2916707014BCD2F4F43A707655B887C3)

chrome.exe (PID: 5884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://dl2kq.de/promm/index.htm MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2028,i,12784937484562864323,16612268819197994653,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

calc.exe (PID: 3744 cmdline: "C:\Windows\System32\calc.exe" MD5: 961E093BE1F666FD38602AD90A5F480F)

Calculator.exe (PID: 2300 cmdline: "C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca MD5: 94675EB54AC5DAA11ACE736DBFA9E7A2)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\MMANA-GALBasic3\MMFarField.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000000A.00000003.1383986199.0000000003710000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000000.00000002.1383636154.0000000000401000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: mmbasic.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source:

Binary string: D:\FFSolveVS17\2008\FFSolvermm2008\Release\FFSolvermm2008.pdb source: FFSolver.exe.0.dr

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.151
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.151
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.151
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.151
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 02 Jan 2025 23:02:32 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveAccept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 2456Keep-Alive: timeout=2, max=1000Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 19 db 72 db b8 f5 5d 5f 81 45 26 5e 69 6c 91 a2 14 27 b1 25 2a 75 e2 dc ba b6 e3 da de d9 ee 34 9d 0c 44 42 24 62 90 60 41 50 97 b6 fb 41 fd cb 1e 00 24 45 cb 5c c7 89 33 9d 9d fa c1 26 0f cf 1d e7 86 e3 c9 0f c7 1f 5e 5d fd 7a fe 1a c5 2a e1 e8 fc e7 97 27 ef 5f 21 dc 77 dd 5f 46 af 5c f7 f8 ea 18 fd f5 dd d5 e9 09 f2 1c cf 75 5f 9f 61 84 63 a5 b2 43 d7 5d 2e 97 ce 72 e4 08 19 b9 57 17 ee 4a 93 7b 1a bf 7c f4 9c 50 85 78 da 99 18 be ab 84 a7 b9 df 42 ea 1d 1c 1c 58 0a ac 91 0e 39 49 23 1f d3 14 4f 27 31 25 21 d0 27 54 11 a4 09 fb f4 1f 05 5b f8 f8 95 48 15 4d 55 ff 6a 9d 51 8c 02 fb e6 63 45 57 ca d5 8c c6 28 88 89 cc a9 f2 97 2c 0d c5 32 ef 7b c3 fd 21 be 8b d5 09 48 2d 48 d4 64 47 d3 7e 91 6b 22 ce d2 6b 24 29 f7 71 1e 0b a9 82 42 21 06 58 18 c5 92 ce 7d 3c 27 0b fd ea c0 af 5a 44 4a 12 ea 63 29 66 42 e5 0d 96 a0 0d 5d ed a1 b9 e0 5c 2c b7 90 49 a1 80 7b 03 f9 7d 24 24 7a 0b 6f da 18 9a 5e 0b 74 7c 32 fc e9 2f 68 8b ee 95 c8 d6 92 45 b1 6a 90 1e 71 ba 42 97 41 4c 97 94 d3 05 d0 79 e7 2f 8f f7 d0 ef 70 dc 62 f8 13 5d 2f 85 0c 9b 7a 9f 5f 7c 40 0b 2a 73 26 52 74 7a 7a 74 76 d4 7f 7b 74 82 88 fe 9a 12 f8 4b f8 3a a7 12 e5 62 ae e0 d8 14 53 9c 4e 5b 69 26 ae fd d8 e9 4c 72 b5 e6 14 29 38 c2 f2 e4 82 5c 7b fb 4f 2c c9 c0 c9 a8 90 bc 8b 0d 8e a3 3f f4 c6 9d 89 6b 5e 6f 1e 88 86 e4 31 a5 60 fd 16 ab f2 74 0c c6 a7 4c b2 54 19 46 28 a1 21 23 3e 36 10 6d 79 1e 48 96 29 c4 cb 00 f0 f1 9f c9 82 5c 1a a0 fe fc 43 bf 8f 5e d2 88 a5 9d 33 ba 7c 9f 44 c8 47 29 5d a2 23 29 c9 1a 75 3b 18 30 4f 4f c1 b2 7e 26 85 eb 0d 9c 2c 8d f0 de 16 f8 79 2b 74 bf 15 7a d0 0a 7d d6 0a 7d da 0a 1d b5 42 9f b4 42 87 ad 50 af 1d 6a c1 1d 38 8a 05 91 08 7c 71 56 24 e0 8e 41 fd 7e 42 d3 48 c5 00 b2 ae 72 b8 7d ef 23 6f dc 71 dd 2b 96 50 14 52 0e 7e 9b 51 b5 a4 34 45 97 9c 85 34 47 2c 45 09 e3 9c e5 14 22 2e cc 0d 3b 8b e8 a3 d1 60 50 0a e0 22 b8 06 c0 9c f0 9c 5a 88 2c d2 71 67 5e a4 81 d2 41 16 c4 11 08 ed 86 4c 52 03 e8 a1 7f 75 d8 1c 75 43 11 14 09 84 b1 c3 12 38 df 5c 83 6b dd cb 87 5d 54 53 8d 0d 4d 09 9f 6e ac ba 41 06 1a fd d6 c4 9b a0 c1 36 5b 4b a5 f1 6a f9 b9 b1 36 16 4b 27 97 41 ed a5 bf 59 aa bf 6b d4 df 36 d6 40 39 10 dd ca 04 6b ba 8f 94 2c a8 86 dd 74 85 2d 72 4e c0 29 91 ef 21 27 e5 82 f0 2e f8 a6 a7 59 52 40 41 4d 1e 86 a8 c1 44 f3 1c 77 00 1d 9e a1 64 d6 0c 70 e9 4f af 87 f7 ec 69 f4 ac 8a ae 8b 5e a7 21 ea f7 a7 3a 25 4d a2 e8 a7 b2 58 cf 44 b8 d6 35 df 9b 22 80 79 f0 18 b2 05 0a 38 c9 75 f5 07 1c 2a 3f 25 cc f6 85 fd 29 c4 d5 9c e6 ba 46 10 5e d7 13 5d 46 96 50 a0 80 7e 5f 73 06 06 65 22 de 66 63 d5 88 87 d3 c9 1c 8a 15 54 2c 2e a4 8f 1f cd e7 a3 d0 03 21 93 d9 f4 75 1a 41 64 c5 13 77 36 9d b8 1a 69 da f9 f7 84 94 d5 c1 14 64 e9 40 d3 c0 a0 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 02 Jan 2025 23:02:32 GMTServer: ApacheLast-Modified: Thu, 27 Feb 2014 20:11:38 GMTETag: "1a57-4f368edc60130-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 1553Keep-Alive: timeout=2, max=999Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 58 5b 8f da 46 14 7e 0e bf 62 94 aa 52 1b 2d 1b 6c 16 76 31 4f ad d4 48 7d 68 fb d2 87 be 55 03 1e b0 9b c1 e3 da 43 96 4d b4 ff d5 61 83 42 20 78 c9 26 6d 13 29 6d 7a c6 b7 1d 0f 36 78 09 b1 84 84 2f 73 ce 99 73 f9 ce 77 e6 e1 83 6d d7 c3 da c3 07 88 50 32 22 0e 47 26 19 d8 8e cd 6d e6 f8 c8 e7 d8 e3 28 7a bf 7d 7d cd e2 23 7a 84 7a cc bc 40 cf 6a 03 e6 f0 fa 00 8f 6c 7a 61 d0 71 df 36 f1 d1 13 e2 99 d8 c1 47 3e 76 fc ba 4f 3c 7b d0 8d 3f f3 ed a7 c4 d0 74 77 92 dc 9f 13 7b 68 71 c3 61 de 08 d3 6e ed b2 56 4b 84 f6 98 67 12 cf f0 19 b5 4d d4 70 27 e8 ab 46 74 75 6b 2e 36 4d db 19 1a 0d 21 64 84 bd a1 ed 88 ff 48 fa 75 6b 7d 46 99 67 64 6b 7a b8 ff 78 e8 b1 b1 63 d6 93 37 83 e8 12 0a f1 61 b7 c0 c9 84 d7 4d d2 67 1e 16 5e 35 40 27 f1 a8 ed 90 68 77 d8 b0 18 48 06 95 99 1d 65 16 3e 7a f4 e8 f4 b4 1d af 42 f6 68 08 6b 54 d9 0e 13 62 13 57 c5 37 25 de 89 c4 58 5a ba d5 68 0f cd c6 d6 3d 60 6a 0f 1d 83 92 01 ef d6 84 fd 75 2b fe a8 19 6d 3d bd 69 8b 1b c9 78 7b 84 87 c4 18 7b f4 9b fb 16 c1 60 57 9d 33 f7 f8 0f 77 78 ff db dc 77 1e 71 09 16 1a 93 7f b9 97 2e f3 a3 94 4c b4 6f fa a6 a3 f7 ce 4c b3 5b 93 82 a9 a4 46 96 0e 7a 89 27 70 ce 17 fa 49 d5 78 c6 6e ce 65 51 81 85 dc 83 b4 71 b1 07 25 96 29 cc 42 7f 20 91 7a 6e 07 da 59 85 68 7a e2 45 3e 9c f1 ce ab 87 b3 c7 38 67 a3 cf 8c 68 56 9e 9a d6 6c ee da ab 1c 55 3d 57 e5 6a 54 75 25 aa da e9 5e 51 ad 66 56 a2 30 8b aa aa b6 b4 c0 e3 18 63 1c 89 a8 09 b0 7d bf 9e bf bb 41 cb d9 34 bc 0a d1 74 b6 fe 6b 35 83 3f 2f 83 ab 70 19 4e 17 01 20 ae d5 02 0d 99 13 3d 42 c1 ec 27 60 31 14 97 51 d7 a3 a8 45 b1 35 b4 db a2 8e 13 bb 5d 3d 2d ee 94 81 65 40 23 dc d2 3a 78 b2 47 6e 7a b3 fa 74 33 9f a1 eb 70 39 7b 85 e6 e8 6a 1d ac e6 7f a3 69 b8 58 bf bd 42 8b 60 7d 33 5f 85 0b 70 56 0c 96 72 72 e4 8c cd e1 65 2a 7b 9f 7e 49 1c 13 a1 4a fd b2 82 82 3e c5 be 5f d0 8e ab 29 30 ed 27 c7 71 81 fe 3e 82 86 f9 2c 2b e8 b3 9d 05 0d df 7f 31 7c 2e 8d c1 65 6c f2 80 31 2e 77 c3 56 74 ed ca 87 2a 6d 38 0e b2 68 3e 09 87 d0 04 87 e8 47 d7 ad 2d 5a 0a 27 9a 8a 29 cd 1c da e8 05 46 2b 50 b3 8d d3 88 55 7d 78 85 01 77 bd e2 42 ae 48 58 ca 19 4f b6 25 f5 45 a2 1f 3c 01 b0 ff 58 68 df 41 a0 b4 d3 a2 75 ca 76 b5 1d db 75 31 b7 04 8d db 1a c8 24 49 4f 36 d2 43 01 76 58 e0 08 43 f2 26 94 d2 17 79 05 ae b8 a6 18 a6 2e f7 2c dd 18 19 0e 86 0d 23 48 9c 1e 9b c4 88 e0 23 e9 aa a2 40 a8 40 bf 5a b6 8f 7e fa ee c7 9f bf ff e5 37 1d d5 d1 8b e5 27 f4 2e bc 09 83 e5 c7 e7 e1 6b d1 62 44 d4 12 45 7a 71 8e 9e db 26 b7 0c 3c e6 0c 22 64 3b f5 f8 be 95 30 2c 78 90 c4 53 6b 34 26 5d 04 4a af c3 17 d7 e1 7a 11 1c a1 eb f5 ec 45 78 33 5d 07 1f 82 ff 3e 04 9f e0 3e 9c 06 4b 34 5d cd 5
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 02 Jan 2025 23:02:33 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Thu, 27 Feb 2014 20:11:39 GMTETag: "1318-4f368edd9b81f-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 995Keep-Alive: timeout=2, max=1000Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 57 4d 8f db 20 10 3d af 7f 05 52 6f d5 3a bb 76 36 6d e5 1c ab 1e 7a ef bd c2 81 c4 68 31 b8 80 37 49 ab fe f7 82 6d 12 8c 71 42 da a8 48 91 62 0c f3 f1 66 e6 cd f8 e9 fd a5 f5 94 3c bd 07 98 e2 1a 33 05 10 de 12 46 14 e1 4c 02 a9 a0 50 a0 7b 7f f9 7e 52 a9 9a 3e 82 92 a3 23 f8 95 6c 38 e5 a2 78 f7 dc ad 75 52 c2 cd eb 4e f0 96 a1 74 78 b3 ed d6 3a d9 72 a6 d2 2d ac 09 3d 16 b4 dd 10 04 1f df b0 40 90 c1 47 09 99 4c 25 16 c4 1e 93 e4 27 2e b2 bc 39 0c cf 7b 4c 76 95 2a 18 17 35 a4 eb a4 81 08 11 b6 2b 9e cd 81 1a 8a 1d 61 fd ff df 49 72 ab 59 b3 b2 4a 2e 10 16 5a 27 c3 9d 60 a8 a5 de d1 07 85 0f 2a 45 78 c3 05 34 f8 17 da 34 2c 28 b1 ca 16 fa ef ab eb c7 72 f9 f9 f3 25 3f 3a 0b 49 bd d3 77 7c d1 bd 0b 23 7f 2e 21 58 65 d6 d3 de 85 0f 17 5d 80 94 ec 58 41 f1 56 ad 13 63 7e 5a f5 87 96 9d e7 a3 87 e8 98 38 6f 48 0d 77 78 6a 34 b0 bf 6c c6 03 78 8b 0f 13 ac fe d5 52 63 43 3e b6 e0 72 22 cc a1 98 bf 38 28 f6 0f ff 0f c5 dc 47 31 3a 99 ef 86 62 9f d0 ae 61 a3 cc f5 6b f4 1a 75 cd 50 1f 66 08 80 28 ea 8b 50 b0 a1 50 ca 00 b3 c6 29 40 e4 6d 51 61 a8 bd fa 5e 13 a4 7d 47 44 36 14 1e cf 3e 9a 13 5b ce 15 16 67 7a 58 75 eb 2a fb f6 51 cc e6 a2 d8 a3 99 2a de 14 92 53 ad 5d 9f 04 ef 36 dd 3a 03 9f b9 49 03 dc c4 59 9a 8d dc be ce 6d 1e 39 06 7b f9 34 6b c9 70 6b a3 5f 41 5d 0d c6 d3 86 cb 0e ce 42 60 aa 93 ec ed 96 fc 0a e5 4f ee e6 bf 6b aa 76 7f e0 de 20 f4 0d 54 d5 2d fd 65 26 b7 63 50 18 d1 69 e6 d2 69 e6 55 c2 e5 42 3e 99 0d 6f ee d7 71 71 fa d1 92 cd 2b 83 6f 21 cc 64 03 99 c1 74 1c f9 e7 0b 12 4f 37 60 e4 9d 30 fb c4 d1 c1 b4 5a 7b 32 b8 1b 1d d4 3a 81 4b 7e e8 49 40 02 67 c5 d2 81 95 10 ac 81 3d 41 aa 2a 60 ab b8 0e 3b 61 69 ff 9c f5 c5 f7 33 25 7a aa 38 14 cb 35 d0 96 7c ab 88 04 90 52 be 97 40 55 18 98 ea 32 4c a8 38 e0 7a 8a a1 b0 e9 b6 85 c1 16 68 8e 6c 01 61 80 41 21 f8 1e ec b5 20 73 4f ef ec 38 47 a0 d4 9b 7a d8 91 0b e3 85 df 22 1e 1e 1e b4 ba af 5a ba 60 58 81 2f 87 46 27 96 2e 62 86 31 32 aa b5 19 fa d6 b5 8c cf 3e dd d4 ed fc 6a c8 42 e5 d0 ef 76 a5 9f 7d 58 39 e5 61 31 ae 96 91 73 83 af 6e e5 71 e1 1c bb 9c 14 bd 8c 15 2d 7d 45 25 a7 28 3c a7 e5 2b cb b0 56 f6 40 dc 25 57 8a d7 21 ee 9e 2a 87 51 ea 67 2b cb 93 16 2e f2 6b b4 11 12 10 db 21 a2 2c 33 f6 04 11 9c e6 88 7f 73 21 db d2 f4 e1 80 39 43 e2 c1 6e dd fa 69 91 4f 9a e7 ac e6 10 14 4e bf f7 9a cb f4 73 c0 95 aa 60 49 f1 5f 7f c0 3c dc a9 a2 3f 9e 81 48 cd ac 5b 04 b1 6f a9 36 94 12 a9 2d 50 47 8a 53 75 6c 70 21 7f b4 50 cc 4c af f9 08 e0 73 85 af 4e d1 f5 e7 c4 b1 ba 85 d9 0f e8 0c 1e a7 64 26 a9 32 1b 59 27 b0 91 fd c1 f4 9c 51 6b b8 67 03 32 40 ff 5b 03 b2 12 9c 06 04 4b cd 32 ad 3a 35

Source: global traffic	HTTP traffic detected: GET /promm/index.htm HTTP/1.1Host: dl2kq.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /promm/index.htm HTTP/1.1Host: gal-ana.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /promm/style.css HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://gal-ana.de/promm/index.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /promm/ScrMMGAL-pro/10.png HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gal-ana.de/promm/index.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /promm/32.gif HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gal-ana.de/promm/index.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /promm/pre-on.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gal-ana.de/promm/index.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /promm/next-on.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gal-ana.de/promm/index.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /promm/style_print.css HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://gal-ana.de/promm/index.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /promm/header-top.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gal-ana.de/promm/style.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /cgi-bin/hotlog/count?0.0820563923551032&s=28374&im=209&r=&pg=http%3A//gal-ana.de/promm/index.htm&c=Y&j=N&wh=1280x1024&px=24&js=1.3& HTTP/1.1Host: hit3.hotlog.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gal-ana.de/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /promm/luda.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gal-ana.de/promm/style.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /promm/pre-on.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /promm/header-mid.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gal-ana.de/promm/style.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /promm/32.gif HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /promm/header-bottom.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://gal-ana.de/promm/style.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /promm/luda.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /promm/next-on.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /promm/header-bottom.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /promm/header-mid.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /promm/ScrMMGAL-pro/10.png HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1
Source: global traffic	HTTP traffic detected: GET /promm/header-top.jpg HTTP/1.1Host: gal-ana.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: hotlog=1

Source: global traffic	DNS traffic detected: DNS query: dl2kq.de
Source: global traffic	DNS traffic detected: DNS query: gal-ana.de
Source: global traffic	DNS traffic detected: DNS query: hit3.hotlog.ru
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: G4ZU 14.maa.0.dr	String found in binary or memory: http://dl2kq.de/ant/3-2.htm
Source: Lic_r.txt.0.dr	String found in binary or memory: http://dl2kq.de/forum/
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp, MMANAGALBasic35.exe, 0000000A.00000003.2119850643.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000003.2119034338.0000000000A02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl2kq.de/promm/index.htm
Source: MMANAGALBasic35.exe, 0000000A.00000003.2119850643.00000000009C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl2kq.de/promm/index.htm&
Source: MMANAGALBasic35.exe, 0000000A.00000003.2119034338.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl2kq.de/promm/index.htmDJ
Source: MMANAGALBasic35.exe, 0000000A.00000003.2119034338.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl2kq.de/promm/index.htmVJ9
Source: MMANAGALBasic35.exe, 0000000A.00000003.2119034338.0000000000A32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl2kq.de/promm/index.htmqtY
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://gal-ana.de
Source: MMANAGALBasic35.exe, 0000000A.00000002.2130264409.0000000003780000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://gal-ana.de/basicmm/index.0
Source: MMANAGALBasic35.exe, 0000000A.00000003.2118157072.00000000037B3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://gal-ana.de/basicmm/index.htm
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://gal-ana.de/basicmm/index.htmCan
Source: mmbasic.exe, 00000000.00000003.1382108777.0000000002C6A000.00000004.00001000.00020000.00000000.sdmp, mmbasic.exe, 00000000.00000003.1383309092.0000000000871000.00000004.00000020.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp, Lic_e.txt.0.dr, L(Default).rtf.0.dr	String found in binary or memory: http://gal-ana.de/forum/index.php
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://gal-ana.de/promm
Source: mmbasic.exe, 00000000.00000003.1382108777.0000000002C6A000.00000004.00001000.00020000.00000000.sdmp, mmbasic.exe, 00000000.00000003.1383309092.0000000000871000.00000004.00000020.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp, Lic_e.txt.0.dr, L(Default).rtf.0.dr	String found in binary or memory: http://gal-ana.de/promm/index.htm
Source: Lic_r.txt.0.dr	String found in binary or memory: http://gal-ana.de/promm/indexr.htm.
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://gal-ana.de/promm/price.htm
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://gal-ana.de/promm/price.htmH
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://gal-ana.deopenhttp://gal-ana.de/prommFrequencyDat.txtopen
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://je3hht.g1.xrea.com/
Source: mmbasic.exe, 00000000.00000002.1383636154.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.actualinstaller.
Source: mmbasic.exe, 00000000.00000002.1383636154.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Englishai.lng.0.dr	String found in binary or memory: http://www.actualinstaller.com
Source: mmbasic.exe, 00000000.00000002.1383636154.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.actualinstaller.com/?r=wizardopenU
Source: mmbasic.exe, 00000000.00000003.1382477689.000000000265A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.actualinstaller.com9
Source: mmbasic.exe	String found in binary or memory: http://www.actualinstaller.comD
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.dl1pbd.de
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.dl1pbd.de/
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.dl1pbd.de/openhttp://www.dl2kq.de/openhttp://gal-ana.de/promm/index.htmopenhttp://je3hht.
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.dl2kq.de/
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.dl2kq.de/galana/indexr.htm
Source: mmbasic.exe, 00000000.00000003.1382108777.0000000002C6A000.00000004.00001000.00020000.00000000.sdmp, mmbasic.exe, 00000000.00000003.1383309092.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Lic_r.txt.0.dr, Lic_e.txt.0.dr, L(Default).rtf.0.dr	String found in binary or memory: http://www.gal-ana.de/basicmm/.
Source: mmbasic.exe, 00000000.00000002.1383636154.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.google.comU
Source: 6SKYDOOR.MAA.0.dr	String found in binary or memory: http://www.page.sannet.ne.jp/ja1hwo/
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://hamsoft.ca/pages/mmana-gal.php
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://hamsoft.ca/pages/mmana-gal.phpopenhttp://dl2kq.de/promm/index.htmopenhttp://www.dl1pbd.deope
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.paypal.com/donate?hosted_button_id=NUHXSLUTKMZP6
Source: MMANAGALBasic35.exe, 0000000A.00000003.1384719803.00000000025CC000.00000004.00001000.00020000.00000000.sdmp, MMANAGALBasic35.exe, 0000000A.00000002.2120218651.0000000000401000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.paypal.com/donate?hosted_button_id=NUHXSLUTKMZP6open

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

System Summary

PE file has nameless sections

Source: MMANAGALBasic35.exe.0.dr	Static PE information: section name:
Source: MMANAGALBasic35.exe.0.dr	Static PE information: section name:
Source: MMANAGALBasic35.exe.0.dr	Static PE information: section name:
Source: MMANAGALBasic35.exe.0.dr	Static PE information: section name:
Source: MMANAGALBasic35.exe.0.dr	Static PE information: section name:
Source: MMANAGALBasic35.exe.0.dr	Static PE information: section name:
Source: MMANAGALBasic35.exe.0.dr	Static PE information: section name:

Source: mmbasic.exe	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: Uninstall.exe.0.dr	Static PE information: Resource name: RT_GROUP_CURSOR type: DOS executable (COM, 0x8C-variant)
Source: Uninstall.exe0.0.dr	Static PE information: Resource name: RT_GROUP_CURSOR type: DOS executable (COM, 0x8C-variant)

Source: mmbasic.exe, 00000000.00000003.1354825200.00000000008B3000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenameUninstall.exeF vs mmbasic.exe

Source: mmbasic.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: MMANAGALBasic35.exe.0.dr

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0

Source: mmbasic.exe	Static PE information: Section: UPX1 ZLIB complexity 0.9907942883580081
Source: Uninstall.exe.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9907685774374461
Source: MMANAGALBasic35.exe.0.dr	Static PE information: Section: ZLIB complexity 1.0003230022969052
Source: MMANAGALBasic35.exe.0.dr	Static PE information: Section: ZLIB complexity 1.0004660866477273
Source: MMANAGALBasic35.exe.0.dr	Static PE information: Section: ZLIB complexity 1.0010230654761905
Source: MMANAGALBasic35.exe.0.dr	Static PE information: Section: ZLIB complexity 1.0004745911214954
Source: Uninstall.exe0.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9907685774374461

Source: classification engine

Classification label: mal48.evad.winEXE@21/805@10/5