Windows
Analysis Report
Zexo.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
Zexo.exe (PID: 7364 cmdline:
"C:\Users\ user\Deskt op\Zexo.ex e" MD5: FE21311E262630AF1A54520F55CA8C69)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
AsyncRAT | AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.AsyncRAT as delivered by MintsLoader includes a PowerShell module with a DGA. The DGA is similar to MintsLoader's DGA, but generates more domains and uses more than one TLD. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
DCRat | DCRat is a typical RAT that has been around since at least June 2019. | No Attribution |
{
"Server": "147.185.221.21",
"Port": "27180",
"Version": "",
"MutexName": "YΒb2VDSoAΖjAΔX8D杰f",
"Autorun": "false",
"Group": "Default"
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AsyncRAT | Yara detected AsyncRAT | Joe Security | ||
rat_win_dcrat_qwqdanchun | Find DcRAT samples (qwqdanchun) based on specific strings | Sekoia.io |
| |
INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice | Detects executables attemping to enumerate video devices using WMI | ditekSHen |
| |
INDICATOR_SUSPICIOUS_EXE_DcRatBy | Detects executables containing the string DcRatBy | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
| |
JoeSecurity_AsyncRAT | Yara detected AsyncRAT | Joe Security | ||
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
| |
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
| |
Windows_Trojan_DCRat_1aeea1ac | unknown | unknown |
| |
Click to see the 5 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AsyncRAT | Yara detected AsyncRAT | Joe Security | ||
rat_win_dcrat_qwqdanchun | Find DcRAT samples (qwqdanchun) based on specific strings | Sekoia.io |
| |
INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice | Detects executables attemping to enumerate video devices using WMI | ditekSHen |
| |
INDICATOR_SUSPICIOUS_EXE_DcRatBy | Detects executables containing the string DcRatBy | ditekSHen |
|
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-29T13:37:27.436783+0100 | 2842478 | 1 | Malware Command and Control Activity Detected | 147.185.221.21 | 27180 | 192.168.2.6 | 49703 | TCP |
2025-03-29T13:37:38.815344+0100 | 2842478 | 1 | Malware Command and Control Activity Detected | 147.185.221.21 | 27180 | 192.168.2.6 | 49705 | TCP |
- • AV Detection
- • Compliance
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Boot Survival
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Neural Call Log Analysis: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 1_2_00007FF88B4E31DE |
Source: | Code function: | 1_2_00007FF88B4E2AED | |
Source: | Code function: | 1_2_00007FF88B4EE2ED | |
Source: | Code function: | 1_2_00007FF88B4E9AB2 | |
Source: | Code function: | 1_2_00007FF88B4E31DE | |
Source: | Code function: | 1_2_00007FF88B50C828 | |
Source: | Code function: | 1_2_00007FF88B4F0FCD | |
Source: | Code function: | 1_2_00007FF88B50EE40 | |
Source: | Code function: | 1_2_00007FF88B5015FF | |
Source: | Code function: | 1_2_00007FF88B4EFE18 | |
Source: | Code function: | 1_2_00007FF88B4F0548 | |
Source: | Code function: | 1_2_00007FF88B4E8D06 | |
Source: | Code function: | 1_2_00007FF88B4ECF4E |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Base64 encoded string: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 1_2_00007FF88B4E00C1 | |
Source: | Code function: | 1_2_00007FF88B4FA8C2 | |
Source: | Code function: | 1_2_00007FF88B4EAFF9 | |
Source: | Code function: | 1_2_00007FF88B4F5538 |
Boot Survival |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 Scheduled Task/Job | 1 Process Injection | 1 Modify Registry | OS Credential Dumping | 1 Query Registry | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Scheduled Task/Job | 1 DLL Side-Loading | 1 Scheduled Task/Job | 1 Disable or Modify Tools | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Process Injection | NTDS | 31 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 111 Obfuscated Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 13 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
81% | ReversingLabs | ByteCode-MSIL.Backdoor.MarteVenomRAT | ||
75% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1307453 | ||
100% | Joe Sandbox ML |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 208.89.73.31 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
147.185.221.21 | unknown | United States | 12087 | SALSGIVERUS | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1651678 |
Start date and time: | 2025-03-29 13:35:12 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Zexo.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@1/2@0/1 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, WMIADAP.exe, SIHCl ient.exe, SgrmBroker.exe, conh ost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 208.89.73.31, 23.2 04.23.20, 20.12.23.50 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, slscr.update.microsoft.com , ctldl.windowsupdate.com.deli very.microsoft.com, ctldl.wind owsupdate.com, wu-b-net.traffi cmanager.net, fe3cr.delivery.m p.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtAllocateVirtualMemor y calls found. - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtProtectVirtualMemory calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
08:37:26 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
147.185.221.21 | Get hash | malicious | Njrat | Browse | ||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | SheetRat | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | Quasar, XWorm | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | XWorm | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Get hash | malicious | Vidar | Browse |
| |
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SALSGIVERUS | Get hash | malicious | NeptuneRAT | Browse |
| |
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | NeptuneRAT | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | SheetRat | Browse |
| ||
Get hash | malicious | NeptuneRAT | Browse |
|
Process: | C:\Users\user\Desktop\Zexo.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73305 |
Entropy (8bit): | 7.996028107841645 |
Encrypted: | true |
SSDEEP: | 1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/ |
MD5: | 83142242E97B8953C386F988AA694E4A |
SHA1: | 833ED12FC15B356136DCDD27C61A50F59C5C7D50 |
SHA-256: | D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755 |
SHA-512: | BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\Zexo.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 3.1897121670185173 |
Encrypted: | false |
SSDEEP: | 6:kKyDImcvSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:tmCkPlE99SNxAhUeq8S |
MD5: | CFED83DBADABBB39736738643CAEADDE |
SHA1: | 7B99B29B1869D5FCECE9E44A387FDEFACC91FC5D |
SHA-256: | F74E8863694F510A82FAB14AB3C91C0E99454EAEA80900FB44860B30CB114B5D |
SHA-512: | ED5854F2CC48E012F0C353E39768046316919509C40C19477AFFF3B361DD65D6A006C63F78389A62050FD04EA139A1E009B7F07BD55B7E43EB81016CBB43FA14 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 5.806036419342361 |
TrID: |
|
File name: | Zexo.exe |
File size: | 64'512 bytes |
MD5: | fe21311e262630af1a54520f55ca8c69 |
SHA1: | 1d595196ae495436868b9b6d5f0d17d04a5ff8ef |
SHA256: | 62ab616a986ed8d7725c5c37122c385b7ad30b9e02d659e950fa099c9b8d9ed3 |
SHA512: | c89d654df3ab13762f1cf529d5526da7716bc61c6634d3255a0f01a4708a2701513cd45c0079f95d089df127f73386a83b0a19b1a09b5b2b28d0cb43946ce97f |
SSDEEP: | 768:jnuguX1wbgyX78dIC8A+XkuazcBRL5JTk1+T4KSBGHmDbD/ph0oXpdM7nNqSuEdP:rvCCPTDdSJYUbdh9jMXuEdpqKmY7 |
TLSH: | 84536C003798C965E2AE87B8BCF3550106B1C2772116DA1E7CC810DB6B9FFC64A526FE |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&.eb................................. ... ....@.. .......................`............@................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x41099e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x62658926 [Sun Apr 24 17:30:14 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x10944 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x12000 | 0xdb5 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x14000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xe9a4 | 0xea00 | 44a0f0fde58509bdb5cdd32f580d76c7 | False | 0.4906517094017094 | data | 5.844232667729135 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x12000 | 0xdb5 | 0xe00 | 8ae77c3680b8fc7998fab3a0df2d0ede | False | 0.40122767857142855 | data | 5.026234489158954 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x14000 | 0xc | 0x200 | 7d0a0127c9ffff397a9b1a5f86ddcf26 | False | 0.044921875 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x120a0 | 0x2d4 | data | 0.4350828729281768 | ||
RT_MANIFEST | 0x12374 | 0xa41 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text | 0.4114285714285714 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
Comments | |
CompanyName | |
FileDescription | |
FileVersion | 3.6.0.0 |
InternalName | Client.exe |
LegalCopyright | |
LegalTrademarks | |
OriginalFilename | Client.exe |
ProductName | |
ProductVersion | 3.6.0.0 |
Assembly Version | 3.6.0.0 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-29T13:37:27.436783+0100 | 2842478 | ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) | 1 | 147.185.221.21 | 27180 | 192.168.2.6 | 49703 | TCP |
2025-03-29T13:37:38.815344+0100 | 2842478 | ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) | 1 | 147.185.221.21 | 27180 | 192.168.2.6 | 49705 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2025 13:36:11.032743931 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:11.131879091 CET | 27180 | 49693 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:36:11.132009983 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:11.145828962 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:11.458174944 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:11.770667076 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:12.380028963 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:13.583161116 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:14.801934958 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:16.005081892 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:18.411447048 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:23.223915100 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:32.833352089 CET | 49693 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:37.851155043 CET | 49698 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:37.948851109 CET | 27180 | 49698 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:36:37.948949099 CET | 49698 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:37.949342966 CET | 49698 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:38.255235910 CET | 49698 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:38.567869902 CET | 49698 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:39.177126884 CET | 49698 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:40.380326033 CET | 49698 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:42.786535978 CET | 49698 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:47.599078894 CET | 49698 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:36:57.208873987 CET | 49698 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:02.224805117 CET | 49701 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:02.309685946 CET | 27180 | 49701 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:02.309828043 CET | 49701 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:02.310190916 CET | 49701 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:02.614805937 CET | 49701 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:02.929702044 CET | 49701 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:03.536798954 CET | 49701 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:04.739845037 CET | 49701 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:07.146135092 CET | 49701 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:11.958667040 CET | 49701 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:21.568269014 CET | 49701 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:26.584513903 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:26.690032959 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:26.690232992 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:26.690614939 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:26.990020037 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:27.003633976 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:27.211760998 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:27.239895105 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:27.436783075 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:27.436945915 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:27.465084076 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:27.505789042 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:27.702501059 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:27.702558041 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:29.539199114 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:29.927561045 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:30.161195040 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:33.768693924 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:33.818202019 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:33.849004030 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:34.005822897 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.005963087 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:34.224482059 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:34.463529110 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.832659960 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835062027 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835099936 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835134029 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:34.835144997 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835179090 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835191011 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:34.835220098 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835252047 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835264921 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:34.835294962 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835326910 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835340023 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:34.835370064 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835401058 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835418940 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:34.835439920 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835470915 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:34.835484028 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:34.882211924 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.082211971 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083306074 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083364964 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.083379030 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083400011 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083424091 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083444118 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083444118 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.083466053 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083482027 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083482981 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.083518028 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.083550930 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083619118 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083637953 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083663940 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.083687067 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083729029 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.083740950 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083759069 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083812952 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.083836079 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083853960 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083870888 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083887100 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083899975 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.083904028 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.083930016 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.101453066 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.101517916 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.101639986 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.146318913 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.318315029 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318357944 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318401098 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318417072 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318434954 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318444967 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.318464994 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318473101 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.318509102 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.318521023 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318607092 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318624973 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318650961 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318654060 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.318667889 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318685055 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318703890 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318706036 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.318725109 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.318747044 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318788052 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.318829060 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318856001 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318871021 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.318886042 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.318907976 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.318938971 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:35.565397978 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:35.565509081 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:37.955498934 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:37.976083994 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:38.042191029 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:38.042304039 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:38.042787075 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:38.266892910 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:38.267255068 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:38.349490881 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:38.557951927 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:38.571386099 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:38.572082996 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:38.815344095 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:38.815515041 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:38.880848885 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.044178009 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.103059053 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:39.267122984 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:39.267323971 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.268313885 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:39.268450975 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.317946911 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.485940933 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:39.486097097 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.487637997 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:39.552138090 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.589716911 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:39.630424023 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.708733082 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.709801912 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:39.774065018 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:39.774163961 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.818077087 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.877089977 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:39.877357960 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:39.928314924 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:39.928474903 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:40.034873009 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:40.034959078 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:40.037539959 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:40.151016951 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:40.151104927 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:40.320199966 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:40.320323944 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:40.426145077 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:40.426346064 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:40.585001945 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:40.588731050 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:40.696060896 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:40.696207047 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:40.816176891 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:40.816409111 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:40.942615986 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:40.981904030 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:40.982028961 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.039011002 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.088131905 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:41.088275909 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.170310020 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:41.170418024 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.268232107 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:41.268587112 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.309937954 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:41.310067892 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.364923954 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:41.365211010 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.408905029 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:41.409177065 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.459817886 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.532144070 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:41.554419041 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.570321083 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:41.581034899 CET | 27180 | 49705 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:41.581186056 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.582716942 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.629040003 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.661155939 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.754725933 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.786880016 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.880836010 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:41.926064014 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:42.049560070 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:42.237534046 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:42.240139008 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:42.943439007 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:44.334007978 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:47.099611998 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:52.537692070 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:52.631081104 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:52.810930014 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:52.811115026 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:37:53.091445923 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:55.010845900 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:37:55.052835941 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:38:03.677825928 CET | 49705 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:38:04.037592888 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:38:04.318363905 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:38:04.318643093 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:38:04.588134050 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:38:15.839905977 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:38:16.102430105 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Mar 29, 2025 13:38:16.102547884 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:38:16.615375042 CET | 49703 | 27180 | 192.168.2.6 | 147.185.221.21 |
Mar 29, 2025 13:38:16.838929892 CET | 27180 | 49703 | 147.185.221.21 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2025 13:36:49.303415060 CET | 53 | 64001 | 162.159.36.2 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 29, 2025 13:36:24.688249111 CET | 1.1.1.1 | 192.168.2.6 | 0x294 | No error (0) | 208.89.73.31 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:24.688249111 CET | 1.1.1.1 | 192.168.2.6 | 0x294 | No error (0) | 208.89.73.19 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:24.688249111 CET | 1.1.1.1 | 192.168.2.6 | 0x294 | No error (0) | 208.89.73.25 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:24.688249111 CET | 1.1.1.1 | 192.168.2.6 | 0x294 | No error (0) | 208.89.73.29 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:24.688249111 CET | 1.1.1.1 | 192.168.2.6 | 0x294 | No error (0) | 208.89.73.21 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:24.688249111 CET | 1.1.1.1 | 192.168.2.6 | 0x294 | No error (0) | 208.89.73.27 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:24.688249111 CET | 1.1.1.1 | 192.168.2.6 | 0x294 | No error (0) | 208.89.73.23 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:24.688249111 CET | 1.1.1.1 | 192.168.2.6 | 0x294 | No error (0) | 208.89.73.17 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:37.238760948 CET | 1.1.1.1 | 192.168.2.6 | 0x6b63 | No error (0) | 208.89.73.23 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:37.238760948 CET | 1.1.1.1 | 192.168.2.6 | 0x6b63 | No error (0) | 208.89.73.17 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:37.238760948 CET | 1.1.1.1 | 192.168.2.6 | 0x6b63 | No error (0) | 208.89.73.31 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:37.238760948 CET | 1.1.1.1 | 192.168.2.6 | 0x6b63 | No error (0) | 208.89.73.19 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:37.238760948 CET | 1.1.1.1 | 192.168.2.6 | 0x6b63 | No error (0) | 208.89.73.25 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:37.238760948 CET | 1.1.1.1 | 192.168.2.6 | 0x6b63 | No error (0) | 208.89.73.29 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:37.238760948 CET | 1.1.1.1 | 192.168.2.6 | 0x6b63 | No error (0) | 208.89.73.21 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2025 13:36:37.238760948 CET | 1.1.1.1 | 192.168.2.6 | 0x6b63 | No error (0) | 208.89.73.27 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 1 |
Start time: | 08:36:06 |
Start date: | 29/03/2025 |
Path: | C:\Users\user\Desktop\Zexo.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x110000 |
File size: | 64'512 bytes |
MD5 hash: | FE21311E262630AF1A54520F55CA8C69 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage
Dynamic/Packed Code Coverage
Signature Coverage
Execution Coverage: | 15.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 100% |
Total number of Nodes: | 5 |
Total number of Limit Nodes: | 1 |
Graph
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|