Windows
Analysis Report
pagamento.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- pagamento.exe (PID: 2068 cmdline:
"C:\Users\ user\Deskt op\pagamen to.exe" MD5: 3AED500E59BF7F4761C307FA6976FD7A) - RegSvcs.exe (PID: 2444 cmdline:
"C:\Users\ user\Deskt op\pagamen to.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "jorge.morales@cirotec.mx", "Password": "fV&uD7[{_c&4", "Host": "mail.cirotec.mx", "Port": "587", "Version": "5.1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MALWARE_Win_SnakeKeylogger | Detects Snake Keylogger | ditekSHen |
| |
Click to see the 16 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 15 entries |
Timestamp: | 2024-08-29T12:02:50.042956+0200 |
SID: | 2803305 |
Severity: | 3 |
Source Port: | 49716 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Timestamp: | 2024-08-29T12:02:43.302201+0200 |
SID: | 2803305 |
Severity: | 3 |
Source Port: | 49708 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Timestamp: | 2024-08-29T12:02:52.685606+0200 |
SID: | 2803305 |
Severity: | 3 |
Source Port: | 49720 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Timestamp: | 2024-08-29T12:02:43.993994+0200 |
SID: | 2803274 |
Severity: | 2 |
Source Port: | 49709 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-08-29T12:02:41.806438+0200 |
SID: | 2803274 |
Severity: | 2 |
Source Port: | 49706 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-08-29T12:02:44.538824+0200 |
SID: | 2803305 |
Severity: | 3 |
Source Port: | 49710 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Unknown Traffic |
Timestamp: | 2024-08-29T12:02:42.744009+0200 |
SID: | 2803274 |
Severity: | 2 |
Source Port: | 49706 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00C0DBBE | |
Source: | Code function: | 0_2_00BDC2A2 | |
Source: | Code function: | 0_2_00C168EE | |
Source: | Code function: | 0_2_00C1698F | |
Source: | Code function: | 0_2_00C0D076 | |
Source: | Code function: | 0_2_00C0D3A9 | |
Source: | Code function: | 0_2_00C19642 | |
Source: | Code function: | 0_2_00C1979D | |
Source: | Code function: | 0_2_00C19B2B | |
Source: | Code function: | 0_2_00C15C97 |
Source: | Code function: | 2_2_0120E431 | |
Source: | Code function: | 2_2_0120E431 | |
Source: | Code function: | 2_2_0120F778 | |
Source: | Code function: | 2_2_0120E005 | |
Source: | Code function: | 2_2_0120D7F0 | |
Source: | Code function: | 2_2_0120DE23 | |
Source: | Code function: | 2_2_058C85B0 | |
Source: | Code function: | 2_2_058C55C0 | |
Source: | Code function: | 2_2_058C7D00 | |
Source: | Code function: | 2_2_058C0498 | |
Source: | Code function: | 2_2_058C7450 | |
Source: | Code function: | 2_2_058C6FF8 | |
Source: | Code function: | 2_2_058C6720 | |
Source: | Code function: | 2_2_058C3676 | |
Source: | Code function: | 2_2_058C5E70 | |
Source: | Code function: | 2_2_058C5140 | |
Source: | Code function: | 2_2_058C8158 | |
Source: | Code function: | 2_2_058C78A8 | |
Source: | Code function: | 2_2_058C08F0 | |
Source: | Code function: | 2_2_058C0040 | |
Source: | Code function: | 2_2_058C3350 | |
Source: | Code function: | 2_2_058C3360 | |
Source: | Code function: | 2_2_058C6B78 | |
Source: | Code function: | 2_2_058C62C8 | |
Source: | Code function: | 2_2_058C5A18 |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00C1CE44 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: | 0_2_00C1EAFF |
Source: | Code function: | 0_2_00C1ED6A |
Source: | Code function: | 0_2_00C1EAFF |
Source: | Code function: | 0_2_00C0AA57 |
Source: | Code function: | 0_2_00C39576 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_75c2cd94-e | |
Source: | String found in binary or memory: | memstr_42bd0774-3 | |
Source: | String found in binary or memory: | memstr_4c942d24-8 | |
Source: | String found in binary or memory: | memstr_17069779-b |
Source: | Code function: | 0_2_00C0D5EB |
Source: | Code function: | 0_2_00C01201 |
Source: | Code function: | 0_2_00C0E8F6 |
Source: | Code function: | 0_2_00C12046 | |
Source: | Code function: | 0_2_00BA8060 | |
Source: | Code function: | 0_2_00C08298 | |
Source: | Code function: | 0_2_00BDE4FF | |
Source: | Code function: | 0_2_00BD676B | |
Source: | Code function: | 0_2_00C34873 | |
Source: | Code function: | 0_2_00BCCAA0 | |
Source: | Code function: | 0_2_00BACAF0 | |
Source: | Code function: | 0_2_00BBCC39 | |
Source: | Code function: | 0_2_00BD6DD9 | |
Source: | Code function: | 0_2_00BA91C0 | |
Source: | Code function: | 0_2_00BBB119 | |
Source: | Code function: | 0_2_00BC1394 | |
Source: | Code function: | 0_2_00BC1706 | |
Source: | Code function: | 0_2_00BC781B | |
Source: | Code function: | 0_2_00BC19B0 | |
Source: | Code function: | 0_2_00BA7920 | |
Source: | Code function: | 0_2_00BB997D | |
Source: | Code function: | 0_2_00BC7A4A | |
Source: | Code function: | 0_2_00BC7CA7 | |
Source: | Code function: | 0_2_00BC1C77 | |
Source: | Code function: | 0_2_00BD9EEE | |
Source: | Code function: | 0_2_00C2BE44 | |
Source: | Code function: | 0_2_00BC1F32 | |
Source: | Code function: | 0_2_022F3650 | |
Source: | Code function: | 2_2_01206108 | |
Source: | Code function: | 2_2_0120C190 | |
Source: | Code function: | 2_2_0120B328 | |
Source: | Code function: | 2_2_0120E431 | |
Source: | Code function: | 2_2_0120C470 | |
Source: | Code function: | 2_2_01206730 | |
Source: | Code function: | 2_2_0120F778 | |
Source: | Code function: | 2_2_0120C752 | |
Source: | Code function: | 2_2_0120A84F | |
Source: | Code function: | 2_2_01209858 | |
Source: | Code function: | 2_2_0120BBB8 | |
Source: | Code function: | 2_2_0120CA32 | |
Source: | Code function: | 2_2_01204AD9 | |
Source: | Code function: | 2_2_0120BEB0 | |
Source: | Code function: | 2_2_01203572 | |
Source: | Code function: | 2_2_0120B4F2 | |
Source: | Code function: | 2_2_0120D7E0 | |
Source: | Code function: | 2_2_0120D7F0 | |
Source: | Code function: | 2_2_058CC580 | |
Source: | Code function: | 2_2_058C85B0 | |
Source: | Code function: | 2_2_058CAC48 | |
Source: | Code function: | 2_2_058C9FB0 | |
Source: | Code function: | 2_2_058CBF30 | |
Source: | Code function: | 2_2_058CA600 | |
Source: | Code function: | 2_2_058CB8E0 | |
Source: | Code function: | 2_2_058C8B95 | |
Source: | Code function: | 2_2_058CCBD0 | |
Source: | Code function: | 2_2_058CB290 | |
Source: | Code function: | 2_2_058CD218 | |
Source: | Code function: | 2_2_058C85A0 | |
Source: | Code function: | 2_2_058C55B2 | |
Source: | Code function: | 2_2_058C55C0 | |
Source: | Code function: | 2_2_058CA5F0 | |
Source: | Code function: | 2_2_058C7D00 | |
Source: | Code function: | 2_2_058C0D48 | |
Source: | Code function: | 2_2_058CC570 | |
Source: | Code function: | 2_2_058C0488 | |
Source: | Code function: | 2_2_058C0498 | |
Source: | Code function: | 2_2_058C7CF0 | |
Source: | Code function: | 2_2_058C743F | |
Source: | Code function: | 2_2_058CAC37 | |
Source: | Code function: | 2_2_058C7450 | |
Source: | Code function: | 2_2_058C9FA0 | |
Source: | Code function: | 2_2_058C6FE8 | |
Source: | Code function: | 2_2_058C6FF8 | |
Source: | Code function: | 2_2_058C6712 | |
Source: | Code function: | 2_2_058C6720 | |
Source: | Code function: | 2_2_058CBF20 | |
Source: | Code function: | 2_2_058C36D8 | |
Source: | Code function: | 2_2_058C5E60 | |
Source: | Code function: | 2_2_058C5E70 | |
Source: | Code function: | 2_2_058C5132 | |
Source: | Code function: | 2_2_058C8148 | |
Source: | Code function: | 2_2_058C5140 | |
Source: | Code function: | 2_2_058C8158 | |
Source: | Code function: | 2_2_058C7898 | |
Source: | Code function: | 2_2_058C78A8 | |
Source: | Code function: | 2_2_058CB8D0 | |
Source: | Code function: | 2_2_058C08E1 | |
Source: | Code function: | 2_2_058C08F0 | |
Source: | Code function: | 2_2_058C0007 | |
Source: | Code function: | 2_2_058C2848 | |
Source: | Code function: | 2_2_058C0040 | |
Source: | Code function: | 2_2_058C2858 | |
Source: | Code function: | 2_2_058CCBC0 | |
Source: | Code function: | 2_2_058C43D8 | |
Source: | Code function: | 2_2_058C3350 | |
Source: | Code function: | 2_2_058C6B69 | |
Source: | Code function: | 2_2_058C3360 | |
Source: | Code function: | 2_2_058C6B78 | |
Source: | Code function: | 2_2_058CB281 | |
Source: | Code function: | 2_2_058C62BA | |
Source: | Code function: | 2_2_058C62C8 | |
Source: | Code function: | 2_2_058C5A08 | |
Source: | Code function: | 2_2_058CD20B | |
Source: | Code function: | 2_2_058C5A18 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_00C137B5 |
Source: | Code function: | 0_2_00C010BF | |
Source: | Code function: | 0_2_00C016C3 |
Source: | Code function: | 0_2_00C151CD |
Source: | Code function: | 0_2_00C2A67C |
Source: | Code function: | 0_2_00C1648E |
Source: | Code function: | 0_2_00BA42A2 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00BA42DE |
Source: | Code function: | 0_2_00BC0A89 | |
Source: | Code function: | 0_2_00C3595F | |
Source: | Code function: | 0_2_00C3596B | |
Source: | Code function: | 0_2_00C3596F | |
Source: | Code function: | 0_2_00C35973 | |
Source: | Code function: | 0_2_00C35977 | |
Source: | Code function: | 0_2_00C3597B | |
Source: | Code function: | 0_2_00C35EF7 | |
Source: | Code function: | 0_2_00C35E92 | |
Source: | Code function: | 2_2_012024BF |
Source: | Code function: | 0_2_00BBF98E | |
Source: | Code function: | 0_2_00C31C41 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-100426 |
Source: | API/Special instruction interceptor: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Code function: | 0_2_00C0DBBE | |
Source: | Code function: | 0_2_00BDC2A2 | |
Source: | Code function: | 0_2_00C168EE | |
Source: | Code function: | 0_2_00C1698F | |
Source: | Code function: | 0_2_00C0D076 | |
Source: | Code function: | 0_2_00C0D3A9 | |
Source: | Code function: | 0_2_00C19642 | |
Source: | Code function: | 0_2_00C1979D | |
Source: | Code function: | 0_2_00C19B2B | |
Source: | Code function: | 0_2_00C15C97 |
Source: | Code function: | 0_2_00BA42DE |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00C1EAA2 |
Source: | Code function: | 0_2_00BD2622 |
Source: | Code function: | 0_2_00BA42DE |
Source: | Code function: | 0_2_00BC4CE8 | |
Source: | Code function: | 0_2_022F34E0 | |
Source: | Code function: | 0_2_022F3540 | |
Source: | Code function: | 0_2_022F1E70 |
Source: | Code function: | 0_2_00C00B62 |
Source: | Code function: | 0_2_00BD2622 | |
Source: | Code function: | 0_2_00BC083F | |
Source: | Code function: | 0_2_00BC09D5 | |
Source: | Code function: | 0_2_00BC0C21 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_00C01201 |
Source: | Code function: | 0_2_00BE2BA5 |
Source: | Code function: | 0_2_00C0B226 |
Source: | Code function: | 0_2_00C222DA |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00C00B62 |
Source: | Code function: | 0_2_00C01663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00BC0698 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00C18195 |
Source: | Code function: | 0_2_00BFD27A |
Source: | Code function: | 0_2_00BDB952 |
Source: | Code function: | 0_2_00BA42DE |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00C21204 | |
Source: | Code function: | 0_2_00C21806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 2 Valid Accounts | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 21 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 2 Valid Accounts | 3 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 127 System Information Discovery | Distributed Component Object Model | 21 Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 2 Valid Accounts | LSA Secrets | 221 Security Software Discovery | SSH | 3 Clipboard Data | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 111 Virtualization/Sandbox Evasion | Cached Domain Credentials | 111 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Access Token Manipulation | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 212 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
58% | ReversingLabs | Win32.Trojan.SnakeKeylogger | ||
60% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 188.114.97.3 | true | true |
| unknown |
checkip.dyndns.com | 193.122.6.168 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.114.97.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1501077 |
Start date and time: | 2024-08-29 12:01:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | pagamento.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/4@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegSvcs.exe, PID 2444 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
06:02:41 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
188.114.97.3 | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Nitol | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
193.122.6.168 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | MassLogger RAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Azorult | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Process: | C:\Users\user\Desktop\pagamento.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 97560 |
Entropy (8bit): | 7.927868859098673 |
Encrypted: | false |
SSDEEP: | 1536:JGGFlEXeqY+W5BoprCuSk6VAcaau/q3KsRnoADv/CfLoPhcZwZWfJ:Jt5j+W59usVAcaaukCcHC2CZwZ6 |
MD5: | 212880177D7C923CD60706AFBDE5D9DD |
SHA1: | 7EC63EBF4F8E7F93E48B121B6B28D2AD6A6BF737 |
SHA-256: | 35E42A4460CD32AE0447A203D26BF2D869E7D5BD177FFCE05FE472B9240E3763 |
SHA-512: | 4C1F4B219F9C23A5171DFF876942EA54E9D17AFD2E1F6D03D162374A9FF7477926E50744080BFFC4A3CCA4E99DDC6FECBD77D05039C3317259D131FA91A1F25C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\pagamento.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43572 |
Entropy (8bit): | 7.819120980760013 |
Encrypted: | false |
SSDEEP: | 768:EQPgVsrKNTu4gm0H4ZnioE0gCdI9b0SbR2KN43+vE724s2FNKThj6SG:EQPgmY+m84p1gaSFT43+4s2SB6SG |
MD5: | A6DF418D3C8974E366FC76533561636B |
SHA1: | 8362CD5ADB9FD2DFF11EBFDC2D903BB34BF074B8 |
SHA-256: | B07B71AE7323EB68427FE30DF571E967183E06DA72DDD34D1D37BE134DC216EB |
SHA-512: | 5710C416880299CF026764DB37D30AD3E89B2C50F6443B17AFCFB517004857F6A06E2FBC016E21B50444212B0CB39BF8574BC66BE61F1CBDD33BB0D2A5906D5B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\pagamento.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86022 |
Entropy (8bit): | 4.17957477249631 |
Encrypted: | false |
SSDEEP: | 1536:21v3INdUFkWdeJ94zJsegSbyp8LbocYU61WP:2cufMeJseRL0cWWP |
MD5: | AC8953D9F922092846636830155F5BE2 |
SHA1: | C51F9F45873EE87A6B2C32D87E1C81D3AB7439F3 |
SHA-256: | F05A351945559CB314D468920DE060F1EF05B41F4CB35F700365AF438CD5BDD5 |
SHA-512: | C5C24574CA76BA69AB77EEA2C023161E79AC89740399C6B3731B245C0F137BDC5BD80B9EDB2739E8646DDDF7ADC9EB0728CEA9567A2436A34D35493F6891602B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\pagamento.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 133632 |
Entropy (8bit): | 6.984604285734691 |
Encrypted: | false |
SSDEEP: | 3072:8zrRA5B60PQmxhBT7bE00nvPIgpY3qTzsbJwOKiHRpSYwH:8/4630nUogZEd7KiBc |
MD5: | 7B0E753AFA691A8D31B95484B187C3F5 |
SHA1: | 8F461AF30690A0C0CAE159EBE7DC6E8FEA553758 |
SHA-256: | 491D90B601F574F96023631C3CE2E4B46460B0C0DD8B99F9D48E59E8EEB0C2BD |
SHA-512: | 3231B3C471CBC2F7AF0B0610D0A458E29550D6EED417B4DDCB226FD1FEE7A49D65ED67F113CF2E65BDE8641B84AC290F88150C944B9A461D82DB9E85D6E0E5CA |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.9654228846729485 |
TrID: |
|
File name: | pagamento.exe |
File size: | 1'116'160 bytes |
MD5: | 3aed500e59bf7f4761c307fa6976fd7a |
SHA1: | d9332de73d9cae677566ece8350e9648e54ef9de |
SHA256: | eba01987d394303d9b87f90eeba8d51a5509f4ce484620a032ce94c2e38502d3 |
SHA512: | f5df046061c37d9399dda941bb0114659f57911485fd00b9bcbbd8b7b9318e419fa6aca6b68046b0d13513429b10a7b02db0da4569fca4e58402ab812d7d4fd8 |
SSDEEP: | 24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8aNGxkbziWU:mTvC/MTQYxsWR7aNEoiW |
TLSH: | 9535BF0273C1D022FF9B92734B5BF6515BBC6A260123A61F13A81D79BE701B1563E7A3 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
Icon Hash: | aaf3e3e3938382a0 |
Entrypoint: | 0x420577 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66C5BF66 [Wed Aug 21 10:20:22 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 948cc502fe9226992dce9417f952fce3 |
Instruction |
---|
call 00007F63993B4453h |
jmp 00007F63993B3D5Fh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F63993B3F3Dh |
mov dword ptr [esi], 0049FDF0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FDF8h |
mov dword ptr [ecx], 0049FDF0h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F63993B3F0Ah |
mov dword ptr [esi], 0049FE0Ch |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FE14h |
mov dword ptr [ecx], 0049FE0Ch |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
and dword ptr [eax], 00000000h |
and dword ptr [eax+04h], 00000000h |
push eax |
mov eax, dword ptr [ebp+08h] |
add eax, 04h |
push eax |
call 00007F63993B6AFDh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 0049FDD0h |
push eax |
call 00007F63993B6B48h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
push eax |
call 00007F63993B6B31h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0x39d0c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x10e000 | 0x7594 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xd4000 | 0x39d0c | 0x39e00 | a91d6f8b8345c7f0abb71bec09e0eee2 | False | 0.8862926903347732 | data | 7.79306139810255 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x10e000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xd45a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xd46d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xd47f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xd4920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
RT_ICON | 0xd4c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
RT_ICON | 0xd4d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
RT_ICON | 0xd5bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
RT_ICON | 0xd6480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
RT_ICON | 0xd69e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
RT_ICON | 0xd8f90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
RT_ICON | 0xda038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
RT_MENU | 0xda4a0 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0xda4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0xdaa84 | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0xdb110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0xdb5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xdbb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xdc1f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0xdc660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0xdc7b8 | 0x30fd2 | data | 1.0003538358799549 | ||
RT_GROUP_ICON | 0x10d78c | 0x76 | data | English | Great Britain | 0.6610169491525424 |
RT_GROUP_ICON | 0x10d804 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x10d818 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0x10d82c | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0x10d840 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0x10d91c | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Protocol | SID | Signature | Severity | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|---|
2024-08-29T12:02:50.042956+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 49716 | 443 | 192.168.2.9 | 188.114.97.3 |
2024-08-29T12:02:43.302201+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 49708 | 443 | 192.168.2.9 | 188.114.97.3 |
2024-08-29T12:02:52.685606+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 49720 | 443 | 192.168.2.9 | 188.114.97.3 |
2024-08-29T12:02:43.993994+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 49709 | 80 | 192.168.2.9 | 193.122.6.168 |
2024-08-29T12:02:41.806438+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
2024-08-29T12:02:44.538824+0200 | TCP | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 49710 | 443 | 192.168.2.9 | 188.114.97.3 |
2024-08-29T12:02:42.744009+0200 | TCP | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 12:02:40.522304058 CEST | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:40.529453039 CEST | 80 | 49706 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:40.529575109 CEST | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:40.531263113 CEST | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:40.536082983 CEST | 80 | 49706 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:41.220768929 CEST | 80 | 49706 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:41.275268078 CEST | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:41.562094927 CEST | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:41.567912102 CEST | 80 | 49706 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:41.753981113 CEST | 80 | 49706 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:41.806437969 CEST | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:41.839463949 CEST | 49707 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:41.839520931 CEST | 443 | 49707 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:41.839580059 CEST | 49707 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:41.848999977 CEST | 49707 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:41.849028111 CEST | 443 | 49707 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:42.324265957 CEST | 443 | 49707 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:42.324368954 CEST | 49707 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:42.329016924 CEST | 49707 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:42.329030037 CEST | 443 | 49707 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:42.329336882 CEST | 443 | 49707 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:42.380166054 CEST | 49707 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:42.424513102 CEST | 443 | 49707 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:42.486920118 CEST | 443 | 49707 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:42.487030983 CEST | 443 | 49707 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:42.487086058 CEST | 49707 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:42.493113995 CEST | 49707 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:42.496957064 CEST | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:42.502228022 CEST | 80 | 49706 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:42.688169956 CEST | 80 | 49706 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:42.690403938 CEST | 49708 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:42.690454006 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:42.690526009 CEST | 49708 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:42.690820932 CEST | 49708 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:42.690833092 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:42.744009018 CEST | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:43.153439045 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:43.156122923 CEST | 49708 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:43.156143904 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:43.302222967 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:43.302342892 CEST | 443 | 49708 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:43.302423954 CEST | 49708 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:43.302968979 CEST | 49708 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:43.306325912 CEST | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:43.307816982 CEST | 49709 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:43.312511921 CEST | 80 | 49706 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:43.312614918 CEST | 49706 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:43.312978029 CEST | 80 | 49709 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:43.313047886 CEST | 49709 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:43.313182116 CEST | 49709 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:43.318728924 CEST | 80 | 49709 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:43.944389105 CEST | 80 | 49709 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:43.945611000 CEST | 49710 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:43.945676088 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:43.945760965 CEST | 49710 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:43.946036100 CEST | 49710 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:43.946050882 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:43.993993998 CEST | 49709 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:44.405740976 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:44.421314001 CEST | 49710 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:44.421353102 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:44.538839102 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:44.538933039 CEST | 443 | 49710 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:44.539077997 CEST | 49710 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:44.543406010 CEST | 49710 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:44.789659977 CEST | 49711 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:45.790915012 CEST | 49711 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:45.869575977 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:45.869707108 CEST | 49711 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:45.869826078 CEST | 49711 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:46.090538979 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:46.090558052 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:46.090636969 CEST | 49711 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:46.892383099 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:46.893796921 CEST | 49712 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:46.893831968 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:46.893923998 CEST | 49712 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:46.894134045 CEST | 49712 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:46.894144058 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:46.946280956 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:46.946356058 CEST | 49711 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:47.371334076 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:47.373142958 CEST | 49712 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:47.373163939 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:47.522445917 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:47.522546053 CEST | 443 | 49712 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:47.522631884 CEST | 49712 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:47.523227930 CEST | 49712 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:47.526787996 CEST | 49711 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:47.528052092 CEST | 49713 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:47.532247066 CEST | 80 | 49711 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:47.532339096 CEST | 49711 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:47.532943964 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:47.533006907 CEST | 49713 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:47.533159971 CEST | 49713 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:47.538527966 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:48.160515070 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:48.162209988 CEST | 49714 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:48.162267923 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:48.162360907 CEST | 49714 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:48.162843943 CEST | 49714 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:48.162861109 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:48.212754011 CEST | 49713 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:48.621661901 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:48.632132053 CEST | 49714 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:48.632153034 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:48.771785021 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:48.771902084 CEST | 443 | 49714 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:48.771991014 CEST | 49714 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:48.772623062 CEST | 49714 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:48.776470900 CEST | 49713 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:48.777223110 CEST | 49715 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:48.782285929 CEST | 80 | 49713 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:48.782387972 CEST | 49713 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:48.782803059 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:48.782877922 CEST | 49715 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:48.783030987 CEST | 49715 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:48.789084911 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:49.426698923 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:49.428312063 CEST | 49716 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:49.428355932 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:49.428447962 CEST | 49716 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:49.428746939 CEST | 49716 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:49.428757906 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:49.478463888 CEST | 49715 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:49.913531065 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:49.915097952 CEST | 49716 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:49.915127993 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:50.042972088 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:50.043078899 CEST | 443 | 49716 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:50.043143988 CEST | 49716 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:50.043627024 CEST | 49716 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:50.046906948 CEST | 49715 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:50.047822952 CEST | 49717 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:50.052040100 CEST | 80 | 49715 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:50.052148104 CEST | 49715 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:50.052629948 CEST | 80 | 49717 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:50.052736998 CEST | 49717 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:50.052861929 CEST | 49717 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:50.057712078 CEST | 80 | 49717 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:50.803428888 CEST | 80 | 49717 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:50.805216074 CEST | 49718 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:50.805258989 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:50.805352926 CEST | 49718 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:50.805622101 CEST | 49718 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:50.805633068 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:50.853390932 CEST | 49717 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:51.266005039 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:51.268018961 CEST | 49718 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:51.268035889 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:51.403156996 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:51.403249025 CEST | 443 | 49718 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:51.403345108 CEST | 49718 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:51.403778076 CEST | 49718 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:51.407273054 CEST | 49717 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:51.407869101 CEST | 49719 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:51.412435055 CEST | 80 | 49717 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:51.412509918 CEST | 49717 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:51.412763119 CEST | 80 | 49719 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:51.412838936 CEST | 49719 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:51.412918091 CEST | 49719 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:51.418349028 CEST | 80 | 49719 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:52.049916983 CEST | 80 | 49719 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:02:52.053725004 CEST | 49720 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:52.053769112 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:52.053844929 CEST | 49720 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:52.054075003 CEST | 49720 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:52.054090023 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:52.103377104 CEST | 49719 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:02:52.536648035 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:52.551851988 CEST | 49720 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:52.551887989 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:52.685616016 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:52.685720921 CEST | 443 | 49720 | 188.114.97.3 | 192.168.2.9 |
Aug 29, 2024 12:02:52.685767889 CEST | 49720 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:02:52.688648939 CEST | 49720 | 443 | 192.168.2.9 | 188.114.97.3 |
Aug 29, 2024 12:03:48.943836927 CEST | 80 | 49709 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:03:48.943948984 CEST | 49709 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:03:57.049650908 CEST | 80 | 49719 | 193.122.6.168 | 192.168.2.9 |
Aug 29, 2024 12:03:57.049741030 CEST | 49719 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:04:32.059448957 CEST | 49719 | 80 | 192.168.2.9 | 193.122.6.168 |
Aug 29, 2024 12:04:32.064318895 CEST | 80 | 49719 | 193.122.6.168 | 192.168.2.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 12:02:40.446871996 CEST | 55849 | 53 | 192.168.2.9 | 1.1.1.1 |
Aug 29, 2024 12:02:40.454655886 CEST | 53 | 55849 | 1.1.1.1 | 192.168.2.9 |
Aug 29, 2024 12:02:41.830559015 CEST | 51050 | 53 | 192.168.2.9 | 1.1.1.1 |
Aug 29, 2024 12:02:41.838875055 CEST | 53 | 51050 | 1.1.1.1 | 192.168.2.9 |
Aug 29, 2024 12:02:59.158715010 CEST | 53 | 65510 | 1.1.1.1 | 192.168.2.9 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 29, 2024 12:02:40.446871996 CEST | 192.168.2.9 | 1.1.1.1 | 0x32eb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Aug 29, 2024 12:02:41.830559015 CEST | 192.168.2.9 | 1.1.1.1 | 0x7098 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 29, 2024 12:02:40.454655886 CEST | 1.1.1.1 | 192.168.2.9 | 0x32eb | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:40.454655886 CEST | 1.1.1.1 | 192.168.2.9 | 0x32eb | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:40.454655886 CEST | 1.1.1.1 | 192.168.2.9 | 0x32eb | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:40.454655886 CEST | 1.1.1.1 | 192.168.2.9 | 0x32eb | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:40.454655886 CEST | 1.1.1.1 | 192.168.2.9 | 0x32eb | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:40.454655886 CEST | 1.1.1.1 | 192.168.2.9 | 0x32eb | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:41.838875055 CEST | 1.1.1.1 | 192.168.2.9 | 0x7098 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 12:02:41.838875055 CEST | 1.1.1.1 | 192.168.2.9 | 0x7098 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 49706 | 193.122.6.168 | 80 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:40.531263113 CEST | 151 | OUT | |
Aug 29, 2024 12:02:41.220768929 CEST | 320 | IN | |
Aug 29, 2024 12:02:41.562094927 CEST | 127 | OUT | |
Aug 29, 2024 12:02:41.753981113 CEST | 320 | IN | |
Aug 29, 2024 12:02:42.496957064 CEST | 127 | OUT | |
Aug 29, 2024 12:02:42.688169956 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.9 | 49709 | 193.122.6.168 | 80 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:43.313182116 CEST | 127 | OUT | |
Aug 29, 2024 12:02:43.944389105 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.9 | 49711 | 193.122.6.168 | 80 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:45.869826078 CEST | 151 | OUT | |
Aug 29, 2024 12:02:46.892383099 CEST | 320 | IN | |
Aug 29, 2024 12:02:46.946280956 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.9 | 49713 | 193.122.6.168 | 80 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:47.533159971 CEST | 151 | OUT | |
Aug 29, 2024 12:02:48.160515070 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.9 | 49715 | 193.122.6.168 | 80 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:48.783030987 CEST | 151 | OUT | |
Aug 29, 2024 12:02:49.426698923 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.9 | 49717 | 193.122.6.168 | 80 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:50.052861929 CEST | 151 | OUT | |
Aug 29, 2024 12:02:50.803428888 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.9 | 49719 | 193.122.6.168 | 80 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Aug 29, 2024 12:02:51.412918091 CEST | 151 | OUT | |
Aug 29, 2024 12:02:52.049916983 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 49707 | 188.114.97.3 | 443 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:42 UTC | 84 | OUT | |
2024-08-29 10:02:42 UTC | 702 | IN | |
2024-08-29 10:02:42 UTC | 340 | IN | |
2024-08-29 10:02:42 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.9 | 49708 | 188.114.97.3 | 443 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:43 UTC | 60 | OUT | |
2024-08-29 10:02:43 UTC | 708 | IN | |
2024-08-29 10:02:43 UTC | 340 | IN | |
2024-08-29 10:02:43 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.9 | 49710 | 188.114.97.3 | 443 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:44 UTC | 60 | OUT | |
2024-08-29 10:02:44 UTC | 704 | IN | |
2024-08-29 10:02:44 UTC | 340 | IN | |
2024-08-29 10:02:44 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.9 | 49712 | 188.114.97.3 | 443 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:47 UTC | 84 | OUT | |
2024-08-29 10:02:47 UTC | 704 | IN | |
2024-08-29 10:02:47 UTC | 340 | IN | |
2024-08-29 10:02:47 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.9 | 49714 | 188.114.97.3 | 443 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:48 UTC | 84 | OUT | |
2024-08-29 10:02:48 UTC | 714 | IN | |
2024-08-29 10:02:48 UTC | 340 | IN | |
2024-08-29 10:02:48 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.9 | 49716 | 188.114.97.3 | 443 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:49 UTC | 60 | OUT | |
2024-08-29 10:02:50 UTC | 704 | IN | |
2024-08-29 10:02:50 UTC | 340 | IN | |
2024-08-29 10:02:50 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.9 | 49718 | 188.114.97.3 | 443 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:51 UTC | 84 | OUT | |
2024-08-29 10:02:51 UTC | 706 | IN | |
2024-08-29 10:02:51 UTC | 340 | IN | |
2024-08-29 10:02:51 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.9 | 49720 | 188.114.97.3 | 443 | 2444 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 10:02:52 UTC | 60 | OUT | |
2024-08-29 10:02:52 UTC | 708 | IN | |
2024-08-29 10:02:52 UTC | 340 | IN | |
2024-08-29 10:02:52 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 06:02:37 |
Start date: | 29/08/2024 |
Path: | C:\Users\user\Desktop\pagamento.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xba0000 |
File size: | 1'116'160 bytes |
MD5 hash: | 3AED500E59BF7F4761C307FA6976FD7A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 06:02:38 |
Start date: | 29/08/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb20000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 3.1% |
Dynamic/Decrypted Code Coverage: | 1.5% |
Signature Coverage: | 3.2% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 64 |
Graph
Function 00BA42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAD730 Relevance: 21.6, APIs: 14, Instructions: 616windowsleeptimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F2630 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F23B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C12947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C27F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA6D9E Relevance: 2.6, APIs: 2, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BCE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA9CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA3A5A Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C12693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBFC70 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F229C Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 022F22A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C39576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C34873 Relevance: 61.8, APIs: 33, Strings: 2, Instructions: 566windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C19642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C18195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BDB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C222DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C19B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C31C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C08298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C15C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C151CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C016C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BCCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C168EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C137B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C010BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BACAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BC09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BC781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD6DD9 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBCC39 Relevance: .6, Instructions: 635COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA7920 Relevance: .6, Instructions: 563COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA91C0 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BC19B0 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BC7A4A Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BC7CA7 Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BC1706 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C12046 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C22ADE Relevance: 79.2, APIs: 40, Strings: 5, Instructions: 486filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB8D85 Relevance: 49.5, APIs: 26, Strings: 2, Instructions: 480windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C22711 Relevance: 47.6, APIs: 22, Strings: 5, Instructions: 330windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C373E8 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 201windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C30241 Relevance: 37.1, APIs: 7, Strings: 14, Instructions: 391windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C30FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB8891 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C05A1B Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 198windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C3091E Relevance: 31.9, APIs: 6, Strings: 12, Instructions: 372windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C3833C Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 196windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C2C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C3856F Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 131filecommemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C36CD9 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 194windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C3911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C114BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C2B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C3541D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 191windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C2255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0E6B0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C38D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C2CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C05CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C350D4 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 162windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB8B06 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 155windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C096E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C006DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C17A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C2055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C2372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA5BEA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 184windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C38B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C33C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C32D03 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 95windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0209F Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 71windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C33886 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 141windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C32DFD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BDCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C025A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C381DB Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C04C7D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BF7439 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 37windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C05622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BE1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C11187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C36B76 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 131windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C07726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C077FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C35706 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C104D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C105A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C340AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BFF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C107EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C014CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C38A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C051FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C02716 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C352C1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C32F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C35660 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA600E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BC4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BA4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C2A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C08BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C18AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C13874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C20930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BDCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C05711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C010F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C00FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C2304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C34653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C337B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0223F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01B2C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C20CD5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C341EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C02F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C33429 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01CDE Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01BD8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01C5C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C35882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C37803 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BFD3AC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C2342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C00436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BDB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C156D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C37674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C316DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C38FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C32782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C078F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C37CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C01A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BCD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BD3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB990E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C38863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BB98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BFD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BFD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C14D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BBF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C02999 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C34537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0286B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C03BC4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C3336F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0215F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C331EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C36181 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C1CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C34F80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C330D2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C023DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C34366 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0250B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C390A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C0246C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C02BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C02D60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C35829 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C00B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C32356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C32322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C02313 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|