Analysis Report #U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.bat
Overview
General Information
Sample Name: | #U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.bat (renamed file extension from bat to exe) |
Analysis ID: | 343504 |
MD5: | 6665909a2652c5860fd874cb15c3991c |
SHA1: | 84a5a2e920e8165634e510766eaa51662401a227 |
SHA256: | 1ef7ae3509e71c3cd0904a7396831e6bd2c021f14dc5d4b2485a38ebefc3dd3d |
Most interesting Screenshot: |
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Methodology_Suspicious_Shortcut_Local_URL | Detects local script usage for .URL persistence | @itsreallynick (Nick Carr), @QW5kcmV3 (Andrew Thompson) |
|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Privilege Escalation: |
---|
Contains functionality to bypass UAC (CMSTPLUA) | Show sources |
Source: | Code function: |
Compliance: |
---|
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Networking: |
---|
Connects to many ports of the same IP (likely port scanning) | Show sources |
Source: | TCP traffic: |
Uses known network protocols on non-standard ports | Show sources |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: |
Source: | Code function: |
Source: | Binary or memory string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Process Stats: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Process token adjusted: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Process created: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Uses known network protocols on non-standard ports | Show sources |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Malware Analysis System Evasion: |
---|
Tries to detect sandboxes / dynamic malware analysis system (registry check) | Show sources |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: |
Source: | Registry key queried: | ||
Source: | Registry key queried: | ||
Source: | File opened / queried: |
Source: | Evasive API call chain: |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread sleep count: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep count: |
Source: | Last function: | ||
Source: | Last function: |
Source: | File Volume queried: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | Process information queried: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Source: | Process token adjusted: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Code function: | ||
Source: | Code function: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Replication Through Removable Media1 | Scripting1 | Startup Items1 | Startup Items1 | Deobfuscate/Decode Files or Information1 | Input Capture31 | System Time Discovery2 | Replication Through Removable Media1 | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API2 | DLL Side-Loading1 | Exploitation for Privilege Escalation1 | Scripting1 | LSASS Memory | Peripheral Device Discovery11 | Remote Desktop Protocol | Input Capture31 | Exfiltration Over Bluetooth | Encrypted Channel12 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Application Shimming1 | DLL Side-Loading1 | Obfuscated Files or Information2 | Security Account Manager | File and Directory Discovery4 | SMB/Windows Admin Shares | Clipboard Data1 | Automated Exfiltration | Non-Standard Port11 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Registry Run Keys / Startup Folder21 | Application Shimming1 | DLL Side-Loading1 | NTDS | System Information Discovery25 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Bypass User Access Control1 | Bypass User Access Control1 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol2 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Access Token Manipulation1 | Masquerading1 | Cached Domain Credentials | Security Software Discovery241 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Process Injection11 | Virtualization/Sandbox Evasion2 | DCSync | Virtualization/Sandbox Evasion2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Registry Run Keys / Startup Folder21 | Access Token Manipulation1 | Proc Filesystem | Process Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Process Injection11 | /etc/passwd and /etc/shadow | Application Window Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
15% | Virustotal | Browse | ||
22% | ReversingLabs | Win64.Trojan.CrypterX |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
6% | Virustotal | Browse | ||
10% | ReversingLabs | Win64.Trojan.Wacatac | ||
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
40.126.31.135 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
204.79.197.200 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
110.92.66.246 | unknown | Hong Kong | 133115 | HKKFGL-AS-APHKKwaifongGroupLimitedHK | true |
Private |
---|
IP |
---|
192.168.2.1 |
192.168.2.4 |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 343504 |
Start date: | 24.01.2021 |
Start time: | 10:22:33 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | #U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.bat (renamed file extension from bat to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.troj.expl.evad.winEXE@13/17@0/5 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:23:40 | Autostart | |
10:23:48 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
204.79.197.200 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HKKFGL-AS-APHKKwaifongGroupLimitedHK | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 871 |
Entropy (8bit): | 7.6751333998200835 |
Encrypted: | false |
SSDEEP: | 24:CIOegEZhc5iZzVT78nOwNDSxEqrohfoi4:CLegEZnf8nhmtURoT |
MD5: | 23AEFC140636655BE400C41403524704 |
SHA1: | BD581B29370FD93ABF63BD2C02998A0EF2DFD2A4 |
SHA-256: | D37575E0B66A925ACB5432CC7B706DA8985635B80B3D60C6C90F748D1F743505 |
SHA-512: | 2517137ABEE797FCA5E597A3826B7C02B1CB1EC045DAE4C1B493C8EE2070D6473DA9E7C584F8302D598DF11C687EE11BF2DDE9E33616243C6F94986CBD0A7AA0 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\ProgramData\Microsoft\zr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1791 |
Entropy (8bit): | 3.466273590595946 |
Encrypted: | false |
SSDEEP: | 24:8Z3AX3ighdUAfmqpdoe7KODlWJdo7aB6m:8Z3AnisOqjl2k0B6 |
MD5: | 5FF572CBE6B366349A9D3389D4A60CAC |
SHA1: | 497C442D14F4A09D00C3294784ECA1DC43A6F4A2 |
SHA-256: | 16731A0D7B072BE60F580E93797D2E91F2DE970CF45C31EE7B9BAE52D4824B6E |
SHA-512: | 6DF6B097BFF0B76EC465A886ABE72EBC7DB3C850E4FA7D8CE1D60A36F57E04E3063507D3F23F059AA7024E7E7162F8F298610AA1702E16217730B1EF79D176B8 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 461088 |
Entropy (8bit): | 6.581027593342649 |
Encrypted: | false |
SSDEEP: | 12288:tUBwDn0mdLrMkNpj6hTEXRrn9VsArg1xi:tUu7t3GTEhrn9VsA+i |
MD5: | 045FCBE6C174AFA9A6A998BDD6F9FAD7 |
SHA1: | 9F477006DC176608E953EF44902FCE17DDF8FCA3 |
SHA-256: | 08E510EF41795B4192650452D8E5482DBF71CEFAF9D67CFE02F60253D6023F96 |
SHA-512: | 59CE53DDA80567A3B3E19FA2FBE404B655CB4203170B1295B1E6C33B9EBD0B6D2526FB568255610E64FA5C29A6F5C464766CDD746E207FFD2D48DA36811D717B |
Malicious: | false |
Antivirus: | |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\zT6Nm@i4\PMRunner64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 191488 |
Entropy (8bit): | 7.99619087524627 |
Encrypted: | true |
SSDEEP: | 3072:SGtyjkUNHHoDhFMFI0rciHPgZwkndg0WU15pI9SmDCPAuE1L3kaF/F1Dmq:S0yjkKHHAh9t4EbHI9SmDiAQWd1Dmq |
MD5: | F6773A1C5D1566F4BEBDBF81BDDDC57D |
SHA1: | 38CC9D3391DE6AE3773076E23B528F9534E40471 |
SHA-256: | 5B672EE64618CCCBC94011E1BA713E5B6EFA574A8CCA18CC3653C499B2AF2202 |
SHA-512: | 63E4BE550A66783ADFA6D064BA4912A6440986D3AF396F608F3C7B0B9F830DB8BB718216824689E1CA23D636AE67838ADB49DC0DA3263C9D64D823FB15CC964C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\zT6Nm@i4\zr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 895 |
Entropy (8bit): | 7.58674925006426 |
Encrypted: | false |
SSDEEP: | 24:7OegEZhc5iZzVT78nOwNDSxEqrohfoiQ3T:KegEZnf8nhmtURo/3T |
MD5: | 8B8E701F0984126214856AEA7B49A3E1 |
SHA1: | BC4995ABD24C3451D3AF427F7CE03FA484055157 |
SHA-256: | D4714CBC4612E14FA5D62B26274411A435396094EFECAAC6D82325FA2400FD04 |
SHA-512: | 7049B6C1ED94B5F10138C3971598A7C98D2E25F340A3C914F4E0D27074AF70A51FF53A7652CE4373140054B0E16A484D1083483CFEB105F6DF5D313C3FAF35E5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 224323 |
Entropy (8bit): | 7.996498851977439 |
Encrypted: | true |
SSDEEP: | 6144:5SDdKtn3KwKa9xg8LIzF9yWeSBvd+tResBuYU:4Dde3xKhOIzOGBF |
MD5: | 7B30F5D321E85813F5E5835F92FFA0FC |
SHA1: | 369474EA5BFFA01DAC8C663EDE08D7D0D8967054 |
SHA-256: | 445E5B49DA01A0D99AFD84EF3D9C5238E02D5E4FBC546D43C619005A622C9917 |
SHA-512: | 8797E96456F2C822DA7B79486784BA49ED7A4CC85FF74F76D097339EA8C2FDC945E1EB51BEF28F7E1358EA38BD6BBB8D1C35D63A54F5000A1D75C5E90DDAB0FD |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 302592 |
Entropy (8bit): | 5.94262128533878 |
Encrypted: | false |
SSDEEP: | 6144:YDVMbwz0W4gWqPcjwhum9o34Ec2x1tRuf+X4zNEP:YDGO0WTWq4wYb34Ec2vupEP |
MD5: | B8477E4DF0F24A96BBAFD2F13C31A4A2 |
SHA1: | E4548C10552B1906BBE4A7EED90E97D24C958CF5 |
SHA-256: | 5EFD269CA1CD474F68ECE50E6AC3F88F1831ACA273DE9789C17DD8A46AEA8D71 |
SHA-512: | 6FE6FF9E3BD95CE0583AA2BBB06B8AB123363D94AFEEAB3CCE377B1FB5EABB0BA58F1107E822C39FF2D186E788783262EFFAB8270519A2A118C055013BEEC6B3 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 271704 |
Entropy (8bit): | 5.761811520401724 |
Encrypted: | false |
SSDEEP: | 3072:wWHyRIh1NDBeEOqDhPbsuB35WlP+7l1MYMb3URvwgwWwBHNFs:nrrNDBeJwhbh3mU9wgw |
MD5: | 65DBB57517611D9DE8CE522022DCD727 |
SHA1: | B33E6DB5C460E5E38DD636C4D48E9D4523E2838F |
SHA-256: | 0525B815E61D3CD83FD4C87032DE7C1DCBA5E8D2619539F925E43624EB6E1D77 |
SHA-512: | D8D34BC3642255DFF395CB47A0EA58CC07D911B3535A0A6D972CC4E501F6CCAB200A7D636FCDEE77DC6E7AD6B735918BCDF48EA6F0EA0E26804C31F2D175490D |
Malicious: | true |
Antivirus: | |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1791 |
Entropy (8bit): | 3.466273590595946 |
Encrypted: | false |
SSDEEP: | 24:8Z3AX3ighdUAfmqpdoe7KODlWJdo7aB6m:8Z3AnisOqjl2k0B6 |
MD5: | 5FF572CBE6B366349A9D3389D4A60CAC |
SHA1: | 497C442D14F4A09D00C3294784ECA1DC43A6F4A2 |
SHA-256: | 16731A0D7B072BE60F580E93797D2E91F2DE970CF45C31EE7B9BAE52D4824B6E |
SHA-512: | 6DF6B097BFF0B76EC465A886ABE72EBC7DB3C850E4FA7D8CE1D60A36F57E04E3063507D3F23F059AA7024E7E7162F8F298610AA1702E16217730B1EF79D176B8 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 148 |
Entropy (8bit): | 4.859584238440697 |
Encrypted: | false |
SSDEEP: | 3:55Pt+ZIgUAdkdZkRErG+ffbNQdi25Pt+ZIrUhFmRdZkRErG+fUNhn:PwZIPAra3ZQdi2wZIroakn |
MD5: | 7EE919ABFE2EBEFCDD420D0E0784F1C9 |
SHA1: | 760A5A935E7453C7C3D0CFE786975F97931382BB |
SHA-256: | 21C285FD608237D8B329AD8266FDCC0E9C671BAEB956E9544CAEC712944EF8A9 |
SHA-512: | 0327C9A5500BEF65DFF1501553F0471B7CF2584CAA56CBF15673AC4AF10E748C08E15C5878F0C792907F2F777C6393925A22AB36BDBB70C29963FEC9A07AFFF5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65 |
Entropy (8bit): | 4.934228490671524 |
Encrypted: | false |
SSDEEP: | 3:HRAbABGQVuOt+ZIo7g:HRYF5OwZIig |
MD5: | 004A6C48B0C8EE5A854123B30016589A |
SHA1: | E491D660E83A6DC76EDFB00A8750B98E6F66C665 |
SHA-256: | 2CF3CC8BCD1655AE232418CCFEBBF8D0AA5EFB062F95DF320C27B5C3A69E9A7C |
SHA-512: | 02CD3B044426D6CE89CECBFD16D294882AF867C33F53E6AE71104A4D4E2D57C9A551E659616B7D331CD8714E55DED39538796AD4A1F076483E619CF49E864E7E |
Malicious: | false |
Yara Hits: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1845 |
Entropy (8bit): | 3.204025472281673 |
Encrypted: | false |
SSDEEP: | 24:8PHjJW6PV7Mmc7S6MAdx+/5+fUt+/g4I0Z57aB6m:8PMYdCXLiu8sIrB6 |
MD5: | BE3AF8B163611E11E35121A9C0DE546F |
SHA1: | DFEEE23EAE5794D9C6D7B54A00CB0E42800AFAA3 |
SHA-256: | 271541E40261A329ED49F004A2ABAAA533009C1E94B9F7CA3CED62756E59912B |
SHA-512: | 495C1D2427C943DFBC3739CFC3E104934449E629B39FEF81074F21151345DBA06A96DFE766B03F8CF74CDE5EB8D52CB8F00FA969186E8CECDFCF3B37346739EF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1457 |
Entropy (8bit): | 1.9452446037061828 |
Encrypted: | false |
SSDEEP: | 12:8zM0i/kdvrHjHbQbfnbB5baP0yZ3ZrwPH:8AIzD7kzzk0yZ3Zk |
MD5: | 95A5332A3DE1AE6E16F7E139EE968E9B |
SHA1: | 9E7DD05E15FCAC8C1B8E91978B7EFEB923CD6A88 |
SHA-256: | 5D0904F70763CA9D1118EFD2171BA4A0CF0D7C10B8D121836F95CE16A3E03C5A |
SHA-512: | 53A9CA5C5754D742BD568953B8B4A5AB58BDEA9C9CFC7E49C921484883BCF93CA9E5B6758FDFF72FF98BD0C5D1B70B97B264C89912880A7BB179CE26E8A768B0 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1837 |
Entropy (8bit): | 3.401424786774406 |
Encrypted: | false |
SSDEEP: | 24:8hJ3AX3igX1AnxQfouopHO8jAIM7aB6m:8/3AniRyfouopHdB6 |
MD5: | 4AC952055902E20C748E96234BF2F56C |
SHA1: | 9B0BADF7DE8286543D6D5C45CD19E834E76E671F |
SHA-256: | 0D7B6A444BFA014BEE1DC4769FB66663BB1F0FC0B3327EC41AB9F5342BF571EF |
SHA-512: | 80639E1E8B2C4DD3BEC66CBEF87B7E1293D9CCE7E8B34C71B9011400E536CBA39801155CAC3C691B096F2B2B55254CF53FB402B7D843E429196C8B5484DD83DA |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 461088 |
Entropy (8bit): | 6.581027593342649 |
Encrypted: | false |
SSDEEP: | 12288:tUBwDn0mdLrMkNpj6hTEXRrn9VsArg1xi:tUu7t3GTEhrn9VsA+i |
MD5: | 045FCBE6C174AFA9A6A998BDD6F9FAD7 |
SHA1: | 9F477006DC176608E953EF44902FCE17DDF8FCA3 |
SHA-256: | 08E510EF41795B4192650452D8E5482DBF71CEFAF9D67CFE02F60253D6023F96 |
SHA-512: | 59CE53DDA80567A3B3E19FA2FBE404B655CB4203170B1295B1E6C33B9EBD0B6D2526FB568255610E64FA5C29A6F5C464766CDD746E207FFD2D48DA36811D717B |
Malicious: | false |
Antivirus: | |
Preview: |
|
Process: | C:\ProgramData\Microsoft\zr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 484 |
Entropy (8bit): | 4.98831110003937 |
Encrypted: | false |
SSDEEP: | 12:pltQzsBRwgaQH7pyTkaHo8ajFsQcE5+svhJAISLGN2Gy:pYzsDwXQboTjUZH+svhJAI9wv |
MD5: | 70C66FCD7F376B7EC9AD79053CA63030 |
SHA1: | E3AE64762463879E0B8C91713A291B540131E423 |
SHA-256: | 3FD565B1794F89DB8FFA179D9EBF283A0AC7B37BD9E8AD8DE94BB1443B0416BA |
SHA-512: | 0B07E9206A5B8D60D93AE7AE826605FFBC2DE13B072DB3EEF2A74E0E05485B8ADDA1E5D6231CC9965FD34093739603566841098631FBD89B8F7CC8889A2FBDA0 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.805779435598225 |
TrID: |
|
File name: | #U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
File size: | 3150336 |
MD5: | 6665909a2652c5860fd874cb15c3991c |
SHA1: | 84a5a2e920e8165634e510766eaa51662401a227 |
SHA256: | 1ef7ae3509e71c3cd0904a7396831e6bd2c021f14dc5d4b2485a38ebefc3dd3d |
SHA512: | c7ca90037a3e67b443fe6b8f8a8df510eb2794d53a80a416b7234de123703cf5b590f3314f1e0acf749156ce40cc176182d521679c83afceb18b60d39e07c6a5 |
SSDEEP: | 49152:jwBFRHHY3rC5IgDAI9q8xCFEXlZ40nqSvLcUhGcwKEAX/ivWPlGbjtGysnISnvpZ:jwlHYm5IML9hGvTWlGnUysnISnBdu2 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c`7...d...d...dFL.d...d.z.d...d.z.d...d.z.d...d...d...d.t.dd..d.t.d...d.t.d...d.t.d...d.t.d...dRich...d................PE..d.. |
File Icon |
---|
Icon Hash: | 74cac4d4d4d0c4d4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1401543b0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE, NX_COMPAT |
Time Stamp: | 0x600BDCC7 [Sat Jan 23 08:22:31 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 2 |
File Version Major: | 5 |
File Version Minor: | 2 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 2 |
Import Hash: | 5894f7ecf05bebd0f6f297d29b91f916 |
Entrypoint Preview |
---|
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F7DAC8515DCh |
dec eax |
add esp, 28h |
jmp 00007F7DAC84AA97h |
int3 |
int3 |
dec eax |
mov dword ptr [esp+08h], ebx |
push edi |
dec eax |
sub esp, 20h |
dec eax |
lea eax, dword ptr [00076193h] |
mov ebx, edx |
dec eax |
mov edi, ecx |
dec eax |
mov dword ptr [ecx], eax |
call 00007F7DAC851667h |
test bl, 00000001h |
je 00007F7DAC84AC4Ah |
dec eax |
mov ecx, edi |
call 00007F7DAC6F960Eh |
dec eax |
mov eax, edi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
add esp, 20h |
pop edi |
ret |
int3 |
int3 |
int3 |
dec eax |
sub esp, 28h |
dec eax |
mov eax, edx |
dec eax |
lea edx, dword ptr [ecx+11h] |
dec eax |
lea ecx, dword ptr [eax+11h] |
call 00007F7DAC8516B1h |
test eax, eax |
sete al |
dec eax |
add esp, 28h |
ret |
int3 |
int3 |
dec eax |
mov dword ptr [esp+10h], ebx |
dec eax |
mov dword ptr [esp+18h], ebp |
dec eax |
mov dword ptr [esp+20h], esi |
push edi |
inc ecx |
push esp |
inc ecx |
push ebp |
inc ecx |
push esi |
inc ecx |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
arpl word ptr [eax+0Ch], di |
dec esp |
mov edi, ecx |
dec ecx |
mov ecx, eax |
dec ecx |
mov ebp, ecx |
dec ebp |
mov ebp, eax |
dec esp |
mov esi, edx |
call 00007F7DAC8517ADh |
dec ebp |
mov edx, dword ptr [edi] |
dec esp |
mov dword ptr [ebp+00h], edx |
inc esp |
mov esp, eax |
test edi, edi |
je 00007F7DAC84ACCAh |
dec eax |
lea ecx, dword ptr [edi+edi*4] |
dec eax |
lea esi, dword ptr [FFFFFFECh+ecx*4] |
dec ecx |
arpl word ptr [ebp+10h], bx |
dec ecx |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1ff938 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x306000 | 0xb0f8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x2f0000 | 0x13518 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x17b000 | 0x1350 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x179a48 | 0x179c00 | False | 0.519473729112 | data | 6.37063911403 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x17b000 | 0x886cc | 0x88800 | False | 0.253088870765 | data | 4.38109791814 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x204000 | 0xeb290 | 0xdee00 | False | 0.944429595485 | data | 7.74292213666 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0x2f0000 | 0x13518 | 0x13600 | False | 0.497505040323 | data | 6.14754754116 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
text | 0x304000 | 0xbbd | 0xc00 | False | 0.466796875 | data | 5.50929008744 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA |
data | 0x305000 | 0x760 | 0x800 | False | 0.6806640625 | data | 5.89712002279 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x306000 | 0xb0f8 | 0xb200 | False | 0.413031074438 | data | 5.68750375192 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_CURSOR | 0x306c10 | 0x134 | data | Chinese | China |
RT_CURSOR | 0x306d44 | 0xb4 | data | Chinese | China |
RT_CURSOR | 0x306df8 | 0x134 | AmigaOS bitmap font | Chinese | China |
RT_CURSOR | 0x306f2c | 0x134 | data | Chinese | China |
RT_CURSOR | 0x307060 | 0x134 | data | Chinese | China |
RT_CURSOR | 0x307194 | 0x134 | data | Chinese | China |
RT_CURSOR | 0x3072c8 | 0x134 | data | Chinese | China |
RT_CURSOR | 0x3073fc | 0x134 | data | Chinese | China |
RT_CURSOR | 0x307530 | 0x134 | data | Chinese | China |
RT_CURSOR | 0x307664 | 0x134 | data | Chinese | China |
RT_CURSOR | 0x307798 | 0x134 | data | Chinese | China |
RT_CURSOR | 0x3078cc | 0x134 | data | Chinese | China |
RT_CURSOR | 0x307a00 | 0x134 | AmigaOS bitmap font | Chinese | China |
RT_CURSOR | 0x307b34 | 0x134 | data | Chinese | China |
RT_CURSOR | 0x307c68 | 0x134 | data | Chinese | China |
RT_CURSOR | 0x307d9c | 0x134 | data | Chinese | China |
RT_BITMAP | 0x307ed0 | 0xb8 | data | Chinese | China |
RT_BITMAP | 0x307f88 | 0x144 | data | Chinese | China |
RT_ICON | 0x3080cc | 0xea8 | data | Chinese | China |
RT_ICON | 0x308f74 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | Chinese | China |
RT_ICON | 0x30981c | 0x568 | GLS_BINARY_LSB_FIRST | Chinese | China |
RT_ICON | 0x309d84 | 0x25ad | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Chinese | China |
RT_ICON | 0x30c334 | 0x25a8 | data | Chinese | China |
RT_ICON | 0x30e8dc | 0x10a8 | data | Chinese | China |
RT_ICON | 0x30f984 | 0x468 | GLS_BINARY_LSB_FIRST | Chinese | China |
RT_DIALOG | 0x30fdec | 0xde | data | Chinese | China |
RT_DIALOG | 0x30fecc | 0x210 | data | Chinese | China |
RT_DIALOG | 0x3100dc | 0xe2 | data | Chinese | China |
RT_DIALOG | 0x3101c0 | 0x34 | data | Chinese | China |
RT_STRING | 0x3101f4 | 0x6a | data | Chinese | China |
RT_STRING | 0x310260 | 0x4e | data | Chinese | China |
RT_STRING | 0x3102b0 | 0x2c | data | Chinese | China |
RT_STRING | 0x3102dc | 0x84 | data | Chinese | China |
RT_STRING | 0x310360 | 0x1c4 | data | Chinese | China |
RT_STRING | 0x310524 | 0x14e | data | Chinese | China |
RT_STRING | 0x310674 | 0x10e | data | Chinese | China |
RT_STRING | 0x310784 | 0x50 | data | Chinese | China |
RT_STRING | 0x3107d4 | 0x44 | data | Chinese | China |
RT_STRING | 0x310818 | 0x68 | data | Chinese | China |
RT_STRING | 0x310880 | 0x1b2 | data | Chinese | China |
RT_STRING | 0x310a34 | 0xf4 | data | Chinese | China |
RT_STRING | 0x310b28 | 0x24 | data | Chinese | China |
RT_STRING | 0x310b4c | 0x1a6 | data | Chinese | China |
RT_GROUP_CURSOR | 0x310cf4 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | Chinese | China |
RT_GROUP_CURSOR | 0x310d18 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310d2c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310d40 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310d54 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310d68 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310d7c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310d90 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310da4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310db8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310dcc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310de0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310df4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310e08 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_CURSOR | 0x310e1c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China |
RT_GROUP_ICON | 0x310e30 | 0x68 | data | Chinese | China |
RT_MANIFEST | 0x310e98 | 0x25f | ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | IsValidCodePage, GetTimeZoneInformation, LCMapStringW, GetConsoleCP, GetConsoleMode, WriteConsoleW, SetEnvironmentVariableA, RtlCaptureContext, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, HeapCreate, GetVersion, HeapSetInformation, FlsAlloc, FlsFree, FlsSetValue, FlsGetValue, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStdHandle, SizeofResource, SetUnhandledExceptionFilter, GetFileType, SetStdHandle, VirtualQuery, GetSystemInfo, SetThreadStackGuarantee, HeapSize, HeapQueryInformation, RtlPcToFileHeader, GetOEMCP, CreateThread, ExitThread, HeapReAlloc, GetSystemTimeAsFileTime, DecodePointer, EncodePointer, RtlUnwindEx, RtlLookupFunctionEntry, GetStartupInfoW, GetCommandLineW, FindResourceExW, SearchPathW, Sleep, GetProfileIntW, InitializeCriticalSectionAndSpinCount, GetTickCount, GetNumberFormatW, GetWindowsDirectoryW, GetTempPathW, GetTempFileNameW, GetFileTime, GetFileSizeEx, GetFileAttributesW, FileTimeToLocalFileTime, GetFileAttributesExW, SetErrorMode, FileTimeToSystemTime, GlobalGetAtomNameW, lstrlenA, GetFullPathNameW, GetACP, GetCPInfo, RaiseException, GetStringTypeW, GetVolumeInformationW, FindFirstFileW, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileW, lstrcmpiW, GetThreadLocale, lstrcpyW, DeleteFileW, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, GlobalHandle, GlobalReAlloc, TlsAlloc, InitializeCriticalSection, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalFlags, GetCurrentDirectoryW, ReleaseActCtx, CreateActCtxW, CopyFileW, GlobalSize, FormatMessageW, LocalFree, MulDiv, GlobalFindAtomW, GetVersionExW, CompareStringW, GlobalUnlock, GlobalFree, FreeResource, GetCurrentProcessId, GlobalAddAtomW, GetPrivateProfileStringW, lstrlenW, WritePrivateProfileStringW, GetPrivateProfileIntW, CreateEventW, SuspendThread, SetEvent, WaitForSingleObject, ResumeThread, SetThreadPriority, CloseHandle, lstrcmpA, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, GetUserDefaultUILanguage, ConvertDefaultLocale, GetSystemDefaultUILanguage, GetModuleFileNameW, GetLocaleInfoW, ActivateActCtx, LoadLibraryW, GetLastError, DeactivateActCtx, SetLastError, WideCharToMultiByte, GlobalLock, lstrcmpW, GlobalAlloc, GetModuleHandleW, HeapAlloc, FreeLibrary, GetProcessHeap, HeapFree, IsBadReadPtr, LoadLibraryA, GetProcAddress, VirtualFree, VirtualProtect, VirtualAlloc, MultiByteToWideChar, TerminateThread, ExitProcess, FindResourceW, LoadResource, LockResource |
USER32.dll | SetMenuDefaultItem, PostThreadMessageW, CreateMenu, IsMenu, UpdateLayeredWindow, UnionRect, MonitorFromPoint, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcW, DefFrameProcW, RegisterClipboardFormatW, CopyImage, GetIconInfo, EnableScrollBar, HideCaret, InvertRect, GetMenuDefaultItem, UnpackDDElParam, ReuseDDElParam, LoadImageW, InsertMenuItemW, TranslateAcceleratorW, LockWindowUpdate, BringWindowToTop, SetCursorPos, CreateAcceleratorTableW, LoadAcceleratorsW, GetKeyboardState, GetKeyboardLayout, ToUnicodeEx, DrawFocusRect, DrawFrameControl, DrawEdge, DrawIconEx, DrawStateW, SetClassLongPtrW, GetAsyncKeyState, NotifyWinEvent, CreatePopupMenu, DestroyAcceleratorTable, SetParent, RedrawWindow, SetWindowRgn, IsZoomed, UnregisterClassW, MessageBeep, GetNextDlgGroupItem, InvalidateRgn, SetRect, IsRectEmpty, CopyAcceleratorTableW, OffsetRect, CharNextW, IntersectRect, LoadMenuW, CharUpperW, DestroyIcon, WaitMessage, ReleaseCapture, WindowFromPoint, SetCapture, GetSysColorBrush, LoadCursorW, SetLayeredWindowAttributes, SetRectEmpty, KillTimer, SetTimer, InvalidateRect, RealChildWindowFromPoint, DeleteMenu, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, FillRect, SystemParametersInfoW, DestroyMenu, IsClipboardFormatAvailable, InflateRect, GetMenuStringW, InsertMenuW, RemoveMenu, ShowWindow, SetWindowTextW, IsDialogMessageW, SetDlgItemTextW, CheckDlgButton, RegisterWindowMessageW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, GetClassNameW, GetClassLongPtrW, SetPropW, GetPropW, RemovePropW, SetFocus, GetWindowTextLengthW, GetWindowTextW, GetForegroundWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, GetWindowLongPtrW, SetWindowLongPtrW, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MonitorFromWindow, GetMonitorInfoW, MapWindowPoints, ScrollWindow, TrackPopupMenu, SetMenu, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, ShowScrollBar, UpdateWindow, GetSubMenu, GetMenuItemID, GetMenuItemCount, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, GetSysColor, AdjustWindowRectEx, GetWindowRect, ScreenToClient, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, PtInRect, SetWindowPlacement, GetWindowPlacement, GetDlgCtrlID, DefWindowProcW, CallWindowProcW, GetMenu, GetWindow, SetWindowContextHelpId, FrameRect, GetUpdateRect, GetWindowRgn, DestroyCursor, SubtractRect, MapVirtualKeyExW, IsCharLowerW, GetDoubleClickTime, MapDialogRect, SetWindowPos, MapVirtualKeyW, GetKeyNameTextW, ReleaseDC, GetDC, CopyRect, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamW, CharUpperBuffW, CopyIcon, EmptyClipboard, CloseClipboard, SetClipboardData, GetMenuItemInfoW, OpenClipboard, DestroyWindow, IsWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, GetWindowThreadProcessId, GetLastActivePopup, IsWindowEnabled, MessageBoxW, ShowOwnedPopups, SetCursor, SetWindowsHookExW, CallNextHookEx, GetMessageW, TranslateMessage, DispatchMessageW, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageW, GetCursorPos, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, GetFocus, GetParent, ModifyMenuW, GetMenuState, EnableMenuItem, CheckMenuItem, PostMessageW, PostQuitMessage, GetSystemMetrics, LoadIconW, EnableWindow, GetClientRect, IsIconic, GetSystemMenu, SendMessageW, AppendMenuW, DrawIcon, MoveWindow, GetWindowLongW, SetWindowLongW, EnumDisplayMonitors |
GDI32.dll | CreateSolidBrush, CreateHatchBrush, CreateDIBitmap, CreateCompatibleBitmap, GetTextMetricsW, EnumFontFamiliesW, GetTextCharsetInfo, SetRectRgn, CombineRgn, GetMapMode, DPtoLP, GetBkColor, GetTextColor, GetRgnBox, CreateDIBSection, CreateRoundRectRgn, CreatePolygonRgn, CreateEllipticRgn, Polyline, Ellipse, Polygon, CreatePalette, GetPaletteEntries, GetNearestPaletteIndex, RealizePalette, GetSystemPaletteEntries, OffsetRgn, SetDIBColorTable, CreatePen, SetPixel, Rectangle, EnumFontFamiliesExW, LPtoDP, GetWindowOrgEx, GetViewportOrgEx, PtInRegion, FillRgn, FrameRgn, GetBoundsRect, ExtFloodFill, SetPaletteEntries, GetTextFaceW, SetPixelV, RectVisible, PtVisible, GetPixel, GetObjectType, TextOutW, SelectPalette, GetStockObject, CreatePatternBrush, DeleteDC, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, OffsetWindowOrgEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, StretchBlt, CreateBitmap, GetWindowExtEx, GetViewportExtEx, CreateRectRgn, SelectClipRgn, DeleteObject, SetLayout, GetLayout, SetTextAlign, MoveToEx, LineTo, IntersectClipRect, ExcludeClipRect, GetClipBox, SetMapMode, SetROP2, SetPolyFillMode, SetBkMode, RestoreDC, SaveDC, GetTextExtentPoint32W, ExtTextOutW, BitBlt, CreateCompatibleDC, CreateFontIndirectW, CreateDCW, CopyMetaFileW, GetDeviceCaps, GetObjectW, SetBkColor, SetTextColor, PatBlt, CreateRectRgnIndirect, Escape |
MSIMG32.dll | AlphaBlend, TransparentBlt |
COMDLG32.dll | GetFileTitleW |
WINSPOOL.DRV | ClosePrinter, OpenPrinterW, DocumentPropertiesW |
ADVAPI32.dll | RegEnumKeyExW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyW, RegQueryValueW, RegCloseKey, RegEnumValueW |
SHELL32.dll | SHAppBarMessage, SHGetFileInfoW, ShellExecuteW, DragFinish, DragQueryFileW, SHBrowseForFolderW, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetDesktopFolder |
COMCTL32.dll | ImageList_GetIconSize |
SHLWAPI.dll | PathFindFileNameW, PathStripToRootW, PathIsUNCW, PathFindExtensionW, PathRemoveFileSpecW |
ole32.dll | OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CoInitializeEx, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CoInitialize, CoUninitialize, OleCreateMenuDescriptor, CoTaskMemAlloc, ReleaseStgMedium, CoTaskMemFree, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator, OleLockRunning, CreateStreamOnHGlobal, OleIsCurrentClipboard, OleFlushClipboard, DoDragDrop, CLSIDFromString, CLSIDFromProgID, CoCreateGuid, RevokeDragDrop, CoLockObjectExternal, RegisterDragDrop, OleGetClipboard, OleDuplicateData, CoRegisterMessageFilter, CoCreateInstance, CoRevokeClassObject |
OLEAUT32.dll | SysFreeString, VarBstrFromDate, VariantCopy, SafeArrayDestroy, SystemTimeToVariantTime, VariantTimeToSystemTime, OleCreateFontIndirect, SysStringLen, VariantInit, VariantChangeType, VariantClear, SysAllocStringLen, SysAllocString |
oledlg.dll | OleUIBusyW |
WS2_32.dll | WSAIoctl, htons, inet_ntoa, gethostbyname, gethostname, WSASocketW, WSAStartup, ntohs, recv, bind |
OLEACC.dll | LresultFromObject, AccessibleObjectFromWindow, CreateStdAccessibleObject |
gdiplus.dll | GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode, GdipGetImagePaletteSize, GdiplusShutdown, GdiplusStartup, GdipCreateBitmapFromHBITMAP, GdipDisposeImage, GdipDeleteGraphics, GdipAlloc, GdipFree, GdipGetImagePalette, GdipCreateBitmapFromStream, GdipCreateBitmapFromScan0, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipGetImageGraphicsContext, GdipCreateFromHDC, GdipDrawImageI |
IMM32.dll | ImmGetOpenStatus, ImmReleaseContext, ImmGetContext |
WINMM.dll | PlaySoundW |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | China | |
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 24, 2021 10:23:23.492737055 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:23.493050098 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:23.493232012 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:23.493341923 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:23.493448019 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:23.493484020 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:23.493712902 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:23.493824005 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:23.493865967 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:23.503756046 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.503794909 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.503830910 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.503869057 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.503894091 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.503979921 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.504018068 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.504620075 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.504646063 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.504668951 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.504837036 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.504875898 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.505203962 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.505242109 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.505482912 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.505522966 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.505681992 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.505717039 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.505799055 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.505855083 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:23.506150961 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.506251097 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.506513119 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.506541967 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.626178026 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:23.626334906 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.676939011 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.677278996 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.677455902 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.677529097 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.677571058 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.677608013 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.677635908 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.677711964 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.677747011 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.677762985 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.677767992 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.686454058 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.686647892 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.686887026 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.687319994 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.687814951 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.687844992 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.687937021 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.688262939 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.688580036 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.688678026 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.688756943 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.688922882 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.689089060 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.689160109 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.689368963 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.689434052 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.689743042 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.689924002 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.720083952 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.720293045 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:28.755439043 CET | 443 | 49696 | 204.79.197.200 | 192.168.2.4 |
Jan 24, 2021 10:23:28.755672932 CET | 49696 | 443 | 192.168.2.4 | 204.79.197.200 |
Jan 24, 2021 10:23:37.462538004 CET | 49683 | 443 | 192.168.2.4 | 40.126.31.135 |
Jan 24, 2021 10:23:37.462593079 CET | 49682 | 443 | 192.168.2.4 | 40.126.31.135 |
Jan 24, 2021 10:23:37.462704897 CET | 49683 | 443 | 192.168.2.4 | 40.126.31.135 |
Jan 24, 2021 10:23:37.462745905 CET | 49682 | 443 | 192.168.2.4 | 40.126.31.135 |
Jan 24, 2021 10:23:37.499459982 CET | 443 | 49683 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.499675989 CET | 443 | 49683 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.499989986 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.500017881 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.553977013 CET | 443 | 49683 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.554744005 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645104885 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645154953 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645194054 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645241976 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645297050 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645302057 CET | 49682 | 443 | 192.168.2.4 | 40.126.31.135 |
Jan 24, 2021 10:23:37.645345926 CET | 49682 | 443 | 192.168.2.4 | 40.126.31.135 |
Jan 24, 2021 10:23:37.645354986 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645435095 CET | 49682 | 443 | 192.168.2.4 | 40.126.31.135 |
Jan 24, 2021 10:23:37.645481110 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645541906 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645591974 CET | 443 | 49682 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645615101 CET | 49682 | 443 | 192.168.2.4 | 40.126.31.135 |
Jan 24, 2021 10:23:37.645648003 CET | 443 | 49683 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645689964 CET | 443 | 49683 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645725965 CET | 443 | 49683 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645764112 CET | 443 | 49683 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645801067 CET | 443 | 49683 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645807028 CET | 49683 | 443 | 192.168.2.4 | 40.126.31.135 |
Jan 24, 2021 10:23:37.645837069 CET | 443 | 49683 | 40.126.31.135 | 192.168.2.4 |
Jan 24, 2021 10:23:37.645838022 CET | 49683 | 443 | 192.168.2.4 | 40.126.31.135 |
Jan 24, 2021 10:23:37.645874023 CET | 443 | 49683 | 40.126.31.135 | 192.168.2.4 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 24, 2021 10:23:13.309921980 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:13.332984924 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:13.920188904 CET | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:13.943337917 CET | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:14.716948032 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:14.740032911 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:15.511826038 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:15.535604000 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:16.968394041 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:16.991550922 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:17.860275030 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:17.883440971 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:19.125066996 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:19.150897026 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:19.983750105 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:20.006917000 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:20.637813091 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:20.664338112 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:21.486450911 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:21.512278080 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:22.337990046 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:22.361217976 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:23.166867018 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:23.201261997 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:37.773974895 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:37.796924114 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:23:40.221301079 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:23:40.253931046 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:24:03.344569921 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:24:03.370654106 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jan 24, 2021 10:24:32.072946072 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 24, 2021 10:24:32.110757113 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49744 | 110.92.66.246 | 13527 | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 24, 2021 10:23:44.673149109 CET | 405 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 110.92.66.246 | 13527 | 192.168.2.4 | 49744 | C:\Users\user\zT6Nm@i4\PMRunner64.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 24, 2021 10:23:44.892343998 CET | 406 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.4 | 49745 | 110.92.66.246 | 13527 | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 24, 2021 10:23:50.193909883 CET | 407 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 110.92.66.246 | 13527 | 192.168.2.4 | 49745 | C:\Users\user\zT6Nm@i4\PMRunner64.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 24, 2021 10:23:50.387290955 CET | 407 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.4 | 49746 | 110.92.66.246 | 13527 | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 24, 2021 10:23:54.288530111 CET | 607 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 110.92.66.246 | 13527 | 192.168.2.4 | 49746 | C:\Users\user\zT6Nm@i4\PMRunner64.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 24, 2021 10:23:54.507450104 CET | 607 | IN |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:23:18 |
Start date: | 24/01/2021 |
Path: | C:\Users\user\Desktop\#U5e74#U7ec8#U63d0#U6210#U5206#U7ea2#U6838#U5bf9#U8868@i4.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x140000000 |
File size: | 3150336 bytes |
MD5 hash: | 6665909A2652C5860FD874CB15C3991C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 10:23:22 |
Start date: | 24/01/2021 |
Path: | C:\Users\user\zT6Nm@i4\zr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 461088 bytes |
MD5 hash: | 045FCBE6C174AFA9A6A998BDD6F9FAD7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: | |
Reputation: | low |
General |
---|
Start time: | 10:23:22 |
Start date: | 24/01/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:23:24 |
Start date: | 24/01/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff622070000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:23:24 |
Start date: | 24/01/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:23:28 |
Start date: | 24/01/2021 |
Path: | C:\ProgramData\Microsoft\zr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 461088 bytes |
MD5 hash: | 045FCBE6C174AFA9A6A998BDD6F9FAD7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: | |
Reputation: | low |
General |
---|
Start time: | 10:23:28 |
Start date: | 24/01/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:23:37 |
Start date: | 24/01/2021 |
Path: | C:\Users\user\zT6Nm@i4\PMRunner64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a5160000 |
File size: | 271704 bytes |
MD5 hash: | 65DBB57517611D9DE8CE522022DCD727 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: | |
Reputation: | low |
General |
---|
Start time: | 10:23:48 |
Start date: | 24/01/2021 |
Path: | C:\Users\user\zT6Nm@i4\PMRunner64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a5160000 |
File size: | 271704 bytes |
MD5 hash: | 65DBB57517611D9DE8CE522022DCD727 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 10:23:56 |
Start date: | 24/01/2021 |
Path: | C:\Users\user\zT6Nm@i4\PMRunner64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a5160000 |
File size: | 271704 bytes |
MD5 hash: | 65DBB57517611D9DE8CE522022DCD727 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|