Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 1212 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 171EEB8CA5C439E8AF9E180A5F6A09F8) - WerFault.exe (PID: 2732 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 212 -s 876 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_035892B0 | |
Source: | Code function: | 0_2_03589520 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0358354E | |
Source: | Code function: | 0_2_03586E1D |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 2 Virtualization/Sandbox Evasion | OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 2 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 11 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Timestomp | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | ReversingLabs | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1500631 |
Start date and time: | 2024-08-28 18:56:34 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal52.winEXE@2/5@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target file.exe, PID 1212 because it is empty
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: file.exe
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_f474d7ace939a34cc5b3cdfa86976697e4a181ee_ce8703b6_e31620dd-330d-450a-b53a-41b59fb426cf\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8607905807155944 |
Encrypted: | false |
SSDEEP: | 192:G9eGpF7viSyZs0BU/b0xaGgzuiFMZ24IO8HhB:zQ/iBU/aaBzuiFMY4IO8X |
MD5: | A6904115820570E71CFE6CB89333F2D9 |
SHA1: | E5BEB36717443DABC9BAD20A6EE381026228BD47 |
SHA-256: | ED7FD768DEE0D365B4E03D893DFB42C16DC0E59C82CA52EFD72A7B62E8F6EDBC |
SHA-512: | 6E6B1AE8DFEAED5D0010D24314D45EB4BD54BA6E1DC56987BFE7E45A360469D4C7309BC8DAECA741E27A0F98CCD6557D90D780964B36180B41190B1CAFB1599A |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 204085 |
Entropy (8bit): | 4.316557111474212 |
Encrypted: | false |
SSDEEP: | 3072:doeUU4Wku4uEqHz/fHLTgfUAYAgvOcwUZAdZUFj:dNUY42bzTgsAt |
MD5: | 172CBE5A8F2450839DC069D49BFCAD37 |
SHA1: | FFA49AE5FE5635AF03B51D380C1D0C37968500FD |
SHA-256: | 386DFA888E1A5C32066BA23A7AD42FC7026738CE0E3EAE786959C1B69D135AB6 |
SHA-512: | 87D3CC68B970DC4EDED98FA6D17EB414FD28098BA2134FFE83F634CD8B1D7939A6BE1171E04C4D2849BF7D583B9C0759BD1EF226A82A39FDC20CE3EF97E6353A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8378 |
Entropy (8bit): | 3.6921454463737695 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJICp6xL6Y2D6SUF3TFgGgmfZDc03prp89bxKsfaG7m:R6lXJR6xL6YXSUNTTgmf3Mxpfu |
MD5: | 70C84255F3EF377A3FEDE7CE8A89C930 |
SHA1: | B1450E8F5EFF05BF0DB023EA34BE26940A406C16 |
SHA-256: | 7F1D8FEC8F47B1B4A93D798F76864D63294DE9D34387C612B68091EFD283D446 |
SHA-512: | 704F062CB8C394F22D06F5284C55B616C285D2E4BBF2FD7E358B2B9C17E6A020C9AFE4AE66D568F8A43BFE652B521A9D3A4E55624B0C39F7AD7BD76087B99F24 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4679 |
Entropy (8bit): | 4.45806655232794 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsBuJg77aI9SVWpW8VYzYm8M4Jl9B2Fo+q8vp9B8jDsd:uIjfqI78k7VDJtKKjDsd |
MD5: | 62CADB92CA84E653A1B31AB6E72B94A3 |
SHA1: | 7EAA5195DE2BADF6D8E3F28A025CC9AEF96C4A80 |
SHA-256: | A20060D7E5341E5CF1165C57D4318BB587619F8B3A26B37F1109D6493042E163 |
SHA-512: | 97DCABCF11DD604E24DEFDDEAC2B1AD2E7B662A0664EEFF9A188E1DD4FF983E2026F5F463FB1116BE5E559B1A5E9CA1CC5126289019338B7F8FA5096D580CF76 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.468542828746928 |
Encrypted: | false |
SSDEEP: | 6144:lzZfpi6ceLPx9skLmb0frZWSP3aJG8nAgeiJRMMhA2zX4WABluuNbjDH5S:dZHtrZWOKnMM6bFp9j4 |
MD5: | 1956AE6B97FD9298C7AD75EC2D49CD00 |
SHA1: | 5C009AD3263B2478F95E28285471CA4817FDCB3E |
SHA-256: | C68F9F80722C537D113F0B890742FA6AF0A130BB439BE8AED94031AB6C8FA537 |
SHA-512: | 1857ABA9E6FD65E4CE9E5E3B6A011795F9E3C15B68218E89F06AA47EFA07744E68B06BDA1218966B9E0104BD6171C3FE80B76F84794B02F1F013467856BB7E47 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.466268556988696 |
TrID: |
|
File name: | file.exe |
File size: | 4'643'392 bytes |
MD5: | 171eeb8ca5c439e8af9e180a5f6a09f8 |
SHA1: | 0cd33a5c35f8c5ad98c5eab9b11946b1ff146bb3 |
SHA256: | 26de39355a5ffb112e494503f44bd63c8e2bc7dba35d58fedaaea1c84f868748 |
SHA512: | 82180324dac7a7c0020d7afa70a827489cafb01c98ee947d93957673e6ef72775cfd6658d06412196c12401293675712fcfb80a632cce0e6dd381295902dc8da |
SSDEEP: | 98304:q1H0pPbGUO4gORpEYYAA9Yd9Bw0/N+2IDSu839hqt4XIr:qqz/O4gOQYTAww0/N+fSzNg |
TLSH: | 0926BE0A3C50CE22F1194237C99D944857629B612BF2F37B3D76721E65223E7788F98E |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........................>...........>.. ....>...@.. ........................F......-G...@................................ |
Icon Hash: | 06766e4f1e396137 |
Entrypoint: | 0x7ea52e |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x80A2A9F9 [Sat May 22 12:26:33 2038 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Signature Valid: | false |
Signature Issuer: | CN=(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\)(^^^^^^^^^^^^)(%%%%%%%%%%%%%)(@@@@@@@@@@@@@@@@@)(//////////////////////////////)(\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\) |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 0D68771C6FA94F678A4488FBB89CD51E |
Thumbprint SHA-1: | 85A510C47B995445B42A12CB7A3DCD017632D157 |
Thumbprint SHA-256: | DA706B518FD2611CE17A28ABAD04CBA0A7F36539D7B3A540A7ABA19DCA508EF6 |
Serial: | 4957F7932C80D7914AB1FDB12E11EE37 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3ea4e0 | 0x4b | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3ee000 | 0x7bc6c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x464c00 | 0x8e40 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x46a000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3ea493 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x3e8534 | 0x3e8600 | d37c212a32e4bbe864c9c86c596d52d9 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.sdata | 0x3ec000 | 0x1f0 | 0x200 | e4a1a50b89c9e1c0b11a24eec6dadb85 | False | 0.876953125 | data | 6.662579920667493 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x3ee000 | 0x7bc6c | 0x7be00 | 6cb8d1b5d7de7dd71da4b621b450acc2 | False | 0.45092945887991925 | data | 6.504664736026332 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x46a000 | 0xc | 0x200 | ec6fbcdff192e4df16fd3dec833e99c6 | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
AFX_DIALOG_LAYOUT | 0x3ef1f4 | 0x2 | data | Japanese | Japan | 5.0 |
AFX_DIALOG_LAYOUT | 0x3ef1f8 | 0x2 | data | Japanese | Japan | 5.0 |
AVI | 0x3ef1fc | 0xac00 | RIFF (little-endian) data, AVI, 95 x 57, video: uncompressed RLE 8bpp | Japanese | Japan | 0.3108421148255814 |
RT_CURSOR | 0x3f9dfc | 0x134 | data | Japanese | Japan | 0.33116883116883117 |
RT_CURSOR | 0x3f9f30 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | Japanese | Japan | 0.4805194805194805 |
RT_CURSOR | 0x3fa064 | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | Japanese | Japan | 0.7 |
RT_CURSOR | 0x3fa118 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | Japanese | Japan | 0.37662337662337664 |
RT_CURSOR | 0x3fa24c | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | Japanese | Japan | 0.36363636363636365 |
RT_CURSOR | 0x3fa380 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | Japanese | Japan | 0.36688311688311687 |
RT_CURSOR | 0x3fa4b4 | 0x134 | data | Japanese | Japan | 0.37662337662337664 |
RT_CURSOR | 0x3fa5e8 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | Japanese | Japan | 0.5422077922077922 |
RT_CURSOR | 0x3fa71c | 0x134 | data | Japanese | Japan | 0.37337662337662336 |
RT_CURSOR | 0x3fa850 | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | Japanese | Japan | 0.38636363636363635 |
RT_CURSOR | 0x3fa984 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | Japanese | Japan | 0.35714285714285715 |
RT_CURSOR | 0x3faab8 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | Japanese | Japan | 0.36688311688311687 |
RT_CURSOR | 0x3fabec | 0x134 | data | Japanese | Japan | 0.44155844155844154 |
RT_CURSOR | 0x3fad20 | 0x134 | data | Japanese | Japan | 0.4155844155844156 |
RT_CURSOR | 0x3fae54 | 0x134 | data | Japanese | Japan | 0.2662337662337662 |
RT_CURSOR | 0x3faf88 | 0x134 | data | Japanese | Japan | 0.2824675324675325 |
RT_CURSOR | 0x3fb0bc | 0x134 | data | Japanese | Japan | 0.3246753246753247 |
RT_BITMAP | 0x3fb1f0 | 0x5888 | Device independent bitmap graphic, 600 x 36 x 8, image size 21600 | Japanese | Japan | 0.06441934345217085 |
RT_BITMAP | 0x400a78 | 0xfd48 | Device independent bitmap graphic, 600 x 36 x 24, image size 64800 | Japanese | Japan | 0.015021591610117211 |
RT_BITMAP | 0x4107c0 | 0x2e58 | Device independent bitmap graphic, 120 x 90 x 8, image size 10800, resolution 3780 x 3780 px/m | Japanese | Japan | 0.3295684423465947 |
RT_BITMAP | 0x413618 | 0x4b08 | Device independent bitmap graphic, 168 x 108 x 8, image size 18144, resolution 3780 x 3780 px/m | Japanese | Japan | 0.29607455226988755 |
RT_BITMAP | 0x418120 | 0xdf8 | Device independent bitmap graphic, 34 x 34 x 24, image size 3536 | Japanese | Japan | 0.433165548098434 |
RT_BITMAP | 0x418f18 | 0xdf8 | Device independent bitmap graphic, 34 x 34 x 24, image size 3536 | Japanese | Japan | 0.6031879194630873 |
RT_BITMAP | 0x419d10 | 0x4a8 | Device independent bitmap graphic, 15 x 24 x 24, image size 1152 | Japanese | Japan | 0.15016778523489932 |
RT_BITMAP | 0x41a1b8 | 0x4a8 | Device independent bitmap graphic, 15 x 24 x 24, image size 1152 | Japanese | Japan | 0.125 |
RT_BITMAP | 0x41a660 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | Japanese | Japan | 0.44565217391304346 |
RT_BITMAP | 0x41a718 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | Japanese | Japan | 0.37962962962962965 |
RT_ICON | 0x41a85c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m | German | Switzerland | 0.46646341463414637 |
RT_ICON | 0x41b904 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m | German | Switzerland | 0.3727562588568729 |
RT_ICON | 0x41fb2c | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | German | Switzerland | 0.3129066603572696 |
RT_ICON | 0x430354 | 0x104fa | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | German | Switzerland | 0.9921119592875318 |
RT_ICON | 0x440850 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m | Japanese | Japan | 0.46646341463414637 |
RT_ICON | 0x4418f8 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m | Japanese | Japan | 0.3727562588568729 |
RT_ICON | 0x445b20 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | Japanese | Japan | 0.3129066603572696 |
RT_ICON | 0x456348 | 0x104fa | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Japanese | Japan | 0.9921119592875318 |
RT_DIALOG | 0x466844 | 0x5e | data | Japanese | Japan | 0.8617021276595744 |
RT_DIALOG | 0x4668a4 | 0x40 | data | Japanese | Japan | 0.78125 |
RT_DIALOG | 0x4668e4 | 0x100 | data | Japanese | Japan | 0.61328125 |
RT_DIALOG | 0x4669e4 | 0xd8 | data | Japanese | Japan | 0.6620370370370371 |
RT_DIALOG | 0x466abc | 0xd8 | data | Japanese | Japan | 0.6481481481481481 |
RT_DIALOG | 0x466b94 | 0x1a4 | data | Japanese | Japan | 0.5119047619047619 |
RT_DIALOG | 0x466d38 | 0xe4 | data | Japanese | Japan | 0.6008771929824561 |
RT_DIALOG | 0x466e1c | 0x140 | data | Japanese | Japan | 0.575 |
RT_DIALOG | 0x466f5c | 0x26c | data | Japanese | Japan | 0.49838709677419357 |
RT_DIALOG | 0x4671c8 | 0xe8 | data | Japanese | Japan | 0.6594827586206896 |
RT_DIALOG | 0x4672b0 | 0x124 | data | Japanese | Japan | 0.5308219178082192 |
RT_DIALOG | 0x4673d4 | 0x26c | data | Japanese | Japan | 0.4129032258064516 |
RT_DIALOG | 0x467640 | 0x2ec | data | Japanese | Japan | 0.30080213903743314 |
RT_DIALOG | 0x46792c | 0x4c | data | Japanese | Japan | 0.8947368421052632 |
RT_DIALOG | 0x467978 | 0x40 | data | Japanese | Japan | 0.8125 |
RT_DIALOG | 0x4679b8 | 0x114 | data | Japanese | Japan | 0.5905797101449275 |
RT_DIALOG | 0x467acc | 0xe0 | data | Japanese | Japan | 0.6473214285714286 |
RT_DIALOG | 0x467bac | 0xe8 | data | Japanese | Japan | 0.6336206896551724 |
RT_DIALOG | 0x467c94 | 0x34 | data | Japanese | Japan | 0.9038461538461539 |
RT_STRING | 0x467cc8 | 0x82 | StarOffice Gallery theme p, 536899072 objects, 1st n | Japanese | Japan | 0.7153846153846154 |
RT_STRING | 0x467d4c | 0x2a | data | Japanese | Japan | 0.5476190476190477 |
RT_STRING | 0x467d78 | 0x184 | data | Japanese | Japan | 0.48711340206185566 |
RT_STRING | 0x467efc | 0x4ee | data | Japanese | Japan | 0.375594294770206 |
RT_STRING | 0x4683ec | 0x264 | data | Japanese | Japan | 0.3333333333333333 |
RT_STRING | 0x468650 | 0x2da | data | Japanese | Japan | 0.3698630136986301 |
RT_STRING | 0x46892c | 0x8a | data | Japanese | Japan | 0.6594202898550725 |
RT_STRING | 0x4689b8 | 0xac | data | Japanese | Japan | 0.45348837209302323 |
RT_STRING | 0x468a64 | 0xde | data | Japanese | Japan | 0.536036036036036 |
RT_STRING | 0x468b44 | 0x4a8 | data | Japanese | Japan | 0.3221476510067114 |
RT_STRING | 0x468fec | 0x228 | data | Japanese | Japan | 0.4003623188405797 |
RT_STRING | 0x469214 | 0x2c | data | Japanese | Japan | 0.5227272727272727 |
RT_STRING | 0x469240 | 0x53e | data | Japanese | Japan | 0.2965722801788376 |
RT_GROUP_CURSOR | 0x469780 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.25 |
RT_GROUP_CURSOR | 0x469794 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | Japanese | Japan | 1.0 |
RT_GROUP_CURSOR | 0x4697b8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x4697cc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x4697e0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x4697f4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x469808 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x46981c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x469830 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x469844 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x469858 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x46986c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x469880 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x469894 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x4698a8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_CURSOR | 0x4698bc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Japanese | Japan | 1.3 |
RT_GROUP_ICON | 0x4698d0 | 0x3e | data | German | Switzerland | 0.8064516129032258 |
RT_GROUP_ICON | 0x469910 | 0x3e | data | Japanese | Japan | 0.8709677419354839 |
RT_MANIFEST | 0x469950 | 0x31c | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (736), with CRLF line terminators | English | United States | 0.5238693467336684 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Japanese | Japan | |
German | Switzerland | |
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 12:57:32 |
Start date: | 28/08/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf00000 |
File size: | 4'643'392 bytes |
MD5 hash: | 171EEB8CA5C439E8AF9E180A5F6A09F8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 12:57:33 |
Start date: | 28/08/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1f0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Function 03583772 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 037736BB Relevance: .1, Instructions: 135COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03773A51 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03773939 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03587291 Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 037738D9 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03773A00 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 037739F1 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 037738E8 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03583C2B Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0377108E Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 035892B0 Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03589520 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 035829BF Relevance: 5.0, Strings: 4, Instructions: 42COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0377010A Relevance: 5.0, Strings: 4, Instructions: 41COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|