Score: | 45 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
AV Detection: |
|
---|
Antivirus / Scanner detection for submitted sample |
Source: |
Avira: |
Antivirus or Machine Learning detection for unpacked file |
Source: |
Avira: |
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
Source: |
Directory created: |
Jump to behavior | ||
Source: |
Directory created: |
Jump to behavior |
Source: |
Static PE information: |
Source: |
Code function: |
0_2_00000001400ACC40 | |
Source: |
Code function: |
0_2_000000014003C320 | |
Source: |
Code function: |
0_2_00000001400667A0 | |
Source: |
Code function: |
0_2_0000000140080A40 | |
Source: |
Code function: |
0_2_0000000140066AE0 | |
Source: |
Code function: |
0_2_00000001400ACB40 |
Networking: |
|
---|
JA3 SSL client fingerprint seen in connection with other malware |
Source: |
JA3 fingerprint: |
IP address seen in connection with other malware |
Source: |
IP Address: |
||
Source: |
IP Address: |
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Source: |
HTTP traffic detected: |
Source: |
DNS traffic detected: |
Source: |
Code function: |
0_2_000000014007D8A0 |
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
|
---|
Contains functionality to read the clipboard data |
Source: |
Code function: |
0_2_00000001400063F0 |
Contains functionality to record screenshots |
Source: |
Code function: |
0_2_0000000140054730 |
Potential key logger detected (key state polling based) |
Source: |
Code function: |
0_2_0000000140001B0C |
Contains functionality to retrieve information about pressed keystrokes |
Source: |
Code function: |
0_2_0000000140016300 |
Contains functionality for read data from the clipboard |
Source: |
Code function: |
0_2_0000000140006510 |
System Summary: |
|
---|
Sample or dropped binary is a compiled AutoHotkey binary |
Source: |
Window found: |
Jump to behavior |
Detected potential crypto function |
Source: |
Code function: |
0_2_000000014001E310 | |
Source: |
Code function: |
0_2_0000000140088360 | |
Source: |
Code function: |
0_2_0000000140048490 | |
Source: |
Code function: |
0_2_0000000140018A20 | |
Source: |
Code function: |
0_2_000000014001EB30 | |
Source: |
Code function: |
0_2_0000000140014BA0 | |
Source: |
Code function: |
0_2_00000001400B0CD0 | |
Source: |
Code function: |
0_2_0000000140016D90 | |
Source: |
Code function: |
0_2_000000014000CF50 | |
Source: |
Code function: |
0_2_0000000140005230 | |
Source: |
Code function: |
0_2_000000014001F300 | |
Source: |
Code function: |
0_2_0000000140085530 | |
Source: |
Code function: |
0_2_00000001400415D0 | |
Source: |
Code function: |
0_2_00000001400D1724 | |
Source: |
Code function: |
0_2_00000001400D57CC | |
Source: |
Code function: |
0_2_000000014007D8A0 | |
Source: |
Code function: |
0_2_000000014001F919 | |
Source: |
Code function: |
0_2_0000000140055950 | |
Source: |
Code function: |
0_2_0000000140001B0C | |
Source: |
Code function: |
0_2_0000000140059D20 | |
Source: |
Code function: |
0_2_000000014001FD1E | |
Source: |
Code function: |
0_2_0000000140124000 | |
Source: |
Code function: |
0_2_000000014007C03F | |
Source: |
Code function: |
0_2_0000000140070060 | |
Source: |
Code function: |
0_2_00000001400D8074 | |
Source: |
Code function: |
0_2_0000000140028120 | |
Source: |
Code function: |
0_2_000000014000A120 | |
Source: |
Code function: |
0_2_0000000140050135 | |
Source: |
Code function: |
0_2_000000014005C140 | |
Source: |
Code function: |
0_2_000000014004C160 | |
Source: |
Code function: |
0_2_00000001400581A0 | |
Source: |
Code function: |
0_2_00000001400741C0 | |
Source: |
Code function: |
0_2_0000000140076200 | |
Source: |
Code function: |
0_2_0000000140080230 | |
Source: |
Code function: |
0_2_000000014005E250 | |
Source: |
Code function: |
0_2_000000014009825C | |
Source: |
Code function: |
0_2_000000014002A2C0 | |
Source: |
Code function: |
0_2_00000001400A82F0 | |
Source: |
Code function: |
0_2_000000014006E380 | |
Source: |
Code function: |
0_2_00000001400503A4 | |
Source: |
Code function: |
0_2_00000001400523B0 | |
Source: |
Code function: |
0_2_0000000140040410 | |
Source: |
Code function: |
0_2_00000001400BA53B | |
Source: |
Code function: |
0_2_000000014000A540 | |
Source: |
Code function: |
0_2_000000014007A570 | |
Source: |
Code function: |
0_2_00000001400CE59C | |
Source: |
Code function: |
0_2_000000014008E5B0 | |
Source: |
Code function: |
0_2_00000001400605B9 | |
Source: |
Code function: |
0_2_00000001400DC5FC | |
Source: |
Code function: |
0_2_0000000140058660 | |
Source: |
Code function: |
0_2_00000001400BC670 | |
Source: |
Code function: |
0_2_0000000140074680 | |
Source: |
Code function: |
0_2_0000000140020680 | |
Source: |
Code function: |
0_2_0000000140032681 | |
Source: |
Code function: |
0_2_00000001400986A1 | |
Source: |
Code function: |
0_2_00000001400466C0 | |
Source: |
Code function: |
0_2_000000014008C6C3 | |
Source: |
Code function: |
0_2_0000000140054730 | |
Source: |
Code function: |
0_2_000000014004A740 | |
Source: |
Code function: |
0_2_00000001400BA760 | |
Source: |
Code function: |
0_2_00000001400D07B0 | |
Source: |
Code function: |
0_2_00000001400027BB | |
Source: |
Code function: |
0_2_00000001400507D0 | |
Source: |
Code function: |
0_2_000000014007E830 | |
Source: |
Code function: |
0_2_00000001400448D0 | |
Source: |
Code function: |
0_2_000000014007A8E0 | |
Source: |
Code function: |
0_2_000000014006C8F0 | |
Source: |
Code function: |
0_2_00000001400A2900 | |
Source: |
Code function: |
0_2_0000000140064950 | |
Source: |
Code function: |
0_2_00000001400989AD | |
Source: |
Code function: |
0_2_00000001400929C0 | |
Source: |
Code function: |
0_2_0000000140034A15 | |
Source: |
Code function: |
0_2_000000014008EA20 | |
Source: |
Code function: |
0_2_0000000140062A60 | |
Source: |
Code function: |
0_2_0000000140012A90 | |
Source: |
Code function: |
0_2_0000000140070AD0 | |
Source: |
Code function: |
0_2_000000014005AB70 | |
Source: |
Code function: |
0_2_0000000140060B80 | |
Source: |
Code function: |
0_2_000000014003EBC0 | |
Source: |
Code function: |
0_2_00000001400DCBE0 | |
Source: |
Code function: |
0_2_0000000140084C00 | |
Source: |
Code function: |
0_2_00000001400D4C18 | |
Source: |
Code function: |
0_2_000000014009CC50 | |
Source: |
Code function: |
0_2_0000000140006C60 | |
Source: |
Code function: |
0_2_000000014008CC90 | |
Source: |
Code function: |
0_2_000000014005CC90 | |
Source: |
Code function: |
0_2_0000000140034CA5 | |
Source: |
Code function: |
0_2_000000014004ECD0 | |
Source: |
Code function: |
0_2_0000000140056CE0 | |
Source: |
Code function: |
0_2_0000000140010CF0 | |
Source: |
Code function: |
0_2_000000014009ED00 | |
Source: |
Code function: |
0_2_000000014005ED30 | |
Source: |
Code function: |
0_2_0000000140058D70 | |
Source: |
Code function: |
0_2_000000014004ADC0 | |
Source: |
Code function: |
0_2_00000001400AEE30 | |
Source: |
Code function: |
0_2_0000000140038E2C | |
Source: |
Code function: |
0_2_000000014007CE48 | |
Source: |
Code function: |
0_2_0000000140050E90 | |
Source: |
Code function: |
0_2_0000000140070EA1 | |
Source: |
Code function: |
0_2_0000000140062ED0 |
Found potential string decryption / allocating functions |
Contains functionality to communicate with device drivers |
Source: |
Code function: |
0_2_000000014005EF30 |
Sample file is different than original file name gathered from version info |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
PE file contains strange resources |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Source: |
Key opened: |
Jump to behavior |
Source: |
Process created: |
|||
Source: |
Process created: |
|||
Source: |
Process created: |
|||
Source: |
Process created: |
|||
Source: |
Process created: |
|||
Source: |
Process created: |
|||
Source: |
Process created: |
|||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior |
Source: |
Key value queried: |
Jump to behavior |
Source: |
File created: |
Jump to behavior |
Source: |
File created: |
Jump to behavior |
Source: |
Classification label: |
Source: |
Code function: |
0_2_000000014007E830 |
Source: |
File read: |
Jump to behavior |
Source: |
Code function: |
0_2_00000001400605B9 |
Source: |
Code function: |
0_2_00000001400415D0 |
Source: |
Section loaded: |
Jump to behavior |
Source: |
Joe Sandbox Cloud Basic: |
Perma Link |
Source: |
Mutant created: |
||
Source: |
Mutant created: |
||
Source: |
Mutant created: |
||
Source: |
Mutant created: |
Source: |
Code function: |
0_2_00000001400203C0 |
Source: |
File created: |
Jump to behavior |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Source: |
File read: |
Jump to behavior | ||
Source: |
File read: |
Jump to behavior | ||
Source: |
File read: |
Jump to behavior |
Source: |
Window detected: |
Source: |
File opened: |
Jump to behavior |
Source: |
Static PE information: |
Source: |
Static file information: |
Source: |
Directory created: |
Jump to behavior | ||
Source: |
Directory created: |
Jump to behavior |
Source: |
Static PE information: |
Data Obfuscation: |
|
---|
Uses code obfuscation techniques (call, push, ret) |
Source: |
Code function: |
2_2_00007FFF2C5256B9 |
PE file contains sections with non-standard names |
Source: |
Static PE information: |
Contains functionality to dynamically determine API calls |
Source: |
Code function: |
0_2_000000014009E010 |
Hooking and other Techniques for Hiding and Protection: |
|
---|
Self deletion via cmd delete |
Source: |
Process created: |
|||
Source: |
Process created: |
Jump to behavior |
Contains functionality to check if a window is minimized (may be used to check if an application is visible) |
Source: |
Code function: |
0_2_00000001400B0AF0 | |
Source: |
Code function: |
0_2_00000001400B0CD0 | |
Source: |
Code function: |
0_2_0000000140050076 | |
Source: |
Code function: |
0_2_0000000140058660 | |
Source: |
Code function: |
0_2_0000000140054730 | |
Source: |
Code function: |
0_2_0000000140096770 | |
Source: |
Code function: |
0_2_0000000140096770 | |
Source: |
Code function: |
0_2_000000014009085D | |
Source: |
Code function: |
0_2_000000014009086D | |
Source: |
Code function: |
0_2_0000000140090865 | |
Source: |
Code function: |
0_2_000000014009087B | |
Source: |
Code function: |
0_2_000000014009689B | |
Source: |
Code function: |
0_2_0000000140096891 | |
Source: |
Code function: |
0_2_00000001400908BF | |
Source: |
Code function: |
0_2_00000001400448D0 | |
Source: |
Code function: |
0_2_00000001400968C6 | |
Source: |
Code function: |
0_2_00000001400968F8 | |
Source: |
Code function: |
0_2_00000001400908F7 | |
Source: |
Code function: |
0_2_0000000140090906 | |
Source: |
Code function: |
0_2_000000014009694A | |
Source: |
Code function: |
0_2_000000014009699C | |
Source: |
Code function: |
0_2_00000001400569B0 | |
Source: |
Code function: |
0_2_00000001400929C0 | |
Source: |
Code function: |
0_2_00000001400969C7 | |
Source: |
Code function: |
0_2_000000014008EA20 | |
Source: |
Code function: |
0_2_000000014009CC50 |
Monitors certain registry keys / values for changes (often done to protect autostart functionality) |
Source: |
Registry key monitored for changes: |
Jump to behavior |
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior |
Malware Analysis System Evasion: |
|
---|
Contains functionality to detect sleep reduction / modifications |
Source: |
Code function: |
0_2_0000000140018A20 |
May sleep (evasive loops) to hinder dynamic analysis |
Source: |
Thread sleep time: |
Jump to behavior |
Sample execution stops while process was sleeping (likely an evasion) |
Source: |
Last function: |
Uses the system / local time for branch decision (may execute only at specific dates) |
Source: |
Code function: |
0_2_0000000140058D70 | |
Source: |
Code function: |
0_2_0000000140058D70 |
Contains long sleeps (>= 3 min) |
Source: |
Thread delayed: |
Jump to behavior |
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts) |
Source: |
Code function: |
0_2_0000000140014BA0 | |
Source: |
Code function: |
0_2_000000014001A400 | |
Source: |
Code function: |
0_2_00000001400226B7 | |
Source: |
Code function: |
0_2_00000001400226B7 | |
Source: |
Code function: |
0_2_00000001400226BF | |
Source: |
Code function: |
0_2_00000001400226BF | |
Source: |
Code function: |
0_2_00000001400226C6 | |
Source: |
Code function: |
0_2_00000001400226C6 | |
Source: |
Code function: |
0_2_00000001400226ED | |
Source: |
Code function: |
0_2_00000001400226ED | |
Source: |
Code function: |
0_2_0000000140022711 | |
Source: |
Code function: |
0_2_0000000140022711 | |
Source: |
Code function: |
0_2_0000000140022735 | |
Source: |
Code function: |
0_2_0000000140022735 |
Found a high number of Window / User specific system calls (may be a loop to detect user behavior) |
Source: |
Window / User API: |
Jump to behavior | ||
Source: |
Window / User API: |
Jump to behavior |
Found large amount of non-executed APIs |
Source: |
API coverage: |
May check if the current machine is a sandbox (GetTickCount - Sleep) |
Source: |
Code function: |
0_2_0000000140018A20 |
Source: |
Process information queried: |
Jump to behavior |
Source: |
Code function: |
0_2_00000001400ACC40 | |
Source: |
Code function: |
0_2_000000014003C320 | |
Source: |
Code function: |
0_2_00000001400667A0 | |
Source: |
Code function: |
0_2_0000000140080A40 | |
Source: |
Code function: |
0_2_0000000140066AE0 | |
Source: |
Code function: |
0_2_00000001400ACB40 |
Source: |
Thread delayed: |
Jump to behavior |
Source: |
Binary or memory string: |
Anti Debugging: |
|
---|
Contains functionality to check if a debugger is running (IsDebuggerPresent) |
Source: |
Code function: |
0_2_00000001400D0790 |
Contains functionality to dynamically determine API calls |
Source: |
Code function: |
0_2_000000014009E010 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) |
Source: |
Code function: |
0_2_00000001400D6D5C |
Enables debug privileges |
Source: |
Process token adjusted: |
Jump to behavior |
Contains functionality to block mouse and keyboard input (often used to hinder debugging) |
Source: |
Code function: |
0_2_0000000140014BA0 |
Source: |
Code function: |
0_2_00000001400D2224 | |
Source: |
Code function: |
0_2_00000001400D0790 |
HIPS / PFW / Operating System Protection Evasion: |
|
---|
Contains functionality to simulate keystroke presses |
Source: |
Code function: |
0_2_0000000140016D90 |
Contains functionality to launch a program with higher privileges |
Source: |
Code function: |
0_2_00000001400415D0 |
Creates a process in suspended mode (likely to inject code) |
Source: |
Process created: |
Jump to behavior |
Contains functionality to simulate mouse events |
Source: |
Code function: |
0_2_00000001400185A0 |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Language, Device and Operating System Detection: |
|
---|
Queries the volume information (name, serial number etc) of a device |
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior | ||
Source: |
Queries volume information: |
Jump to behavior |
Source: |
Code function: |
0_2_000000014001FD1E |
Source: |
Code function: |
0_2_00000001400CD9B4 |
Source: |
Code function: |
0_2_0000000140068C10 |
Stealing of Sensitive Information: |
|
---|
OS version to string mapping found (often used in BOTs) |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Remote Access Functionality: |
|
---|
Contains functionality to open a port and listen for incoming connection (possibly a backdoor) |
Source: |
Code function: |
0_2_000000014001E310 | |
Source: |
Code function: |
0_2_0000000140072DC0 |
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.203.110 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.168.68 | www.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.168.45 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
52.217.132.145 | s3-w.us-east-1.amazonaws.com | United States | 16509 | AMAZON-02US | false | |
104.192.141.1 | bitbucket.org | United States | 16509 | AMAZON-02US | false | |
142.250.203.97 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
Private |
---|
IP |
---|
192.168.2.1 |
192.168.2.7 |
Name | IP | Active |
---|---|---|
s3-w.us-east-1.amazonaws.com | 52.217.132.145 | true |
bitbucket.org | 104.192.141.1 | true |
accounts.google.com | 172.217.168.45 | true |
www.google.com | 172.217.168.68 | true |
clients.l.google.com | 142.250.203.110 | true |
googlehosted.l.googleusercontent.com | 142.250.203.97 | true |
clients2.googleusercontent.com | unknown | unknown |
bbuseruploads.s3.amazonaws.com | unknown | unknown |
clients2.google.com | unknown | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
|
high | |
false |
|
high | |
false |
|
high | |
false |
|
high | |
false |
|
high | |
false |
|
high | |
false |
|
unknown | |
false |
|
high |