Windows
Analysis Report
PPTV(pplive)_forap_1084_9993.exe
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
PPTV(pplive)_forap_1084_9993.exe (PID: 2692 cmdline:
"C:\Users\ user\Deskt op\PPTV(pp live)_fora p_1084_999 3.exe" MD5: EDB25D93F8A837AAA38FAA49A5F97BCA)
- cleanup
Source: | Author: frack113: |
- • AV Detection
- • Compliance
- • Spreading
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Neural Call Log Analysis: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | UDP traffic: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File opened / queried: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Registry key value queried: | Jump to behavior | ||
Source: | Registry key value queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | OS Credential Dumping | 21 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 32 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
20% | Virustotal | Browse | ||
25% | ReversingLabs | |||
100% | Joe Sandbox ML |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
47.246.8.183 | unknown | United States | 24429 | TAOBAOZhejiangTaobaoNetworkCoLtdCN | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654799 |
Start date and time: | 2025-04-02 16:46:30 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PPTV(pplive)_forap_1084_9993.exe |
Detection: | MAL |
Classification: | mal52.winEXE@1/26@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, W MIADAP.exe, SIHClient.exe, Sgr mBroker.exe, conhost.exe, svch ost.exe - Excluded IPs from analysis (wh
itelisted): 184.31.69.3, 172.2 02.163.200 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, ocsp.digicert.com, slscr.u pdate.microsoft.com, ctldl.win dowsupdate.com, c.pki.goog, fe 3cr.delivery.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtDeviceIoControlFile calls found. - Report size getting too big, t
oo many NtOpenFile calls found .
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TAOBAOZhejiangTaobaoNetworkCoLtdCN | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Sality | Browse |
|
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.9219280948873623 |
Encrypted: | false |
SSDEEP: | 3:LwZ2:v |
MD5: | DE6386C7531D5CDF989F8998FB3085D7 |
SHA1: | EBBB390267789033055A2378BCF7BB4F1BDAF370 |
SHA-256: | 1C000DDB478DEB4656A67391CDDB87A749F2CD0D2C06742B19AFEF2CF1CC3EB6 |
SHA-512: | 7C1500855A4C3C3C6E141945400862AB441B2A3F6F04C6BE7ECD97D2354CC5B66DA5E7A710CFEB67E5E0FE7F6F9961B81E8557FA6A178884EFE1168B3A6B87AC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32 |
Entropy (8bit): | 3.5223683589017414 |
Encrypted: | false |
SSDEEP: | 3:+UaklTAnWGEn+n:+UaEMWo |
MD5: | B4A677E8E15E8D797CFF157C6CE9FEEF |
SHA1: | A448A58AF657E6213B606269627DCCB6B13E8A8C |
SHA-256: | 30F1C91492D624311154D320C4D5DE620F552D4E4A24830B826A553512AD5D1B |
SHA-512: | B43F147F79CD6A56BD2100E31605A0EFF16B3BF90BE0B7861E84180DBC110928E5DF088C3E4C0EEA88F458ACF4D8598EAD4D5102DE035C958CE6E925C84C32E2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30089 |
Entropy (8bit): | 6.307647211039881 |
Encrypted: | false |
SSDEEP: | 384:cD/E3rhXfc08A9i8rp5882PP0i93pwA628jo5boR0R5W:cD/ElzHhkTlX8U5bs0DW |
MD5: | 911BBFA77837472F03BF7D64A5DB3BE9 |
SHA1: | A7F2A13B16CBD9B61E47B01C11E83B00D0F50462 |
SHA-256: | 1E2713C843D13B2962AF513FD02261DD403492286471B0DAD23C66DE01CDBD7C |
SHA-512: | D901929163EE68E42E39B3F212897EB8E3BF17FE665D10131624BA6AE7F756DF34BAB0A4AD13AB5848520C4848B821D5E0CBE5592BDD6CC0852D6251B6D28BCC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32 |
Entropy (8bit): | 3.6709585933443494 |
Encrypted: | false |
SSDEEP: | 3:JRDdVIyWx1cQnX:fDdVIFxXX |
MD5: | B427C90B069896A917D44AD8C9407CC5 |
SHA1: | 9E821972073AA9DC8D3583D3DF0723300A5F1B75 |
SHA-256: | 70C0DA5F827CD844FECFCD86CA8B8217AAFADF3445CDD4AD7E43C868507704BD |
SHA-512: | BB8AE4B19A1B980F026160859B59163B227C6AB08A459F919C1232E6493AE06D6779177458CF28D5062A265404397A1302D54F33451D3C5B572FEE8D9911FDF9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30089 |
Entropy (8bit): | 6.307647211039879 |
Encrypted: | false |
SSDEEP: | 384:CVL55px6LriVXivbrJfKJceAUwdWj7mXGl6nSmq6K:CVL55pxCriVQbrt0Xwu7mXG6nq |
MD5: | 252116322329CAA967C3F61A416E63F0 |
SHA1: | DB8AA50C0AF136EE1BE0692CDF3E043CDA5BF2F1 |
SHA-256: | AC8717E62C5A416CC80DDB2DDC24E69A1454735BC463D423F376CDF3B1F4254E |
SHA-512: | 8805FD697E5D1855A42603F7DD93224B7BB4DB085B8C82082E9F42DF687AD5651D5115736263AEB3B532F69CC6035A7915C525C50E42EC9C0875BFA8268688B6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30089 |
Entropy (8bit): | 6.307647211039879 |
Encrypted: | false |
SSDEEP: | 384:CVL55px6LriVXivbrJfKJceAUwdWj7mXGl6nSmq6K:CVL55pxCriVQbrt0Xwu7mXG6nq |
MD5: | 252116322329CAA967C3F61A416E63F0 |
SHA1: | DB8AA50C0AF136EE1BE0692CDF3E043CDA5BF2F1 |
SHA-256: | AC8717E62C5A416CC80DDB2DDC24E69A1454735BC463D423F376CDF3B1F4254E |
SHA-512: | 8805FD697E5D1855A42603F7DD93224B7BB4DB085B8C82082E9F42DF687AD5651D5115736263AEB3B532F69CC6035A7915C525C50E42EC9C0875BFA8268688B6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 725 |
Entropy (8bit): | 4.559175139022602 |
Encrypted: | false |
SSDEEP: | 12:8IbrEGMhaUsEk1qIkkTOOjVHGTeUM9Ai1kdeq2ZeVMA1PVMA12:8I4s3rpHGTZM91Hq2ZFld |
MD5: | AE1F2FBB17CF117018E2F100AC5ECB95 |
SHA1: | 0A51AC207E9017BF37C4B2113FC2AE18C3ACDD38 |
SHA-256: | 001AC23B6482F6F660E5E3303299FE052AEB0EC24FC2F53C6FB4E1C021044D3D |
SHA-512: | BA13323FBD6E891AE6116C18D21933EB741E9A9326EB77FA51AE4F0F61350CAF1AB702F0BF79E893CD04C1084872D05BD85CD39AA667700D0A2F390CE5115C7A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 725 |
Entropy (8bit): | 4.559175139022602 |
Encrypted: | false |
SSDEEP: | 12:8IbrEGMhaUsEk1qIkkTOOjVHGTeUM9Ai1kdeq2ZeVMA1PVMA12:8I4s3rpHGTZM91Hq2ZFld |
MD5: | AE1F2FBB17CF117018E2F100AC5ECB95 |
SHA1: | 0A51AC207E9017BF37C4B2113FC2AE18C3ACDD38 |
SHA-256: | 001AC23B6482F6F660E5E3303299FE052AEB0EC24FC2F53C6FB4E1C021044D3D |
SHA-512: | BA13323FBD6E891AE6116C18D21933EB741E9A9326EB77FA51AE4F0F61350CAF1AB702F0BF79E893CD04C1084872D05BD85CD39AA667700D0A2F390CE5115C7A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66 |
Entropy (8bit): | 4.437498476202223 |
Encrypted: | false |
SSDEEP: | 3:gBSQbHySMGGM7C:aSQbH7MGGM7C |
MD5: | B551EC3E4F8DC28B910D38E3FC592C8B |
SHA1: | ED314E34220438D1D9F0F9EAC59457F4DF228E63 |
SHA-256: | A668A6447623AAD0B0B97FC0DCD160D30DEF43AF5341AA7AC0E2B5A52DCBB3B5 |
SHA-512: | 63E134D810A05FBA531A2AA523F1CF3ABEC677F111D2670AD9F6194BB7F04768502E3FE2F124A02CA37C9EB9A374A8464628F01978B16942A9BCD2AE699BAF84 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66 |
Entropy (8bit): | 4.437498476202223 |
Encrypted: | false |
SSDEEP: | 3:gBSQbHySMGGM7C:aSQbH7MGGM7C |
MD5: | B551EC3E4F8DC28B910D38E3FC592C8B |
SHA1: | ED314E34220438D1D9F0F9EAC59457F4DF228E63 |
SHA-256: | A668A6447623AAD0B0B97FC0DCD160D30DEF43AF5341AA7AC0E2B5A52DCBB3B5 |
SHA-512: | 63E134D810A05FBA531A2AA523F1CF3ABEC677F111D2670AD9F6194BB7F04768502E3FE2F124A02CA37C9EB9A374A8464628F01978B16942A9BCD2AE699BAF84 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5 |
Entropy (8bit): | 2.321928094887362 |
Encrypted: | false |
SSDEEP: | 3:DP:DP |
MD5: | B6509A0C82AAD15784C18C175062DA7B |
SHA1: | C16FE8D66FFBF8CAB0E641AB8CFA28034BA2ECE3 |
SHA-256: | 398175423E0DEC505B7961569848E10E50860212FE6FC5CFF790BA66A6858DE9 |
SHA-512: | 22C4C5D2D14B8517FAB4787002DB95915F43F3CACAA5D0DA22F1849394ABDC3398A9E4A319D48F7B2571090A5DA5D9C4979D2EDBC1433C8140E60E7A8A7B66FC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5 |
Entropy (8bit): | 2.321928094887362 |
Encrypted: | false |
SSDEEP: | 3:DP:DP |
MD5: | B6509A0C82AAD15784C18C175062DA7B |
SHA1: | C16FE8D66FFBF8CAB0E641AB8CFA28034BA2ECE3 |
SHA-256: | 398175423E0DEC505B7961569848E10E50860212FE6FC5CFF790BA66A6858DE9 |
SHA-512: | 22C4C5D2D14B8517FAB4787002DB95915F43F3CACAA5D0DA22F1849394ABDC3398A9E4A319D48F7B2571090A5DA5D9C4979D2EDBC1433C8140E60E7A8A7B66FC |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 278 |
Entropy (8bit): | 4.915578835547007 |
Encrypted: | false |
SSDEEP: | 6:qXOniIXyGI0XbYlFbddBGexIZbggCbTTEhNqHf8jVxPs6dX/:qHIFbYlPdBGLM1nTTHf8jVJs6dP |
MD5: | EA27B463F79AF42C7E2664823A4C9110 |
SHA1: | 291B694BC41440A33F3828559F1489ECBFE81913 |
SHA-256: | 2E08E855441352856C02076DD1F4273FCC8E1A66954CECF1BF9EE028D4393D2E |
SHA-512: | 4D4005787B3C51B996EC3583D3A9E66708BB2C059B7F8CA923A601E691121633E6CA92D7F97484A0D543B6B87D2E3E11D7E6E9B626358965F82A2F875E68C3C7 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 4.400975260323991 |
Encrypted: | false |
SSDEEP: | 12:tUWPlL5/+HYYUWPlLkXNJMSUWPlLFXaWPlL/eKl/+HYnaWPlLtpKgJtJM+aWPlLr:VPt5/+HYuPtcnNPtFpPtWY/+HY5Pttpr |
MD5: | 2DBDE768AF8DC80C125986D730917C18 |
SHA1: | 86C9758735363D32C80B4D8406D5682A34D0AA26 |
SHA-256: | 62DB7614944ED287862A72999D5BC340CC5161978805DD16A400469D5599674A |
SHA-512: | 4D289D49FFAB58B1D61904D6C15B01ABE57F42057607C67D954B488C788A488AB9AC4B2BF719E133C0A76B541C898F24167AC1CD1F42352B65739EA5086A4072 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 4.400975260323991 |
Encrypted: | false |
SSDEEP: | 12:tUWPlL5/+HYYUWPlLkXNJMSUWPlLFXaWPlL/eKl/+HYnaWPlLtpKgJtJM+aWPlLr:VPt5/+HYuPtcnNPtFpPtWY/+HY5Pttpr |
MD5: | 2DBDE768AF8DC80C125986D730917C18 |
SHA1: | 86C9758735363D32C80B4D8406D5682A34D0AA26 |
SHA-256: | 62DB7614944ED287862A72999D5BC340CC5161978805DD16A400469D5599674A |
SHA-512: | 4D289D49FFAB58B1D61904D6C15B01ABE57F42057607C67D954B488C788A488AB9AC4B2BF719E133C0A76B541C898F24167AC1CD1F42352B65739EA5086A4072 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 757760 |
Entropy (8bit): | 5.343362298310796 |
Encrypted: | false |
SSDEEP: | 3072:1ILDYmLt+dfs3oBfYkJARJ0XUO/fRofXXVHAi5x9a4K0m9cne26NcP5BEQFY:qt+d03oBfvEXKiK01nKNMBEQe |
MD5: | 354A9BB55038621D99261847FDC6B897 |
SHA1: | 2E42C0C690263F1C8F5F67DB4F669843BBD33A72 |
SHA-256: | 103A0CDE7D2D250B26AE986C2B767CDB2C24E382EA05FB6123A51E8FD2974BF1 |
SHA-512: | 1E4A505E78AB2A58D3A0F758886CD10A0557A6FDC3AF532F6AEB83E00A4F64324C93D3F985ECA4A6F52BCE80324CABF87B80B194AF411D18EC7A0553CEF5E2E9 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2736221 |
Entropy (8bit): | 5.361776331943547 |
Encrypted: | false |
SSDEEP: | 24576:9UBVRJ8NppjY/FwDDRkmQN76al90bd2U2Amr0Qu:9UBVCppdQu |
MD5: | 5CCD24AF8A23BA1ACE513CDB2615B900 |
SHA1: | 7796472D667813EF3B59772AF50A2BF66F5A2145 |
SHA-256: | A6B4D718072AE1D5055720E2C481BAC835E5AFD680DFFAF46DD1D767DE3C7E40 |
SHA-512: | 7FE4EE24461267D2AF55F1B3AD90D1E86459C4839DEB31A1D54AA27641A4D363038C45B6EC9D0EA55D675291C32727F025E4359BAEAC9A0D680B78E39A4F421E |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2736221 |
Entropy (8bit): | 5.361776331943547 |
Encrypted: | false |
SSDEEP: | 24576:9UBVRJ8NppjY/FwDDRkmQN76al90bd2U2Amr0Qu:9UBVCppdQu |
MD5: | 5CCD24AF8A23BA1ACE513CDB2615B900 |
SHA1: | 7796472D667813EF3B59772AF50A2BF66F5A2145 |
SHA-256: | A6B4D718072AE1D5055720E2C481BAC835E5AFD680DFFAF46DD1D767DE3C7E40 |
SHA-512: | 7FE4EE24461267D2AF55F1B3AD90D1E86459C4839DEB31A1D54AA27641A4D363038C45B6EC9D0EA55D675291C32727F025E4359BAEAC9A0D680B78E39A4F421E |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 427 |
Entropy (8bit): | 5.031365650954939 |
Encrypted: | false |
SSDEEP: | 6:dz2bCpRYgUohm2DcLNr2TKNhJgYSKLVSKzeTKNhJgYSKLVSKFn:dz2bCLt6NSTefgY3eTefgYJn |
MD5: | 1ACEDD7561796EC339677291EA696E30 |
SHA1: | 91F5A52A55F3536B4C8B415BEFB66B282501D7A5 |
SHA-256: | 2009C93FE8D3A26879EA9765AEAA42D72B18CCD8E7A4A70EF0CEBAA81BBD7B09 |
SHA-512: | B7AA64F370AB5CCB20AF21125F550E5299846494AA55DA5BF32AA410420F432FBFCFE7531E501871145C93F7C1D34B26242C046021691E95CB7081476F9D2865 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 427 |
Entropy (8bit): | 5.031365650954939 |
Encrypted: | false |
SSDEEP: | 6:dz2bCpRYgUohm2DcLNr2TKNhJgYSKLVSKzeTKNhJgYSKLVSKFn:dz2bCLt6NSTefgY3eTefgYJn |
MD5: | 1ACEDD7561796EC339677291EA696E30 |
SHA1: | 91F5A52A55F3536B4C8B415BEFB66B282501D7A5 |
SHA-256: | 2009C93FE8D3A26879EA9765AEAA42D72B18CCD8E7A4A70EF0CEBAA81BBD7B09 |
SHA-512: | B7AA64F370AB5CCB20AF21125F550E5299846494AA55DA5BF32AA410420F432FBFCFE7531E501871145C93F7C1D34B26242C046021691E95CB7081476F9D2865 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 378 |
Entropy (8bit): | 5.469344631595856 |
Encrypted: | false |
SSDEEP: | 6:dHUpRYgUohmLvL8wgaf9EtcKzH/sQcKYgWXH+CVHOKPHS6S98YgWXH+CVHOKPHSy:dHULST8wbOjxsXHTVHOKPG8sXHTVHOKZ |
MD5: | 24B55F1C583CC74ECA1541B572FF684E |
SHA1: | 5844C304864492181BC694DAA01557DCAD66906D |
SHA-256: | F886E3C1538A362C6F15ECB014274EBEC6734E7158800982ACA1D24EE486AC2B |
SHA-512: | 30F9D59F76B92195AAA3F23CC4EA488469CDC95B615E423911B56726CCE0FFF90955A129E782C6DC43B2FD42CDFD231FA6831754839EBF45A0A300BF32E90FFF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 378 |
Entropy (8bit): | 5.469344631595856 |
Encrypted: | false |
SSDEEP: | 6:dHUpRYgUohmLvL8wgaf9EtcKzH/sQcKYgWXH+CVHOKPHS6S98YgWXH+CVHOKPHSy:dHULST8wbOjxsXHTVHOKPG8sXHTVHOKZ |
MD5: | 24B55F1C583CC74ECA1541B572FF684E |
SHA1: | 5844C304864492181BC694DAA01557DCAD66906D |
SHA-256: | F886E3C1538A362C6F15ECB014274EBEC6734E7158800982ACA1D24EE486AC2B |
SHA-512: | 30F9D59F76B92195AAA3F23CC4EA488469CDC95B615E423911B56726CCE0FFF90955A129E782C6DC43B2FD42CDFD231FA6831754839EBF45A0A300BF32E90FFF |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5272 |
Entropy (8bit): | 4.948068060623485 |
Encrypted: | false |
SSDEEP: | 96:lcYWrKOCGT7eBw/afu9umTBDYJdUqM6BXpbEYKlWP3jY9zGCfw:Cc+e6/Hkmd0Qqboxl76Cfw |
MD5: | 269369DCF4CA0922638B72F9B0597F05 |
SHA1: | B0BC2EDC5CCABE6B6EC955B4E3D30161C2DB77BA |
SHA-256: | BB1D46A23446FB891E10E7B1F95C8D9CF84AABBF99258ECE71F127221210A08F |
SHA-512: | B811D0D4EC137B27C2464C665FC3D5F89554CA3232BE033DC069564102057987842EBD2EC2A4D9182A18A775E2495590D1DA9E7F55A7879EC7291BC81A906920 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5272 |
Entropy (8bit): | 4.948068060623485 |
Encrypted: | false |
SSDEEP: | 96:lcYWrKOCGT7eBw/afu9umTBDYJdUqM6BXpbEYKlWP3jY9zGCfw:Cc+e6/Hkmd0Qqboxl76Cfw |
MD5: | 269369DCF4CA0922638B72F9B0597F05 |
SHA1: | B0BC2EDC5CCABE6B6EC955B4E3D30161C2DB77BA |
SHA-256: | BB1D46A23446FB891E10E7B1F95C8D9CF84AABBF99258ECE71F127221210A08F |
SHA-512: | B811D0D4EC137B27C2464C665FC3D5F89554CA3232BE033DC069564102057987842EBD2EC2A4D9182A18A775E2495590D1DA9E7F55A7879EC7291BC81A906920 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.360050265950672 |
Encrypted: | false |
SSDEEP: | 6:dPrpRYgUohmKpLo3LF0ewNIiR/sGFeJX/OO7cj:djLlyLvwNIaDwX2O7C |
MD5: | 5CDCB059FD1874BA01359AC1648BA97C |
SHA1: | 60F997917FA76BF2957734C69BB6F0C0E295A462 |
SHA-256: | 1113E7D11B9EA75D4EAF624B3B08ACE8267E7DDF2227FA0CD02ED3D0F6CE8713 |
SHA-512: | 222BBD7819BE34E0C3F4D51DEDD3F1EC95F4251BD96B28DA3004BE876B3943E1FFD28D0BE0043E439254652DB2F5212CB7DCA1BA10D850AB10E57DED30EB9796 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.360050265950672 |
Encrypted: | false |
SSDEEP: | 6:dPrpRYgUohmKpLo3LF0ewNIiR/sGFeJX/OO7cj:djLlyLvwNIaDwX2O7C |
MD5: | 5CDCB059FD1874BA01359AC1648BA97C |
SHA1: | 60F997917FA76BF2957734C69BB6F0C0E295A462 |
SHA-256: | 1113E7D11B9EA75D4EAF624B3B08ACE8267E7DDF2227FA0CD02ED3D0F6CE8713 |
SHA-512: | 222BBD7819BE34E0C3F4D51DEDD3F1EC95F4251BD96B28DA3004BE876B3943E1FFD28D0BE0043E439254652DB2F5212CB7DCA1BA10D850AB10E57DED30EB9796 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.244988654030914 |
TrID: |
|
File name: | PPTV(pplive)_forap_1084_9993.exe |
File size: | 282'624 bytes |
MD5: | edb25d93f8a837aaa38faa49a5f97bca |
SHA1: | 62d11cab837802d66b9bfbf7106c826889d492d0 |
SHA256: | 5985eba3003cadb7b5c70985ad9c9d0ecc49b1814cdda3de1010a581c9ff56b2 |
SHA512: | 7a0c1f7143d9aba3e1ed393582f4ec3848e3561a87dd0a076f62e400825cb9b3070acc8d51b67f8605299108b45c1f4dd58125fc661319ffa72481adc3622f32 |
SSDEEP: | 3072:rMTvoM/aqSxUN7TXjElRiTthKNXUHgOMZaiqii/b8t1Z1W7AdyyD39rhAd8tUVzR:ivhRf+RAg9Z5ryJaSgC5q5G1K4L |
TLSH: | B3546D02E7CEC4B1FD162EB424AB27B74239AD450D09A7E3BB54DD3A84371A1B93650F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=...y..Ky..Ky..K...K~..K...Kx..K...K...K...Km..K...K{..K...K|..K...Kr..K...K}..KO..Kz..Ky..KL..KO..KW..K...Kx..KRichy..K....... |
Icon Hash: | 0fbd3da7e367339e |
Entrypoint: | 0x436f8f |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x675D0BBE [Sat Dec 14 04:38:22 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 04f4557c0e26881e301e90da4e144d69 |
Instruction |
---|
push ebp |
mov ebp, esp |
push FFFFFFFFh |
push 00439CF0h |
push 004370F4h |
mov eax, dword ptr fs:[00000000h] |
push eax |
mov dword ptr fs:[00000000h], esp |
sub esp, 68h |
push ebx |
push esi |
push edi |
mov dword ptr [ebp-18h], esp |
xor ebx, ebx |
mov dword ptr [ebp-04h], ebx |
push 00000002h |
call dword ptr [004393ECh] |
pop ecx |
or dword ptr [00442014h], FFFFFFFFh |
or dword ptr [00442018h], FFFFFFFFh |
call dword ptr [004393F0h] |
mov ecx, dword ptr [00442008h] |
mov dword ptr [eax], ecx |
call dword ptr [004393F4h] |
mov ecx, dword ptr [00442004h] |
mov dword ptr [eax], ecx |
mov eax, dword ptr [004393F8h] |
mov eax, dword ptr [eax] |
mov dword ptr [00442010h], eax |
call 00007FA860B1C0B8h |
cmp dword ptr [0043F180h], ebx |
jne 00007FA860B1BF9Eh |
push 0043711Eh |
call dword ptr [00439400h] |
pop ecx |
call 00007FA860B1C08Ah |
push 0043D064h |
push 0043D060h |
call 00007FA860B1C075h |
mov eax, dword ptr [00442000h] |
mov dword ptr [ebp-6Ch], eax |
lea eax, dword ptr [ebp-6Ch] |
push eax |
push dword ptr [00441FFCh] |
lea eax, dword ptr [ebp-64h] |
push eax |
lea eax, dword ptr [ebp-70h] |
push eax |
lea eax, dword ptr [ebp-60h] |
push eax |
call dword ptr [004393E0h] |
push 0043D05Ch |
push 0043D000h |
call 00007FA860B1C042h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3b1a0 | 0x118 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x43000 | 0x47c0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x39000 | 0x4f4 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x37025 | 0x38000 | 5c2458a7716636c46bc171e4eb98ae69 | False | 0.49240548270089285 | data | 6.435083412708649 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x39000 | 0x3c7e | 0x4000 | 5a7df9cd88d6aa8fecaefd33b7565123 | False | 0.3641357421875 | data | 5.2350400462593845 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3d000 | 0x501c | 0x3000 | c210c287a2ef937edbf1885baf8c5920 | False | 0.24763997395833334 | data | 3.1739799882223942 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x43000 | 0x47c0 | 0x5000 | 57e74659e476458c36bc4e72835cd424 | False | 0.425390625 | data | 4.4964956826368265 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x43130 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384 | English | United States | 0.4733703353802551 |
RT_DIALOG | 0x47370 | 0x102 | data | English | United States | 0.6356589147286822 |
RT_GROUP_ICON | 0x47358 | 0x14 | data | English | United States | 1.1 |
RT_VERSION | 0x47478 | 0x348 | data | English | United States | 0.4583333333333333 |
DLL | Import |
---|---|
MFC42.DLL | |
MSVCRT.dll | memmove, localtime, strftime, strchr, floor, sscanf, _CIpow, _ftol, strncmp, free, exit, _access, fopen, _setmbcp, _wcsicmp, _stat, _itoa, wcsrchr, _mkdir, rename, wcsstr, strncpy, _wcslwr, rand, srand, atol, _snprintf, wcscmp, _stricmp, _memicmp, _strupr, _atoi64, _strlwr, _wstati64, _wstat, _wtoi, __dllonexit, _onexit, _waccess, _wfopen, fseek, ftell, fread, fclose, wcscpy, wcscat, fwrite, malloc, getenv, strrchr, wcsncpy, wcslen, swprintf, memchr, strstr, tolower, isspace, isprint, time, sprintf, __CxxFrameHandler, _except_handler3, ?terminate@@YAXXZ, _exit, _XcptFilter, _acmdln, __getmainargs, _initterm, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, atoi, __setusermatherr |
KERNEL32.dll | FileTimeToSystemTime, FileTimeToLocalFileTime, GetLogicalDriveStringsA, CreateFileW, FindNextFileW, FindFirstFileW, DeleteFileW, CopyFileW, GlobalLock, GetFileSizeEx, GetFileAttributesExW, GetDriveTypeW, GetLogicalDriveStringsW, FindClose, GetPrivateProfileStringW, GetModuleHandleA, GetStartupInfoA, GlobalUnlock, CloseHandle, GlobalAlloc, GlobalFree, GetSystemDirectoryW, CreatePipe, CreateProcessA, GetProcAddress, InterlockedDecrement, InterlockedExchange, WriteFile, InterlockedIncrement, GetDiskFreeSpaceExA, GetSystemDirectoryA, GetVolumeInformationA, LocalAlloc, LocalFree, GetDriveTypeA, CreateThread, SetFilePointerEx, GetLogicalDrives, Sleep |
USER32.dll | GetSystemMetrics, IsIconic, KillTimer, SetTimer, SendMessageA, LoadIconA, GetClientRect, DrawIcon, GetProcessWindowStation, GetThreadDesktop, OpenWindowStationA, SetProcessWindowStation, OpenDesktopA, SetThreadDesktop, GetWindowTextA, CloseWindowStation, CloseDesktop, GetWindowThreadProcessId, GetDC, ReleaseDC, EnumDisplaySettingsA, GetForegroundWindow, GetWindowTextW, EnableWindow |
GDI32.dll | BitBlt, GetDeviceCaps, GetPixel, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, StretchBlt, DeleteObject, DeleteDC, GetObjectA, GetStockObject, SelectPalette, RealizePalette, GetDIBits, CreateDCA |
ADVAPI32.dll | RegQueryValueExW, RegCloseKey, RegEnumValueA |
SHELL32.dll | SHGetMalloc, SHGetSpecialFolderPathW, SHGetDesktopFolder |
ole32.dll | CLSIDFromProgID, CoCreateInstance, CoInitialize, CoUninitialize, CreateStreamOnHGlobal |
OLEAUT32.dll | SysFreeString, SysAllocString |
gdiplus.dll | GdipDisposeImage, GdiplusShutdown, GdipSaveImageToFile, GdiplusStartup, GdipLoadImageFromStream, GdipLoadImageFromStreamICM, GdipGetImageEncoders, GdipCloneImage, GdipGetImageEncodersSize, GdipFree, GdipAlloc |
MSVCP60.dll | ??1Init@ios_base@std@@QAE@XZ, ??0_Winit@std@@QAE@XZ, ??1_Winit@std@@QAE@XZ, ??1_Lockit@std@@QAE@XZ, ??0_Lockit@std@@QAE@XZ, ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z, ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB, ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ, ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z, ?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z, ?_Xlen@std@@YAXXZ, ?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ, ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z, ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z, ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z, ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB, ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z, ??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z, ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ, ?_Xran@std@@YAXXZ, ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z, ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z, ?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z, ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z, ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ, ?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z, ?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB, ?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z, ?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z, ?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, ?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB, ?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ, ??0Init@ios_base@std@@QAE@XZ |
SETUPAPI.dll | SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailA |
PSAPI.DLL | GetModuleFileNameExW |
Description | Data |
---|---|
Comments | |
CompanyName | |
FileDescription | Keniu |
FileVersion | 31, 3, 4, 216 |
InternalName | Keniu |
LegalCopyright | Copyright (C) 2020-2024 Keniu LLC.... |
LegalTrademarks | |
OriginalFilename | Keniu.exe |
PrivateBuild | |
ProductName | Keniu Application |
ProductVersion | 31, 3, 4, 216 |
SpecialBuild | |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Download Network PCAP: filtered – full
- Total Packets: 70
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 16:48:29.792538881 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:29.811577082 CEST | 50268 | 6666 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:34.882162094 CEST | 50268 | 6666 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:39.960163116 CEST | 50268 | 6666 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:45.038302898 CEST | 50268 | 6666 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:51.163605928 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:52.163279057 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:55.219888926 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:55.245244026 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:55.256968975 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:56.194871902 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:56.210879087 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:56.226258039 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:56.241504908 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:56.257220030 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:56.272593021 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:56.288503885 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:48:56.304606915 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.335172892 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.350709915 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.366345882 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.367279053 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.368118048 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.368998051 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.369879007 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.370764971 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.371644974 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.372505903 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.373382092 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.374249935 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.375097990 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.375976086 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.376859903 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.377727032 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.378524065 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.379376888 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.380203009 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.381027937 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.382015944 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.382873058 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.585068941 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.586102009 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.587079048 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.588110924 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.588968992 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.589958906 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.590959072 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.591900110 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.592946053 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.593873978 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.594891071 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.595817089 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.596784115 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.597707033 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.598778963 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.599694967 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.600878954 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:01.601535082 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:02.351627111 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:12.511739016 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:22.663705111 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:29.789346933 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:32.835299969 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:42.991799116 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:49:53.148372889 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:50:03.304079056 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:50:13.460550070 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:50:23.617376089 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:50:29.710975885 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Apr 2, 2025 16:50:32.804070950 CEST | 50267 | 4226 | 192.168.2.4 | 47.246.8.183 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 10:47:28 |
Start date: | 02/04/2025 |
Path: | C:\Users\user\Desktop\PPTV(pplive)_forap_1084_9993.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 282'624 bytes |
MD5 hash: | EDB25D93F8A837AAA38FAA49A5F97BCA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |