Windows Analysis Report vbc.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
|
{
"C2 list": [
"www.septemberstockevent200.com/ht08/"
],
"decoy": [
"joye.club",
"istanbulemlakgalerisi.online",
"annikadaniel.love",
"oooci.com",
"curebase-test.com",
"swisstradecenter.com",
"hacticum.com",
"centercodebase.com",
"recbi56ni.com",
"mmj0115.xyz",
"sharpstead.com",
"sprklbeauty.com",
"progettogenesi.cloud",
"dolinum.com",
"amaroqadvisors.com",
"traininig.com",
"leewaysvcs.com",
"nashhomesearch.com",
"joy1263.com",
"serkanyamac.com",
"nursingprogramsforme.com",
"huakf.com",
"1w3.online",
"watermountsteam.top",
"tyralruutan.quest",
"mattlambert.xyz",
"xn--fiqs8sypgfujbl4a.xn--czru2d",
"hfgoal.com",
"587868.net",
"noyoucantridemyonewheel.com",
"riewesell.top",
"expn.asia",
"suplementarsas.com",
"item154655544.com",
"cdgdentists.com",
"deboraverdian.com",
"franquiciasexclusivas.tienda",
"tminus-10.com",
"psychoterapeuta-wroclaw.com",
"coachingbywatson.com",
"lknitti.net",
"belenpison.agency",
"facilitetec.com",
"99077000.com",
"thefitmog.com",
"kinmanpowerwashing.com",
"escueladelbuenamor.com",
"getjoyce.net",
"oilelm.com",
"maikoufarm.com",
"hespresso.net",
"timothyschmallrealt.com",
"knoxvilleraingutters.com",
"roonkingagency.online",
"trashwasher.com",
"angyfoods.com",
"yungbredda.com",
"digipoint-entertainment.com",
"shangduli.space",
"kalaraskincare.com",
"ktnsound.xyz",
"miabellavita.com",
"thenlpmentor.com",
"marzhukov.com"
]
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 30 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 23 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Suspicius Add Task From User AppData Temp |
Source: | Author: frack113: |
Sigma detected: Powershell Defender Exclusion |
Source: | Author: Florian Roth: |
Sigma detected: Non Interactive PowerShell |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Sigma detected: T1086 PowerShell Execution |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Jbx Signature Overview |
---|
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • E-Banking Fraud
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Boot Survival
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection: |
---|
Found malware configuration |
Source: | Malware Configuration Extractor: |
Yara detected FormBook |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Antivirus detection for URL or domain |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | ||
Source: | Code function: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
System process connects to network (likely due to code injection or exploit) |
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Network Connect: | ||
Source: | Network Connect: | ||
Source: | Network Connect: |
Performs DNS queries to domains with low reputation |
Source: | DNS query: | ||
Source: | DNS query: |
C2 URLs / IPs found in malware configuration |
Source: | URLs: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected FormBook |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Joe Sandbox Cloud Basic: | Perma Link |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules |
Source: | Process created: |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: |
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Window / User API: | ||
Source: | Window / User API: |
Source: | Process information queried: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Process token adjusted: | ||
Source: | Process token adjusted: | ||
Source: | Process token adjusted: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Process queried: | ||
Source: | Process queried: |
Source: | Code function: |
Source: | Memory allocated: |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) |
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Network Connect: | ||
Source: | Network Connect: | ||
Source: | Network Connect: |
Sample uses process hollowing technique |
Source: | Section unmapped: |
Maps a DLL or memory area into another process |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Queues an APC in another process (thread injection) |
Source: | Thread APC queued: |
Modifies the context of a thread in another process (thread injection) |
Source: | Thread register set: | ||
Source: | Thread register set: | ||
Source: | Thread register set: |
Adds a directory exclusion to Windows Defender |
Source: | Process created: | ||
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Key value queried: |
Stealing of Sensitive Information: |
---|
Yara detected FormBook |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected FormBook |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scheduled Task/Job1 | Scheduled Task/Job1 | Process Injection512 | Masquerading1 | Input Capture1 | Query Registry1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Shared Modules1 | Boot or Logon Initialization Scripts | Scheduled Task/Job1 | Disable or Modify Tools11 | LSASS Memory | Security Software Discovery221 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion31 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection512 | NTDS | Virtualization/Sandbox Evasion31 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol13 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information3 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing13 | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | File and Directory Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Information Discovery112 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
No Antivirus matches |
---|
No Antivirus matches |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
4% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.septemberstockevent200.com | 172.67.188.247 | true | true | unknown | |
www.miabellavita.com | 104.21.4.114 | true | true |
| unknown |
mattlambert.xyz | 34.102.136.180 | true | false |
| unknown |
z010-gp-hk-06-75-adfh31.greycdn.net | 103.118.81.108 | true | false | unknown | |
www.maikoufarm.com | 118.27.122.222 | true | true | unknown | |
www.sharpstead.com | 44.227.65.245 | true | true | unknown | |
joye.club | 34.102.136.180 | true | false | unknown | |
yungbredda.com | 34.102.136.180 | true | false | unknown | |
www.mmj0115.xyz | 101.132.116.91 | true | true | unknown | |
ghs.googlehosted.com | 142.250.203.115 | true | false | unknown | |
www.watermountsteam.top | unknown | unknown | true | unknown | |
www.joye.club | unknown | unknown | true | unknown | |
www.yungbredda.com | unknown | unknown | true | unknown | |
www.leewaysvcs.com | unknown | unknown | true | unknown | |
www.joy1263.com | unknown | unknown | true | unknown | |
www.annikadaniel.love | unknown | unknown | true | unknown | |
www.mattlambert.xyz | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| low | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.4.114 | www.miabellavita.com | United States | 13335 | CLOUDFLARENETUS | true | |
34.102.136.180 | mattlambert.xyz | United States | 15169 | GOOGLEUS | false | |
118.27.122.222 | www.maikoufarm.com | Japan | 7506 | INTERQGMOInternetIncJP | true | |
172.67.188.247 | www.septemberstockevent200.com | United States | 13335 | CLOUDFLARENETUS | true | |
101.132.116.91 | www.mmj0115.xyz | China | 37963 | CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | true | |
44.227.65.245 | www.sharpstead.com | United States | 16509 | AMAZON-02US | true |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 518412 |
Start date: | 09.11.2021 |
Start time: | 12:55:04 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | vbc.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 29 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@10/8@14/6 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Time | Type | Description |
---|---|---|
12:56:03 | API Interceptor | |
12:56:08 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
118.27.122.222 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
44.227.65.245 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
www.sharpstead.com | Get hash | malicious | Browse |
| |
ghs.googlehosted.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
www.miabellavita.com | Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
INTERQGMOInternetIncJP | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
No context |
---|
No context |
---|
Process: | C:\Users\user\Desktop\vbc.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1216 |
Entropy (8bit): | 5.355304211458859 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr |
MD5: | FED34146BF2F2FA59DCF8702FCC8232E |
SHA1: | B03BFEA175989D989850CF06FE5E7BBF56EAA00A |
SHA-256: | 123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C |
SHA-512: | 1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 22284 |
Entropy (8bit): | 5.353881910568184 |
Encrypted: | false |
SSDEEP: | 384:ItCDbSTnJDrnVXf1JNcbnusm7u5c+Ohhbm1dOYlw4aC:DyJ/npXS7usw8c+gbqflT |
MD5: | 0D67EDF91C635D7850EF610BA3B6E80E |
SHA1: | 4E3C716CEB41805F4EBEC8E01E2D69660457AF54 |
SHA-256: | A6D8C87A3E4DA7C3B5B97E35199A28779B014EFAC9AD41187D1C4BD15B66299D |
SHA-512: | 7792499CA1DF9740430C00C695D4D981015FCAC4514F27F60824262CECB1330B68070722233CB1026B1AEBE4D8343370A1051C20500A532C536AB72B9FE36B45 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\vbc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1663 |
Entropy (8bit): | 5.177504026201777 |
Encrypted: | false |
SSDEEP: | 24:2dH4+SEqC/dp7hdMlNMFpdU/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBFtn:cbhH7MlNQ8/rydbz9I3YODOLNdq3t |
MD5: | E7C4E7B70996F6294F5F000C26736157 |
SHA1: | 44691C6732ED527445581CE7953F35BA9FB57A0C |
SHA-256: | 241672A3BAC2F63F1BD79B1F48B7C1F5B4F2D471652EFA5D367549DB7E85E084 |
SHA-512: | 7C28CFD9CF220B143D08741D0BF601D06328508AD571D9258C456BF0FBD4A7B9E7E9648A7C1913834AD6915AB80DE265ED59BE81292BE32EA3535781E5AE5B00 |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\Desktop\vbc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 368640 |
Entropy (8bit): | 7.907277852559704 |
Encrypted: | false |
SSDEEP: | 6144:hC9EDghMkMs4P2CW2RT9cERCtbjqg2vcy8a9KI75uhPLTDcfAYGQLomQVHb:h1DghTjPymtvqg4ya9R75AzOAcomQV7 |
MD5: | C4A1BDD685E346B7604F93357A922875 |
SHA1: | 6B8FCCADCF1977F5850FAA1C47617343FAFC0FF4 |
SHA-256: | 728B23F75C1140A1763DD7C75083F2AE57AFEB6FFA3D7B33A9BA1B4904C4566D |
SHA-512: | 15FD260D342AB48A0A23293EE49DC50150B0EDAABF869F9E2A80BB7946FE5483CB4D89037352AD76008FFCA703B93A68361F1D4FFD1E09F37996D5DF47BC6CA3 |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\Desktop\vbc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5845 |
Entropy (8bit): | 5.388652589278563 |
Encrypted: | false |
SSDEEP: | 96:BZQ6VN2qDo1ZNZ96VN2qDo1ZDTdLjZP6VN2qDo1ZwmbbhZm:l |
MD5: | 5428FD441DF4A369B3F10ABABA0933E5 |
SHA1: | 8BCE64310E0A65B24558C7C05A99177624050540 |
SHA-256: | 27FE637C478154A60944EC3E45F92277C28630985AFEC17CB104516F4970C5E8 |
SHA-512: | C7799055AD9994136A3B1AC72BFB37FC1AD79E58A24C5BEBE771444BAEE810AB50D11609305E6F8017B21188C027824D54920A516801399B92D78124B358BF28 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.907277852559704 |
TrID: |
|
File name: | vbc.exe |
File size: | 368640 |
MD5: | c4a1bdd685e346b7604f93357a922875 |
SHA1: | 6b8fccadcf1977f5850faa1c47617343fafc0ff4 |
SHA256: | 728b23f75c1140a1763dd7c75083f2ae57afeb6ffa3d7b33a9ba1b4904c4566d |
SHA512: | 15fd260d342ab48a0a23293ee49dc50150b0edaabf869f9e2a80bb7946fe5483cb4d89037352ad76008ffca703b93a68361f1d4ffd1e09f37996d5df47bc6ca3 |
SSDEEP: | 6144:hC9EDghMkMs4P2CW2RT9cERCtbjqg2vcy8a9KI75uhPLTDcfAYGQLomQVHb:h1DghTjPymtvqg4ya9R75AzOAcomQV7 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(-.a................................. ........@.. ....................................@................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
General | |
---|---|
Entrypoint: | 0x45b50e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x618A2D28 [Tue Nov 9 08:11:20 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5b4c0 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5c000 | 0x5d8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5e000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x59514 | 0x59600 | False | 0.893217329545 | data | 7.9203967863 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x5c000 | 0x5d8 | 0x600 | False | 0.431640625 | data | 4.16950249458 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x5e000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x5c0a0 | 0x34c | data | ||
RT_MANIFEST | 0x5c3ec | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright usda 2011 |
Assembly Version | 1.0.0.0 |
InternalName | ICollecti.exe |
FileVersion | 1.0.0.0 |
CompanyName | usda |
LegalTrademarks | |
Comments | |
ProductName | HidLib.SampleApp |
ProductVersion | 1.0.0.0 |
FileDescription | HidLib.SampleApp |
OriginalFilename | ICollecti.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
11/09/21-12:57:17.665894 | TCP | 2031453 | ET TROJAN FormBook CnC Checkin (GET) | 49794 | 80 | 192.168.2.7 | 44.227.65.245 |
11/09/21-12:57:17.665894 | TCP | 2031449 | ET TROJAN FormBook CnC Checkin (GET) | 49794 | 80 | 192.168.2.7 | 44.227.65.245 |
11/09/21-12:57:17.665894 | TCP | 2031412 | ET TROJAN FormBook CnC Checkin (GET) | 49794 | 80 | 192.168.2.7 | 44.227.65.245 |
11/09/21-12:57:29.013759 | TCP | 2031453 | ET TROJAN FormBook CnC Checkin (GET) | 49816 | 80 | 192.168.2.7 | 172.67.188.247 |
11/09/21-12:57:29.013759 | TCP | 2031449 | ET TROJAN FormBook CnC Checkin (GET) | 49816 | 80 | 192.168.2.7 | 172.67.188.247 |
11/09/21-12:57:29.013759 | TCP | 2031412 | ET TROJAN FormBook CnC Checkin (GET) | 49816 | 80 | 192.168.2.7 | 172.67.188.247 |
11/09/21-12:57:34.283009 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49818 | 34.102.136.180 | 192.168.2.7 |
11/09/21-12:57:39.595240 | TCP | 2031453 | ET TROJAN FormBook CnC Checkin (GET) | 49821 | 80 | 192.168.2.7 | 101.132.116.91 |
11/09/21-12:57:39.595240 | TCP | 2031449 | ET TROJAN FormBook CnC Checkin (GET) | 49821 | 80 | 192.168.2.7 | 101.132.116.91 |
11/09/21-12:57:39.595240 | TCP | 2031412 | ET TROJAN FormBook CnC Checkin (GET) | 49821 | 80 | 192.168.2.7 | 101.132.116.91 |
11/09/21-12:57:48.252391 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
11/09/21-12:57:49.299373 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
11/09/21-12:58:02.641444 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49848 | 34.102.136.180 | 192.168.2.7 |
11/09/21-12:58:08.507989 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49850 | 103.118.81.108 | 192.168.2.7 |
11/09/21-12:58:13.678079 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49851 | 34.102.136.180 | 192.168.2.7 |
Network Port Distribution |
---|
- Total Packets: 57
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 9, 2021 12:57:17.263117075 CET | 49794 | 80 | 192.168.2.7 | 44.227.65.245 |
Nov 9, 2021 12:57:17.464613914 CET | 80 | 49794 | 44.227.65.245 | 192.168.2.7 |
Nov 9, 2021 12:57:17.464808941 CET | 49794 | 80 | 192.168.2.7 | 44.227.65.245 |
Nov 9, 2021 12:57:17.665780067 CET | 80 | 49794 | 44.227.65.245 | 192.168.2.7 |
Nov 9, 2021 12:57:17.665894032 CET | 49794 | 80 | 192.168.2.7 | 44.227.65.245 |
Nov 9, 2021 12:57:17.866852045 CET | 80 | 49794 | 44.227.65.245 | 192.168.2.7 |
Nov 9, 2021 12:57:17.870632887 CET | 80 | 49794 | 44.227.65.245 | 192.168.2.7 |
Nov 9, 2021 12:57:17.870656967 CET | 80 | 49794 | 44.227.65.245 | 192.168.2.7 |
Nov 9, 2021 12:57:17.870831013 CET | 49794 | 80 | 192.168.2.7 | 44.227.65.245 |
Nov 9, 2021 12:57:17.870949984 CET | 49794 | 80 | 192.168.2.7 | 44.227.65.245 |
Nov 9, 2021 12:57:18.072505951 CET | 80 | 49794 | 44.227.65.245 | 192.168.2.7 |
Nov 9, 2021 12:57:23.135832071 CET | 49815 | 80 | 192.168.2.7 | 118.27.122.222 |
Nov 9, 2021 12:57:23.410075903 CET | 80 | 49815 | 118.27.122.222 | 192.168.2.7 |
Nov 9, 2021 12:57:23.410485983 CET | 49815 | 80 | 192.168.2.7 | 118.27.122.222 |
Nov 9, 2021 12:57:23.410603046 CET | 49815 | 80 | 192.168.2.7 | 118.27.122.222 |
Nov 9, 2021 12:57:23.684633970 CET | 80 | 49815 | 118.27.122.222 | 192.168.2.7 |
Nov 9, 2021 12:57:23.685393095 CET | 80 | 49815 | 118.27.122.222 | 192.168.2.7 |
Nov 9, 2021 12:57:23.685415030 CET | 80 | 49815 | 118.27.122.222 | 192.168.2.7 |
Nov 9, 2021 12:57:23.685635090 CET | 49815 | 80 | 192.168.2.7 | 118.27.122.222 |
Nov 9, 2021 12:57:23.685856104 CET | 49815 | 80 | 192.168.2.7 | 118.27.122.222 |
Nov 9, 2021 12:57:23.959731102 CET | 80 | 49815 | 118.27.122.222 | 192.168.2.7 |
Nov 9, 2021 12:57:28.980609894 CET | 49816 | 80 | 192.168.2.7 | 172.67.188.247 |
Nov 9, 2021 12:57:29.008771896 CET | 80 | 49816 | 172.67.188.247 | 192.168.2.7 |
Nov 9, 2021 12:57:29.008956909 CET | 49816 | 80 | 192.168.2.7 | 172.67.188.247 |
Nov 9, 2021 12:57:29.013758898 CET | 49816 | 80 | 192.168.2.7 | 172.67.188.247 |
Nov 9, 2021 12:57:29.041816950 CET | 80 | 49816 | 172.67.188.247 | 192.168.2.7 |
Nov 9, 2021 12:57:29.071464062 CET | 80 | 49816 | 172.67.188.247 | 192.168.2.7 |
Nov 9, 2021 12:57:29.071500063 CET | 80 | 49816 | 172.67.188.247 | 192.168.2.7 |
Nov 9, 2021 12:57:29.071659088 CET | 49816 | 80 | 192.168.2.7 | 172.67.188.247 |
Nov 9, 2021 12:57:29.071784973 CET | 49816 | 80 | 192.168.2.7 | 172.67.188.247 |
Nov 9, 2021 12:57:29.099801064 CET | 80 | 49816 | 172.67.188.247 | 192.168.2.7 |
Nov 9, 2021 12:57:34.146682978 CET | 49818 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:57:34.165709019 CET | 80 | 49818 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:57:34.168278933 CET | 49818 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:57:34.168477058 CET | 49818 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:57:34.187295914 CET | 80 | 49818 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:57:34.283009052 CET | 80 | 49818 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:57:34.283037901 CET | 80 | 49818 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:57:34.283171892 CET | 49818 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:57:34.283231020 CET | 49818 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:57:34.594325066 CET | 49818 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:57:34.613336086 CET | 80 | 49818 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:57:39.346448898 CET | 49821 | 80 | 192.168.2.7 | 101.132.116.91 |
Nov 9, 2021 12:57:39.594898939 CET | 80 | 49821 | 101.132.116.91 | 192.168.2.7 |
Nov 9, 2021 12:57:39.595088959 CET | 49821 | 80 | 192.168.2.7 | 101.132.116.91 |
Nov 9, 2021 12:57:39.595240116 CET | 49821 | 80 | 192.168.2.7 | 101.132.116.91 |
Nov 9, 2021 12:57:40.121010065 CET | 49821 | 80 | 192.168.2.7 | 101.132.116.91 |
Nov 9, 2021 12:57:40.172657967 CET | 49821 | 80 | 192.168.2.7 | 101.132.116.91 |
Nov 9, 2021 12:57:40.386682034 CET | 80 | 49821 | 101.132.116.91 | 192.168.2.7 |
Nov 9, 2021 12:57:40.442859888 CET | 80 | 49821 | 101.132.116.91 | 192.168.2.7 |
Nov 9, 2021 12:57:40.442886114 CET | 80 | 49821 | 101.132.116.91 | 192.168.2.7 |
Nov 9, 2021 12:57:40.443016052 CET | 49821 | 80 | 192.168.2.7 | 101.132.116.91 |
Nov 9, 2021 12:57:40.443337917 CET | 49821 | 80 | 192.168.2.7 | 101.132.116.91 |
Nov 9, 2021 12:57:57.405693054 CET | 49847 | 80 | 192.168.2.7 | 104.21.4.114 |
Nov 9, 2021 12:57:57.422708988 CET | 80 | 49847 | 104.21.4.114 | 192.168.2.7 |
Nov 9, 2021 12:57:57.422836065 CET | 49847 | 80 | 192.168.2.7 | 104.21.4.114 |
Nov 9, 2021 12:57:57.423017979 CET | 49847 | 80 | 192.168.2.7 | 104.21.4.114 |
Nov 9, 2021 12:57:57.441745043 CET | 80 | 49847 | 104.21.4.114 | 192.168.2.7 |
Nov 9, 2021 12:57:57.453866005 CET | 80 | 49847 | 104.21.4.114 | 192.168.2.7 |
Nov 9, 2021 12:57:57.453880072 CET | 80 | 49847 | 104.21.4.114 | 192.168.2.7 |
Nov 9, 2021 12:57:57.454087973 CET | 49847 | 80 | 192.168.2.7 | 104.21.4.114 |
Nov 9, 2021 12:57:57.454360962 CET | 49847 | 80 | 192.168.2.7 | 104.21.4.114 |
Nov 9, 2021 12:57:57.472325087 CET | 80 | 49847 | 104.21.4.114 | 192.168.2.7 |
Nov 9, 2021 12:58:02.506881952 CET | 49848 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:58:02.525774956 CET | 80 | 49848 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:58:02.526007891 CET | 49848 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:58:02.526216030 CET | 49848 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:58:02.547923088 CET | 80 | 49848 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:58:02.641443968 CET | 80 | 49848 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:58:02.641474962 CET | 80 | 49848 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:58:02.641747952 CET | 49848 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:58:02.641813040 CET | 49848 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:58:02.660756111 CET | 80 | 49848 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:58:13.543569088 CET | 49851 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:58:13.562455893 CET | 80 | 49851 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:58:13.562738895 CET | 49851 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:58:13.562832117 CET | 49851 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:58:13.581716061 CET | 80 | 49851 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:58:13.678078890 CET | 80 | 49851 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:58:13.678164005 CET | 80 | 49851 | 34.102.136.180 | 192.168.2.7 |
Nov 9, 2021 12:58:13.678350925 CET | 49851 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:58:13.678407907 CET | 49851 | 80 | 192.168.2.7 | 34.102.136.180 |
Nov 9, 2021 12:58:13.698116064 CET | 80 | 49851 | 34.102.136.180 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 9, 2021 12:57:17.065556049 CET | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:57:17.257793903 CET | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:57:22.879528999 CET | 49247 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:57:23.134397984 CET | 53 | 49247 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:57:28.956065893 CET | 52286 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:57:28.979376078 CET | 53 | 52286 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:57:34.122539997 CET | 63744 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:57:34.145211935 CET | 53 | 63744 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:57:39.320169926 CET | 58367 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:57:39.345231056 CET | 53 | 58367 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:57:45.131288052 CET | 60599 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:57:46.126441956 CET | 60599 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:57:47.157723904 CET | 60599 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:57:47.272138119 CET | 53 | 60599 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:57:48.252280951 CET | 53 | 60599 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:57:49.299220085 CET | 53 | 60599 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:57:52.316186905 CET | 59571 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:57:52.362221003 CET | 53 | 59571 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:57:57.381405115 CET | 52689 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:57:57.404184103 CET | 53 | 52689 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:58:02.464620113 CET | 50290 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:58:02.505490065 CET | 53 | 50290 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:58:07.645164967 CET | 56209 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:58:07.974133968 CET | 53 | 56209 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:58:13.521158934 CET | 59582 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:58:13.542715073 CET | 53 | 59582 | 8.8.8.8 | 192.168.2.7 |
Nov 9, 2021 12:58:18.693773031 CET | 60949 | 53 | 192.168.2.7 | 8.8.8.8 |
Nov 9, 2021 12:58:18.740915060 CET | 53 | 60949 | 8.8.8.8 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Nov 9, 2021 12:57:48.252391100 CET | 192.168.2.7 | 8.8.8.8 | cffe | (Port unreachable) | Destination Unreachable |
Nov 9, 2021 12:57:49.299372911 CET | 192.168.2.7 | 8.8.8.8 | cffe | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 9, 2021 12:57:17.065556049 CET | 192.168.2.7 | 8.8.8.8 | 0xce70 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:22.879528999 CET | 192.168.2.7 | 8.8.8.8 | 0x76b1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:28.956065893 CET | 192.168.2.7 | 8.8.8.8 | 0x349c | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:34.122539997 CET | 192.168.2.7 | 8.8.8.8 | 0x3b78 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:39.320169926 CET | 192.168.2.7 | 8.8.8.8 | 0xfbda | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:45.131288052 CET | 192.168.2.7 | 8.8.8.8 | 0xc50d | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:46.126441956 CET | 192.168.2.7 | 8.8.8.8 | 0xc50d | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:47.157723904 CET | 192.168.2.7 | 8.8.8.8 | 0xc50d | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:52.316186905 CET | 192.168.2.7 | 8.8.8.8 | 0x28ab | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:57.381405115 CET | 192.168.2.7 | 8.8.8.8 | 0x9bdc | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:58:02.464620113 CET | 192.168.2.7 | 8.8.8.8 | 0x2f30 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:58:07.645164967 CET | 192.168.2.7 | 8.8.8.8 | 0xa6b4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:58:13.521158934 CET | 192.168.2.7 | 8.8.8.8 | 0x527b | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:58:18.693773031 CET | 192.168.2.7 | 8.8.8.8 | 0xd29c | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 9, 2021 12:57:17.257793903 CET | 8.8.8.8 | 192.168.2.7 | 0xce70 | No error (0) | 44.227.65.245 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:57:17.257793903 CET | 8.8.8.8 | 192.168.2.7 | 0xce70 | No error (0) | 44.227.76.166 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:57:23.134397984 CET | 8.8.8.8 | 192.168.2.7 | 0x76b1 | No error (0) | 118.27.122.222 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:57:28.979376078 CET | 8.8.8.8 | 192.168.2.7 | 0x349c | No error (0) | 172.67.188.247 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:57:28.979376078 CET | 8.8.8.8 | 192.168.2.7 | 0x349c | No error (0) | 104.21.65.66 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:57:34.145211935 CET | 8.8.8.8 | 192.168.2.7 | 0x3b78 | No error (0) | joye.club | CNAME (Canonical name) | IN (0x0001) | ||
Nov 9, 2021 12:57:34.145211935 CET | 8.8.8.8 | 192.168.2.7 | 0x3b78 | No error (0) | 34.102.136.180 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:57:39.345231056 CET | 8.8.8.8 | 192.168.2.7 | 0xfbda | No error (0) | 101.132.116.91 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:57:47.272138119 CET | 8.8.8.8 | 192.168.2.7 | 0xc50d | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:48.252280951 CET | 8.8.8.8 | 192.168.2.7 | 0xc50d | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:49.299220085 CET | 8.8.8.8 | 192.168.2.7 | 0xc50d | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:52.362221003 CET | 8.8.8.8 | 192.168.2.7 | 0x28ab | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Nov 9, 2021 12:57:57.404184103 CET | 8.8.8.8 | 192.168.2.7 | 0x9bdc | No error (0) | 104.21.4.114 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:57:57.404184103 CET | 8.8.8.8 | 192.168.2.7 | 0x9bdc | No error (0) | 172.67.132.7 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:58:02.505490065 CET | 8.8.8.8 | 192.168.2.7 | 0x2f30 | No error (0) | yungbredda.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 9, 2021 12:58:02.505490065 CET | 8.8.8.8 | 192.168.2.7 | 0x2f30 | No error (0) | 34.102.136.180 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:58:07.974133968 CET | 8.8.8.8 | 192.168.2.7 | 0xa6b4 | No error (0) | s1.amhttpproxy.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 9, 2021 12:58:07.974133968 CET | 8.8.8.8 | 192.168.2.7 | 0xa6b4 | No error (0) | g380-5-g-1544770457451j.greycdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Nov 9, 2021 12:58:07.974133968 CET | 8.8.8.8 | 192.168.2.7 | 0xa6b4 | No error (0) | y01-p380-01-def-006.greycdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Nov 9, 2021 12:58:07.974133968 CET | 8.8.8.8 | 192.168.2.7 | 0xa6b4 | No error (0) | z010-gp-hk-06-75-adfh31.greycdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Nov 9, 2021 12:58:07.974133968 CET | 8.8.8.8 | 192.168.2.7 | 0xa6b4 | No error (0) | 103.118.81.108 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:58:13.542715073 CET | 8.8.8.8 | 192.168.2.7 | 0x527b | No error (0) | mattlambert.xyz | CNAME (Canonical name) | IN (0x0001) | ||
Nov 9, 2021 12:58:13.542715073 CET | 8.8.8.8 | 192.168.2.7 | 0x527b | No error (0) | 34.102.136.180 | A (IP address) | IN (0x0001) | ||
Nov 9, 2021 12:58:18.740915060 CET | 8.8.8.8 | 192.168.2.7 | 0xd29c | No error (0) | ghs.googlehosted.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 9, 2021 12:58:18.740915060 CET | 8.8.8.8 | 192.168.2.7 | 0xd29c | No error (0) | 142.250.203.115 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.7 | 49794 | 44.227.65.245 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 9, 2021 12:57:17.665894032 CET | 5058 | OUT | |
Nov 9, 2021 12:57:17.870632887 CET | 5100 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.7 | 49815 | 118.27.122.222 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 9, 2021 12:57:23.410603046 CET | 5345 | OUT | |
Nov 9, 2021 12:57:23.685393095 CET | 5346 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.7 | 49816 | 172.67.188.247 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 9, 2021 12:57:29.013758898 CET | 5347 | OUT | |
Nov 9, 2021 12:57:29.071464062 CET | 5347 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.7 | 49818 | 34.102.136.180 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 9, 2021 12:57:34.168477058 CET | 5355 | OUT | |
Nov 9, 2021 12:57:34.283009052 CET | 5356 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.7 | 49821 | 101.132.116.91 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 9, 2021 12:57:39.595240116 CET | 5368 | OUT | |
Nov 9, 2021 12:57:40.172657967 CET | 5368 | OUT | |
Nov 9, 2021 12:57:40.442859888 CET | 5368 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.7 | 49847 | 104.21.4.114 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 9, 2021 12:57:57.423017979 CET | 5431 | OUT | |
Nov 9, 2021 12:57:57.453866005 CET | 5431 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.7 | 49848 | 34.102.136.180 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 9, 2021 12:58:02.526216030 CET | 5432 | OUT | |
Nov 9, 2021 12:58:02.641443968 CET | 5433 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.7 | 49851 | 34.102.136.180 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 9, 2021 12:58:13.562832117 CET | 5442 | OUT | |
Nov 9, 2021 12:58:13.678078890 CET | 5442 | IN |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
Start time: | 12:56:02 |
Start date: | 09/11/2021 |
Path: | C:\Users\user\Desktop\vbc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6f0000 |
File size: | 368640 bytes |
MD5 hash: | C4A1BDD685E346B7604F93357A922875 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Start time: | 12:56:05 |
Start date: | 09/11/2021 |
Path: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1110000 |
File size: | 430592 bytes |
MD5 hash: | DBA3E6449E97D4E3DF64527EF7012A10 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
Start time: | 12:56:06 |
Start date: | 09/11/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff774ee0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Start time: | 12:56:06 |
Start date: | 09/11/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc00000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
File Activities
Start time: | 12:56:07 |
Start date: | 09/11/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff774ee0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Start time: | 12:56:08 |
Start date: | 09/11/2021 |
Path: | C:\Users\user\Desktop\vbc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7ff6e70f0000 |
File size: | 368640 bytes |
MD5 hash: | C4A1BDD685E346B7604F93357A922875 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
File Activities
Start time: | 12:56:11 |
Start date: | 09/11/2021 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff662bf0000 |
File size: | 3933184 bytes |
MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
File Activities
Start time: | 12:56:45 |
Start date: | 09/11/2021 |
Path: | C:\Windows\SysWOW64\help.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x120000 |
File size: | 10240 bytes |
MD5 hash: | 09A715036F14D3632AD03B52D1DA6BFF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
File Activities
Disassembly |
---|
Code Analysis |
---|