Windows
Analysis Report
CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe (PID: 2800 cmdline:
C:\Users\u ser\Deskto p\CONTRACT _REVISED-S HIPMENT-DO CUMENTS_EX PORTS_REFE RENCE-QT63 637-029939 00299348.e xe MD5: 045F22CE9BE3D33B07A00780EE66FCFD)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
Click to jump to signature section
Source: | Static PE information: |
Source: | Registry value created: | Jump to behavior |
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: |
System Summary |
---|
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Key value queried: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: |
Source: | File read: | Jump to behavior |
Source: | Code function: |
Source: | Registry value created: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Code function: |
Source: | File created: | Jump to dropped file |
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | RDTSC instruction interceptor: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Code function: |
Source: | Code function: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 Windows Service | 1 Access Token Manipulation | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Windows Service | 1 Access Token Manipulation | LSASS Memory | 3 File and Directory Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | 13 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
10% | ReversingLabs | Win32.Downloader.Minix |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
1% | Virustotal | Browse | ||
4% | Metadefender | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 736949 |
Start date and time: | 2022-11-03 12:21:13 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal60.troj.evad.winEXE@1/3@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
12:22:10 | API Interceptor |
Process: | C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 5.737556724687435 |
Encrypted: | false |
SSDEEP: | 192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL |
MD5: | 6E55A6E7C3FDBD244042EB15CB1EC739 |
SHA1: | 070EA80E2192ABC42F358D47B276990B5FA285A9 |
SHA-256: | ACF90AB6F4EDC687E94AAF604D05E16E6CFB5E35873783B50C66F307A35C6506 |
SHA-512: | 2D504B74DA38EDC967E3859733A2A9CACD885DB82F0CA69BFB66872E882707314C54238344D45945DC98BAE85772ACEEF71A741787922D640627D3C8AE8F1C35 |
Malicious: | false |
Antivirus: | |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 6.880810677512409 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPysDQqinrW8/97kGwr/F+Elz3hsKrnLIuYK/SwtNVp:6v/7ZiK817kG3Mz3ZIiSoN7 |
MD5: | 03DEC13C99CA8B2766C9B4468E0E781B |
SHA1: | DA2202AF040D5494D7281FAB003C748457255CEE |
SHA-256: | DEBC1949821086D01AE4A60BFFF1A73CFF47E7AB100E9028556496C254C05655 |
SHA-512: | 566533ABC453A817570660154026D2206866073AB28CA6243C15AFF6A57C4A8B686EB7F23B4161EF4AE2A2C5C71F3DD6FD7271F4667A8C2E606D7CA19CC71FE7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106887 |
Entropy (8bit): | 7.75553468119485 |
Encrypted: | false |
SSDEEP: | 1536:bYpDSzihO1IsnBzEfH5ZR0fha22stcSuYZtL+8VdfWuZTJrBWmlRsMM:mDcgO1IeQfH5ZRXstcgKodfhrBBDM |
MD5: | 73A6739AA8670352F00CA22E28B2E5E3 |
SHA1: | 14B5E6BB7FA6A534D9CCB20C19F57D82C8C8D634 |
SHA-256: | 1E182B58911811ED9709B682EFE83DD96093AC013DA58698D2687E526E4D3B96 |
SHA-512: | 46D0E7F0B7EC4042B66B0CF98076D9E59157B3A011A9EB2E1238D4B5B579B9B9194F257F3B6DB9191F66F135232B0D9DA85360CBC8F87B612847FAE471083971 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.688048037898308 |
TrID: |
|
File name: | CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe |
File size: | 236896 |
MD5: | 045f22ce9be3d33b07a00780ee66fcfd |
SHA1: | 91b74e75d55c33d8d82b10bed51ca7d3ad80147c |
SHA256: | e05ec32c2edc10b6917a3cbcac9d823cb37db908cc51f3ec459800992e2b8b37 |
SHA512: | c363c64fe3b52d615601810b577168be5b3339ba6bde011ae0c76bbee76718782f8b737b0c9f6d82d34197045ce1c35389cba26622349bb2c0c77f62ed29d063 |
SSDEEP: | 6144:vT4DtMeWIPR0PVPCespE0s67yIMYxrzWJougaEzEk:vTpeZ00SI18ogC |
TLSH: | 2134014177B5C463ED564A30C813A7F2A9B97C11D9E89F4707423E8EBC76382DA1A32D |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...P..`.................h......... |
Icon Hash: | 879b931b3bb3b393 |
Entrypoint: | 0x4034c5 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x60FC9250 [Sat Jul 24 22:21:04 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 6e7f9a29f2c85394521a08b9f31f6275 |
Signature Valid: | false |
Signature Issuer: | OU="Squatterism Autodialing ", E=Wirestitched@Longobardian.No, O=driftier, L=West Tarbert, S=Scotland, C=GB |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | CE0B0A248006454637FB21369D393B35 |
Thumbprint SHA-1: | FDB8159D5CAE5E96B90D0300979493249FE76435 |
Thumbprint SHA-256: | 67AA1334C6C443A496FCD527B5F1A30A2CA661AC20D33E7BCCADEF6982D2575C |
Serial: | 33616A6CE5467077 |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+14h], ebx |
mov dword ptr [esp+10h], 0040A2E0h |
mov dword ptr [esp+1Ch], ebx |
call dword ptr [004080CCh] |
call dword ptr [004080D0h] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [00434F0Ch], eax |
je 00007F4CDCBD8053h |
push ebx |
call 00007F4CDCBDB341h |
cmp eax, ebx |
je 00007F4CDCBD8049h |
push 00000C00h |
call eax |
mov esi, 004082B0h |
push esi |
call 00007F4CDCBDB2BBh |
push esi |
call dword ptr [00408154h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], 00000000h |
jne 00007F4CDCBD802Ch |
push 0000000Bh |
call 00007F4CDCBDB314h |
push 00000009h |
call 00007F4CDCBDB30Dh |
push 00000007h |
mov dword ptr [00434F04h], eax |
call 00007F4CDCBDB301h |
cmp eax, ebx |
je 00007F4CDCBD8051h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007F4CDCBD8049h |
or byte ptr [00434F0Fh], 00000040h |
push ebp |
call dword ptr [00408038h] |
push ebx |
call dword ptr [00408298h] |
mov dword ptr [00434FD8h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebx |
push 0042B228h |
call dword ptr [0040818Ch] |
push 0040A2C8h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x7e000 | 0x147e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x37ca8 | 0x20b8 | .ndata |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6793 | 0x6800 | False | 0.6720628004807693 | data | 6.495258513279076 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x14a4 | 0x1600 | False | 0.4385653409090909 | data | 5.01371465125838 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2b018 | 0x600 | False | 0.5240885416666666 | data | 4.155579717739458 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x36000 | 0x48000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x7e000 | 0x147e8 | 0x14800 | False | 0.8290658346036586 | data | 7.314494987254223 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x7e4f0 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States |
RT_ICON | 0x7e858 | 0x820b | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x86a68 | 0x39ac | PNG image data, 256 x 256, 8-bit colormap, non-interlaced | English | United States |
RT_ICON | 0x8a418 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
RT_ICON | 0x8c9c0 | 0x14fa | PNG image data, 256 x 256, 4-bit colormap, non-interlaced | English | United States |
RT_ICON | 0x8dec0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
RT_ICON | 0x8ef68 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304 | English | United States |
RT_ICON | 0x8fe10 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | English | United States |
RT_ICON | 0x906b8 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States |
RT_ICON | 0x90d20 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256 | English | United States |
RT_ICON | 0x91288 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x916f0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States |
RT_ICON | 0x919d8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States |
RT_DIALOG | 0x91b00 | 0x144 | data | English | United States |
RT_DIALOG | 0x91c48 | 0x13c | data | English | United States |
RT_DIALOG | 0x91d88 | 0x100 | data | English | United States |
RT_DIALOG | 0x91e88 | 0x11c | data | English | United States |
RT_DIALOG | 0x91fa8 | 0xc4 | data | English | United States |
RT_DIALOG | 0x92070 | 0xb6 | data | English | United States |
RT_DIALOG | 0x92128 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x92188 | 0xae | data | English | United States |
RT_VERSION | 0x92238 | 0x270 | data | English | United States |
RT_MANIFEST | 0x924a8 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, SetWindowPos, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersion, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, ExitProcess, CopyFileW, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Target ID: | 0 |
Start time: | 12:22:10 |
Start date: | 03/11/2022 |
Path: | C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 236896 bytes |
MD5 hash: | 045F22CE9BE3D33B07A00780EE66FCFD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |