Analysis Report
Overview
General Information |
---|
Analysis ID: | 83448 |
Start time: | 18:51:42 |
Start date: | 07/09/2015 |
Overall analysis duration: | 0h 2m 49s |
Report type: | full |
Sample file name: | 40D19FBA73C6B011814E2C6920E8792F (renamed file extension from none to exe) |
Cookbook file name: | Simulate.jbs |
Analysis system description: | Windows 7 (Office 2003 SP1, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 41, Firefox 36) |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
HCA enabled: | true |
HCA success: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 100 | 0 - 100 | Report FP / FN |
Analysis Advice |
---|
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample has functionality to log and monitor keystrokes, analyze it with the keystroke simulation cookbook |
Sample sleeps for a long time, analyze it with the fake sleep cookbook |
Signature Overview |
---|
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_0045D334 |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to read the clipboard data | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_00422C80 |
Contains functionality to record screenshots | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_004232C4 |
Contains functionality to retrieve information about pressed keystrokes | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_00438204 |
Software Vulnerablities: |
---|
Found inlined nop instructions (likely shell or obfuscated code) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0045B794 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_0045B794 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_0045B794 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_0045B794 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_0045B794 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_0045B794 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_0045B794 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_0045B794 |
Networking: |
---|
Urls found in memory or binary data | Show sources |
Source: FB_3804.tmp.exe, FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe, FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe, FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe, FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: notepad.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe, FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe, FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe, FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe, FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe, FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe, 9567.enc.3608.dr | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3804.tmp.exe, FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: |
Downloads files from webservers via HTTP | Show sources |
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: |
Found strings which match to known social media urls | Show sources |
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: | ||
Source: FB_3449.tmp.exe | String found in binary or memory: | ||
Source: iexplore.exe | String found in binary or memory: |
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: |
Posts data to webserver | Show sources |
Source: unknown | HTTP traffic detected: |
HTTP GET or POST without a user agent | Show sources |
Source: global traffic | HTTP traffic detected: |
Uses SMTP (mail sending) | Show sources |
Source: global traffic | TCP traffic: |
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: |
Uses dynamic DNS services | Show sources |
Source: unknown | DNS query: |
Boot Survival: |
---|
Creates an autostart registry key | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Registry value created or modified: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Registry value created or modified: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Registry value created or modified: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Registry value created or modified: |
Creates autostart registry keys with suspicious names | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Registry value created or modified: |
Creates multiple autostart registry keys | Show sources |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Registry value created or modified: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Registry value created or modified: |
Stealing of Sensitive Information: |
---|
Searches for Windows Mail specific files | Show sources |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Directory queried: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Directory queried: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Directory queried: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Directory queried: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Directory queried: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Directory queried: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Directory queried: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | Directory queried: |
Persistence and Installation Behavior: |
---|
Drops PE files | Show sources |
Source: C:\Program Files\Internet Explorer\iexplore.exe | File created: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | File created: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | File created: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | File created: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | File created: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | File created: |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_00441F3C |
PE file contains an invalid checksum | Show sources |
Source: FB_390E.tmp.exe.3388.dr | Static PE information: | ||
Source: ips.exe.3608.dr | Static PE information: | ||
Source: Default File.exe.3544.dr | Static PE information: | ||
Source: FB_3804.tmp.exe.3388.dr | Static PE information: | ||
Source: 40D19FBA73C6B011814E2C6920E8792F.exe | Static PE information: | ||
Source: java.exe.3552.dr | Static PE information: | ||
Source: FB_3449.tmp.exe.3388.dr | Static PE information: |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_004087A4 | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_0040598C | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_1_004087A4 | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_1_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_2_00405358 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_1_00405358 | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_00409D7C | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_0040672C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_004087A4 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_0040598C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_004087A4 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_0040598C |
System Summary: |
---|
Uses Microsoft Silverlight | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | File opened: |
Submission file is bigger than most known malware samples | Show sources |
Source: 40D19FBA73C6B011814E2C6920E8792F.exe | Static file information: |
Uses new MSVCR Dlls | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | File opened: |
PE file has a big raw section | Show sources |
Source: 40D19FBA73C6B011814E2C6920E8792F.exe | Static PE information: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Contains functionality for error logging | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_0041FD98 |
Contains functionality to check free disk space | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_00408914 |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_00413784 |
Creates files inside the user directory | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | File created: |
Creates temporary files | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | File created: |
Executable is probably coded in Delphi | Show sources |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Window created: |
Executable uses .NET runtime (Probably coded in C#) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Section loaded: |
Reads ini files | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | File read: |
Reads software policies | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Key opened: |
Spawns processes | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process created: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process created: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process created: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process created: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process created: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process created: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Process created: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process created: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Process created: |
Uses an in-process (OLE) Automation server | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Key value queried: |
Contains functionality to call native functions | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_2_0040CB64 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_1_0040CB64 |
Creates mutexes | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Mutant created: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Mutant created: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Mutant created: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Mutant created: |
PE file contains executable resources (Code or Archives) | Show sources |
Source: 40D19FBA73C6B011814E2C6920E8792F.exe | Static PE information: | ||
Source: FB_3449.tmp.exe.3388.dr | Static PE information: | ||
Source: FB_3804.tmp.exe.3388.dr | Static PE information: | ||
Source: FB_390E.tmp.exe.3388.dr | Static PE information: | ||
Source: Default File.exe.3544.dr | Static PE information: | ||
Source: java.exe.3552.dr | Static PE information: | ||
Source: ips.exe.3608.dr | Static PE information: |
PE file contains strange resources | Show sources |
Source: 40D19FBA73C6B011814E2C6920E8792F.exe | Static PE information: | ||
Source: FB_3449.tmp.exe.3388.dr | Static PE information: | ||
Source: FB_3804.tmp.exe.3388.dr | Static PE information: | ||
Source: FB_390E.tmp.exe.3388.dr | Static PE information: | ||
Source: Default File.exe.3544.dr | Static PE information: | ||
Source: java.exe.3552.dr | Static PE information: | ||
Source: ips.exe.3608.dr | Static PE information: |
Reads the hosts file | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | File read: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | File read: |
Tries to load missing DLLs | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Section loaded: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Section loaded: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Section loaded: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Section loaded: |
HIPS / PFW / Operating System Protection Evasion: |
---|
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: FB_3804.tmp.exe | Binary or memory string: | ||
Source: FB_3804.tmp.exe | Binary or memory string: | ||
Source: notepad.exe, FB_3804.tmp.exe, java.exe | Binary or memory string: | ||
Source: FB_3804.tmp.exe | Binary or memory string: | ||
Source: FB_3804.tmp.exe | Binary or memory string: | ||
Source: notepad.exe, FB_3804.tmp.exe, java.exe | Binary or memory string: | ||
Source: notepad.exe, FB_3804.tmp.exe, java.exe | Binary or memory string: | ||
Source: notepad.exe, FB_3804.tmp.exe, java.exe | Binary or memory string: | ||
Source: FB_3804.tmp.exe | Binary or memory string: |
Allocates memory in foreign processes | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Memory allocated: |
Contains functionality to inject code into remote processes | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_2_0040CB64 |
Injects a PE file into a foreign processes | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Memory written: |
Maps a DLL or memory area into another process | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Section loaded: |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Thread register set: |
Writes to foreign memory regions | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Memory written: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Memory written: |
Benign windows process drops PE files | Show sources |
Source: C:\Program Files\Internet Explorer\iexplore.exe | File created: |
Anti Debugging: |
---|
Creates guard pages, often used to prevent reverse engineering and debugging | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Memory allocated: |
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | System information queried: |
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0045B93C |
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_00441F3C |
Enables debug privileges | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process token adjusted: |
Malware Analysis System Evasion: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_004087A4 | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_0040598C | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_1_004087A4 | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_1_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_004087A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_0040598C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_2_00405358 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_1_00405358 | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_00409D7C | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_0040672C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_004087A4 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_0040598C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_004087A4 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_0040598C |
Contains functionality to query system information | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_00420328 |
Contains capabilities to detect virtual machines | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Registry key queried: |
Contains long sleeps (>= 3 min) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Thread delayed: |
Found dropped PE file which has not been started or loaded | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Dropped PE file which has not been started: |
Found large amount of non-executed APIs | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | API coverage: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | API coverage: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | API coverage: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | API coverage: | ||
Source: C:\Program Files\Internet Explorer\iexplore.exe | API coverage: | ||
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | API coverage: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe TID: 3340 | Thread sleep count: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe TID: 3652 | Thread sleep count: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe TID: 3652 | Thread sleep time: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe TID: 3692 | Thread sleep count: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe TID: 3692 | Thread sleep time: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe TID: 3656 | Thread sleep count: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe TID: 3656 | Thread sleep time: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe TID: 3672 | Thread sleep time: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe TID: 3696 | Thread sleep time: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe TID: 3680 | Thread sleep time: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe TID: 3668 | Thread sleep time: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe TID: 3728 | Thread sleep time: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe TID: 3728 | Thread sleep time: | ||
Source: C:\Users\admin\AppData\Roaming\Java\java.exe TID: 3772 | Thread sleep count: |
Queries disk information (often used to detect virtual machines) | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | File opened: |
Contains functionality to detect sandboxes (foreground window change detection) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0045B93C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_0045B93C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_0045B93C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_0045B93C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_0045B93C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_0045B93C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_0045B93C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_0045B93C |
Tries to detect sandboxes and other dynamic analysis tools (process name) | Show sources |
Source: 40D19FBA73C6B011814E2C6920E8792F.exe, FB_3449.tmp.exe, FB_3804.tmp.exe, FB_390E.tmp.exe | Binary or memory string: |
Hooking and other Techniques for Hiding and Protection: |
---|
Contains functionality to check if a window is minimized (may be used to check if an application is visible) | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_00456690 | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_1_00456690 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_00455F9C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0043D0B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_00453090 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0042658C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0043C810 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_00456690 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_00456740 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0043D99C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_00455F9C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_0043D0B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_00453090 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_0042658C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_0043C810 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_00456690 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_00456740 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_0043D99C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_00455F9C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_0043D0B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_00453090 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_0042658C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_0043C810 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_00456690 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_00456740 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_0043D99C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_00455F9C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_0043D0B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_00453090 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_0042658C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_0043C810 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_00456690 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_00456740 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_0043D99C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_00455F9C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_0043D0B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_00453090 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_0042658C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_0043C810 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_00456690 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_00456740 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_0043D99C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_00455F9C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_0043D0B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_00453090 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_0042658C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_0043C810 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_00456690 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_00456740 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_0043D99C | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_00451994 | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_00452BC8 | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_0042C594 | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_00431730 | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_0045229C | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_004316B4 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_00455F9C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_0043D0B8 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_00453090 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_0042658C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_0043C810 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_00456690 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_00456740 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_0043D99C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_00455F9C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_0043D0B8 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_00453090 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_0042658C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_0043C810 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_00456690 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_00456740 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_0043D99C |
Disables application error messsages (SetErrorMode) | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Process information set: | ||
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Process information set: |
Extensive use of GetProcAddress (often used to hide API calls) | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_00441F3C |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
AV process strings found (often used to terminate AV products) | Show sources |
Source: 40D19FBA73C6B011814E2C6920E8792F.exe | Binary or memory string: |
Adds / modifies Windows certificates | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Registry key created or modified: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query local / system time | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_2_004081D8 |
Contains functionality to query windows version | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_0040A6C0 |
Contains functionality locales information (e.g. system language) | Show sources |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_00405B44 | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_0040AA6C | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_0040976C | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_004097B8 | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_2_00405C50 | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_1_00405B44 | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_1_0040AA6C | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_1_0040976C | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_1_004097B8 | |
Source: C:\40D19FBA73C6B011814E2C6920E8792F.exe | Code function: | 2_1_00405C50 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_00405B44 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0040AA6C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_0040976C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_004097B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_2_00405C50 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_00405B44 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_0040AA6C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_0040976C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_004097B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe | Code function: | 5_1_00405C50 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_00405B44 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_0040AA6C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_0040976C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_004097B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_2_00405C50 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_00405B44 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_0040AA6C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_0040976C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_004097B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Code function: | 6_1_00405C50 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_00405B44 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_0040AA6C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_0040976C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_004097B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_2_00405C50 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_00405B44 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_0040AA6C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_0040976C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_004097B8 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 7_1_00405C50 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_2_0040551C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_2_004097A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_2_00409758 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_1_0040551C | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_1_00405628 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_1_004097A4 | |
Source: C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe | Code function: | 10_1_00409758 | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_004068F0 | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_0040D17C | |
Source: C:\Program Files\Internet Explorer\iexplore.exe | Code function: | 11_2_0040D130 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_00405B44 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_0040AA6C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_0040976C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_004097B8 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_2_00405C50 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_00405B44 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_0040AA6C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_0040976C | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_004097B8 | |
Source: C:\Users\admin\AppData\Roaming\Java\java.exe | Code function: | 12_1_00405C50 |
Queries the cryptographic machine GUID | Show sources |
Source: C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe | Key value queried: |
Yara Overview |
---|
No Yara matches |
---|
Screenshot |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Path | Type and Hashes |
---|---|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
Name | IP | Active |
---|---|---|
ip4.telize.com | 46.19.37.108 | true |
www.google.com | 216.58.208.196 | true |
degreat248.no-ip.org | 197.211.52.12 | true |
smtp.zoho.com | 74.201.154.90 | true |
degreat.host56.com | 31.170.160.229 | true |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Flag | ASN | ASN Name |
---|---|---|---|---|
197.211.52.12 | Nigeria | 37148 | GlobacomLimited | |
8.8.8.8 | United States | 15169 | GoogleInc | |
74.201.154.90 | United States | 2639 | unknown | |
46.19.37.108 | Netherlands | 23456 | 32bitTransitionAS | |
216.58.208.196 | United States | 15169 | GoogleInc | |
31.170.160.229 | United States | 47583 | HostingerInternationalLimited |
Static File Info |
---|
General | |
---|---|
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
TrID: |
|
File name: | 40D19FBA73C6B011814E2C6920E8792F.exe |
File size: | 2423296 |
MD5: | 40d19fba73c6b011814e2c6920e8792f |
SHA1: | b4f7506d3413ab14b33922596ae7c624929012da |
SHA256: | dd1f59427ab351abe5f981cba62402ecfb88030d0571bdead83d9fedd4d1cdab |
SHA512: | 81d6fd9b5dc8c6bb657507a0d3ced6505ee1bb20ce8de084f7016459dd92e0ab1be392d516cd92459b54591d672afbf2a80426423883535e2f5a88110a5e86f0 |
File Icon |
---|
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x45bcdc |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui 40 |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x53B85080 [Sat Jul 5 19:22:40 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 00c5c2b830cded07083a41d14be88428 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 0045BB5Ch |
call 00007F3EACEEDAFDh |
mov eax, dword ptr [00463518h] |
mov eax, dword ptr [eax] |
call 00007F3EACF3E101h |
mov ecx, dword ptr [004635F8h] |
mov eax, dword ptr [00463518h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [0045B31Ch] |
call 00007F3EACF3E101h |
mov eax, dword ptr [00463518h] |
mov eax, dword ptr [eax] |
call 00007F3EACF3E175h |
call 00007F3EACEEB608h |
lea eax, dword ptr [eax+00h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x65000 | 0x2274 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x71000 | 0x1e40b0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6a000 | 0x6728 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x69000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Xored PE | ZLIB Complexity | File Type | Characteristics |
---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0x5ad24 | 0x5ae00 | 6.5243296605 | False | 0.524592718363 | data | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
DATA | 0x5c000 | 0x7680 | 0x7800 | 7.61254516604 | False | 0.90732421875 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
BSS | 0x64000 | 0xc59 | 0x0 | 0.0 | False | 0 | empty | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x65000 | 0x2274 | 0x2400 | 4.79366327448 | False | 0.350802951389 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.tls | 0x68000 | 0x10 | 0x0 | 0.0 | False | 0 | empty | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rdata | 0x69000 | 0x18 | 0x200 | 0.20058190744 | False | 0.048828125 | ACB archive data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0x6a000 | 0x6728 | 0x6800 | 6.64722908862 | False | 0.599834735577 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0x71000 | 0x1e40b0 | 0x1e4200 | 6.35873628983 | False | 0.728062770301 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country | Nbr Of Functions | Xored PE |
---|---|---|---|---|---|---|---|
RT_CURSOR | 0x71aa8 | 0x134 | data | 0 | False | ||
RT_CURSOR | 0x71bdc | 0x134 | data | 0 | False | ||
RT_CURSOR | 0x71d10 | 0x134 | data | 0 | False | ||
RT_CURSOR | 0x71e44 | 0x134 | data | 0 | False | ||
RT_CURSOR | 0x71f78 | 0x134 | data | 0 | False | ||
RT_CURSOR | 0x720ac | 0x134 | data | 0 | False | ||
RT_CURSOR | 0x721e0 | 0x134 | data | 0 | False | ||
RT_BITMAP | 0x72314 | 0x1d0 | data | 0 | False | ||
RT_BITMAP | 0x724e4 | 0x1e4 | data | 0 | False | ||
RT_BITMAP | 0x726c8 | 0x1d0 | data | 0 | False | ||
RT_BITMAP | 0x72898 | 0x1d0 | data | 0 | False | ||
RT_BITMAP | 0x72a68 | 0x1d0 | data | 0 | False | ||
RT_BITMAP | 0x72c38 | 0x1d0 | data | 0 | False | ||
RT_BITMAP | 0x72e08 | 0x1d0 | data | 0 | False | ||
RT_BITMAP | 0x72fd8 | 0x1d0 | data | 0 | False | ||
RT_BITMAP | 0x731a8 | 0x1d0 | data | 0 | False | ||
RT_BITMAP | 0x73378 | 0x1d0 | data | 0 | False | ||
RT_BITMAP | 0x73548 | 0xe8 | GLS_BINARY_LSB_FIRST | 0 | False | ||
RT_ICON | 0x73630 | 0x2e8 | data | English | United States | 0 | False |
RT_DIALOG | 0x73918 | 0x52 | data | 0 | False | ||
RT_STRING | 0x7396c | 0x248 | data | 0 | False | ||
RT_STRING | 0x73bb4 | 0x150 | data | 0 | False | ||
RT_STRING | 0x73d04 | 0xe8 | data | 0 | False | ||
RT_STRING | 0x73dec | 0x138 | Hitachi SH big-endian COFF object, not stripped | 0 | False | ||
RT_STRING | 0x73f24 | 0x3bc | data | 0 | False | ||
RT_STRING | 0x742e0 | 0x3a0 | data | 0 | False | ||
RT_STRING | 0x74680 | 0x390 | data | 0 | False | ||
RT_STRING | 0x74a10 | 0x3d0 | DBase 3 index file | 0 | False | ||
RT_STRING | 0x74de0 | 0xf4 | data | 0 | False | ||
RT_STRING | 0x74ed4 | 0xc4 | data | 0 | False | ||
RT_STRING | 0x74f98 | 0x2e0 | data | 0 | False | ||
RT_STRING | 0x75278 | 0x35c | data | 0 | False | ||
RT_STRING | 0x755d4 | 0x2b4 | data | 0 | False | ||
RT_RCDATA | 0x75888 | 0x10 | Sendmail frozen configuration | 0 | False | ||
RT_RCDATA | 0x75898 | 0x1e8 | data | 0 | False | ||
RT_RCDATA | 0x75a80 | 0x33e | data | 0 | False | ||
RT_GROUP_CURSOR | 0x75dc0 | 0x14 | Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x75dd4 | 0x14 | Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x75de8 | 0x14 | Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x75dfc | 0x14 | Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x75e10 | 0x14 | Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x75e24 | 0x14 | Lotus 1-2-3 | 0 | False | ||
RT_GROUP_CURSOR | 0x75e38 | 0x14 | Lotus 1-2-3 | 0 | False | ||
RT_GROUP_ICON | 0x75e4c | 0x14 | MS Windows icon resource - 1 icon | English | United States | 0 | False |
RT_VERSION | 0x75e60 | 0x36c | data | English | United States | 0 | False |
RT_HTML | 0x761cc | 0x1deee3 | data | English | United States | 0 | False |
Imports |
---|
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle |
user32.dll | GetKeyboardType, LoadStringA, MessageBoxA, CharNextA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
kernel32.dll | lstrlenA, lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, OutputDebugStringA, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFileAttributesA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetConsoleCP, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageA, FlushInstructionCache, FindResourceA, FindFirstFileA, FindClose, FindAtomA, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
gdi32.dll | UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt |
user32.dll | WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, BeginDeferWindowPos, CharNextA, CharLowerBuffA, CharLowerA, AdjustWindowRectEx, ActivateKeyboardLayout |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create |
comdlg32.dll | ChooseColorA, GetSaveFileNameA, GetOpenFileNameA |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Malwarebytes Corporation. All rights reserved. |
InternalName | mbam.exe |
FileVersion | 1.0.1.711 |
CompanyName | Malwarebytes Corporation |
LegalTrademarks | |
ProductName | Malwarebytes Anti-Malware |
ProductVersion | 1.0.1.711 |
FileDescription | Malwarebytes Anti-Malware |
OriginalFilename | mbam.exe |
Translation | 0x0409 0x04e4 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 7, 2015 18:53:13.085005999 CEST | 60535 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:13.242759943 CEST | 53 | 60535 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:15.121577978 CEST | 54852 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:15.316456079 CEST | 53 | 54852 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:17.643476009 CEST | 49167 | 9003 | 192.168.1.12 | 197.211.52.12 |
Sep 7, 2015 18:53:17.643528938 CEST | 9003 | 49167 | 197.211.52.12 | 192.168.1.12 |
Sep 7, 2015 18:53:17.643645048 CEST | 49167 | 9003 | 192.168.1.12 | 197.211.52.12 |
Sep 7, 2015 18:53:17.644224882 CEST | 49168 | 80 | 192.168.1.12 | 46.19.37.108 |
Sep 7, 2015 18:53:17.644254923 CEST | 80 | 49168 | 46.19.37.108 | 192.168.1.12 |
Sep 7, 2015 18:53:17.644345045 CEST | 49168 | 80 | 192.168.1.12 | 46.19.37.108 |
Sep 7, 2015 18:53:17.645087004 CEST | 49168 | 80 | 192.168.1.12 | 46.19.37.108 |
Sep 7, 2015 18:53:17.645114899 CEST | 80 | 49168 | 46.19.37.108 | 192.168.1.12 |
Sep 7, 2015 18:53:17.785907030 CEST | 80 | 49168 | 46.19.37.108 | 192.168.1.12 |
Sep 7, 2015 18:53:17.787344933 CEST | 49168 | 80 | 192.168.1.12 | 46.19.37.108 |
Sep 7, 2015 18:53:17.787462950 CEST | 80 | 49168 | 46.19.37.108 | 192.168.1.12 |
Sep 7, 2015 18:53:17.787519932 CEST | 49168 | 80 | 192.168.1.12 | 46.19.37.108 |
Sep 7, 2015 18:53:17.829292059 CEST | 54742 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:17.880866051 CEST | 53 | 54742 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:17.881727934 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:17.881763935 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:17.881808996 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:18.218528032 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:18.219067097 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:18.219084024 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:18.654156923 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:18.855629921 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:18.855703115 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:18.855859995 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:18.855874062 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:19.051280022 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:19.063373089 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:19.063401937 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:19.249650955 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:19.253587008 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:19.253597021 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:19.253710032 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:19.253727913 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:19.483597994 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:19.483860016 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:19.486568928 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:19.486603975 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:19.680349112 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:19.947181940 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:19.947226048 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:20.150628090 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:20.215050936 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:20.215065956 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:20.402030945 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:20.651091099 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:20.651113033 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:20.652417898 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:20.652439117 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:20.836746931 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:20.837995052 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:20.838016033 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.031735897 CEST | 49167 | 9003 | 192.168.1.12 | 197.211.52.12 |
Sep 7, 2015 18:53:21.031764030 CEST | 9003 | 49167 | 197.211.52.12 | 192.168.1.12 |
Sep 7, 2015 18:53:21.047002077 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.047720909 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:21.047744036 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.247612953 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.248091936 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:21.248106956 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.440623045 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.441090107 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:21.441106081 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.624645948 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.629769087 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:21.629810095 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.630841017 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:21.630871058 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.631115913 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:21.631138086 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:21.631407022 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:21.631428957 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:22.012974977 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:22.085021019 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:22.085171938 CEST | 587 | 49169 | 74.201.154.90 | 192.168.1.12 |
Sep 7, 2015 18:53:22.085287094 CEST | 49169 | 587 | 192.168.1.12 | 74.201.154.90 |
Sep 7, 2015 18:53:24.171124935 CEST | 64337 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:24.222912073 CEST | 53 | 64337 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:24.243530989 CEST | 49170 | 80 | 192.168.1.12 | 216.58.208.196 |
Sep 7, 2015 18:53:24.243572950 CEST | 80 | 49170 | 216.58.208.196 | 192.168.1.12 |
Sep 7, 2015 18:53:24.244344950 CEST | 49170 | 80 | 192.168.1.12 | 216.58.208.196 |
Sep 7, 2015 18:53:24.245110035 CEST | 49170 | 80 | 192.168.1.12 | 216.58.208.196 |
Sep 7, 2015 18:53:24.245246887 CEST | 80 | 49170 | 216.58.208.196 | 192.168.1.12 |
Sep 7, 2015 18:53:24.245359898 CEST | 49170 | 80 | 192.168.1.12 | 216.58.208.196 |
Sep 7, 2015 18:53:24.343564034 CEST | 64351 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:24.427047968 CEST | 53 | 64351 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:24.435393095 CEST | 49171 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:24.435425997 CEST | 80 | 49171 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:24.435516119 CEST | 49171 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:24.436077118 CEST | 49171 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:24.436103106 CEST | 80 | 49171 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:24.807142973 CEST | 80 | 49171 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:24.807261944 CEST | 49171 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:24.812972069 CEST | 49171 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:24.813060999 CEST | 80 | 49171 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:24.813155890 CEST | 49171 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:27.320557117 CEST | 49172 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:27.320590019 CEST | 80 | 49172 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:27.320676088 CEST | 49172 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:27.321223021 CEST | 49172 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:27.321249962 CEST | 80 | 49172 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:27.321363926 CEST | 49172 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:27.321374893 CEST | 80 | 49172 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:27.788897991 CEST | 80 | 49172 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:27.789066076 CEST | 49172 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:27.838538885 CEST | 80 | 49172 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:27.838601112 CEST | 80 | 49172 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:27.838737011 CEST | 49172 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:27.839098930 CEST | 49172 | 80 | 192.168.1.12 | 31.170.160.229 |
Sep 7, 2015 18:53:27.839131117 CEST | 80 | 49172 | 31.170.160.229 | 192.168.1.12 |
Sep 7, 2015 18:53:36.325578928 CEST | 49167 | 9003 | 192.168.1.12 | 197.211.52.12 |
Sep 7, 2015 18:53:37.172178030 CEST | 55720 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:37.172310114 CEST | 53 | 55720 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:37.174103022 CEST | 49173 | 9003 | 192.168.1.12 | 197.211.52.12 |
Sep 7, 2015 18:53:37.174137115 CEST | 9003 | 49173 | 197.211.52.12 | 192.168.1.12 |
Sep 7, 2015 18:53:37.174525976 CEST | 49173 | 9003 | 192.168.1.12 | 197.211.52.12 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 7, 2015 18:53:13.085005999 CEST | 60535 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:13.242759943 CEST | 53 | 60535 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:15.121577978 CEST | 54852 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:15.316456079 CEST | 53 | 54852 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:17.829292059 CEST | 54742 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:17.880866051 CEST | 53 | 54742 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:24.171124935 CEST | 64337 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:24.222912073 CEST | 53 | 64337 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:24.343564034 CEST | 64351 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:24.427047968 CEST | 53 | 64351 | 8.8.8.8 | 192.168.1.12 |
Sep 7, 2015 18:53:37.172178030 CEST | 55720 | 53 | 192.168.1.12 | 8.8.8.8 |
Sep 7, 2015 18:53:37.172310114 CEST | 53 | 55720 | 8.8.8.8 | 192.168.1.12 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 7, 2015 18:53:13.085005999 CEST | 192.168.1.12 | 8.8.8.8 | 0x7b55 | Standard query (0) | degreat248.no-ip.org | A (IP address) | IN (0x0001) |
Sep 7, 2015 18:53:15.121577978 CEST | 192.168.1.12 | 8.8.8.8 | 0xf137 | Standard query (0) | ip4.telize.com | A (IP address) | IN (0x0001) |
Sep 7, 2015 18:53:17.829292059 CEST | 192.168.1.12 | 8.8.8.8 | 0x4003 | Standard query (0) | smtp.zoho.com | A (IP address) | IN (0x0001) |
Sep 7, 2015 18:53:24.171124935 CEST | 192.168.1.12 | 8.8.8.8 | 0xd9a9 | Standard query (0) | www.google.com | A (IP address) | IN (0x0001) |
Sep 7, 2015 18:53:24.343564034 CEST | 192.168.1.12 | 8.8.8.8 | 0x9153 | Standard query (0) | degreat.host56.com | A (IP address) | IN (0x0001) |
Sep 7, 2015 18:53:37.172178030 CEST | 192.168.1.12 | 8.8.8.8 | 0xac27 | Standard query (0) | degreat248.no-ip.org | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 7, 2015 18:53:13.242759943 CEST | 8.8.8.8 | 192.168.1.12 | 0x7b55 | No error (0) | degreat248.no-ip.org | 197.211.52.12 | A (IP address) | IN (0x0001) | |
Sep 7, 2015 18:53:15.316456079 CEST | 8.8.8.8 | 192.168.1.12 | 0xf137 | No error (0) | ip4.telize.com | 46.19.37.108 | A (IP address) | IN (0x0001) | |
Sep 7, 2015 18:53:17.880866051 CEST | 8.8.8.8 | 192.168.1.12 | 0x4003 | No error (0) | smtp.zoho.com | 74.201.154.90 | A (IP address) | IN (0x0001) | |
Sep 7, 2015 18:53:24.222912073 CEST | 8.8.8.8 | 192.168.1.12 | 0xd9a9 | No error (0) | www.google.com | 216.58.208.196 | A (IP address) | IN (0x0001) | |
Sep 7, 2015 18:53:24.427047968 CEST | 8.8.8.8 | 192.168.1.12 | 0x9153 | No error (0) | degreat.host56.com | 31.170.160.229 | A (IP address) | IN (0x0001) | |
Sep 7, 2015 18:53:37.172310114 CEST | 8.8.8.8 | 192.168.1.12 | 0xac27 | No error (0) | degreat248.no-ip.org | 197.211.52.12 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Header | Total Bytes Transfered (KB) |
---|---|---|---|---|---|---|
Sep 7, 2015 18:53:17.645087004 CEST | 49168 | 80 | 192.168.1.12 | 46.19.37.108 | 2 | |
Sep 7, 2015 18:53:17.785907030 CEST | 80 | 49168 | 46.19.37.108 | 192.168.1.12 | 2 | |
Sep 7, 2015 18:53:24.436077118 CEST | 49171 | 80 | 192.168.1.12 | 31.170.160.229 | 14 | |
Sep 7, 2015 18:53:24.807142973 CEST | 80 | 49171 | 31.170.160.229 | 192.168.1.12 | 15 | |
Sep 7, 2015 18:53:27.321223021 CEST | 49172 | 80 | 192.168.1.12 | 31.170.160.229 | 15 | |
Sep 7, 2015 18:53:27.321363926 CEST | 49172 | 80 | 192.168.1.12 | 31.170.160.229 | 17 | |
Sep 7, 2015 18:53:27.788897991 CEST | 80 | 49172 | 31.170.160.229 | 192.168.1.12 | 18 | |
Sep 7, 2015 18:53:27.838538885 CEST | 80 | 49172 | 31.170.160.229 | 192.168.1.12 | 18 |
Hooks - Code Manipulation Behavior |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
System Behavior |
---|
General |
---|
Start time: | 18:52:13 |
Start date: | 07/09/2015 |
Path: | C:\40D19FBA73C6B011814E2C6920E8792F.exe |
Wow64 process (32bit): | false |
Commandline: | unknown |
Imagebase: | 0x400000 |
File size: | 2423296 bytes |
MD5 hash: | 40D19FBA73C6B011814E2C6920E8792F |
General |
---|
Start time: | 18:52:36 |
Start date: | 07/09/2015 |
Path: | C:\Windows\System32\notepad.exe |
Wow64 process (32bit): | false |
Commandline: | unknown |
Imagebase: | 0x950000 |
File size: | 179712 bytes |
MD5 hash: | D378BFFB70923139D6A4F546864AA61C |
General |
---|
Start time: | 18:52:43 |
Start date: | 07/09/2015 |
Path: | C:\40D19FBA73C6B011814E2C6920E8792F.exe |
Wow64 process (32bit): | false |
Commandline: | C:\40D19FBA73C6B011814E2C6920E8792F.exe |
Imagebase: | 0x400000 |
File size: | 2423296 bytes |
MD5 hash: | 40D19FBA73C6B011814E2C6920E8792F |
General |
---|
Start time: | 18:52:44 |
Start date: | 07/09/2015 |
Path: | C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe |
Imagebase: | 0x400000 |
File size: | 561152 bytes |
MD5 hash: | FBDEC6F2A565E5B6844A7DE2F785EC88 |
General |
---|
Start time: | 18:52:44 |
Start date: | 07/09/2015 |
Path: | C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe |
Imagebase: | 0x75420000 |
File size: | 912416 bytes |
MD5 hash: | BA2A65C19C961A51739E28DF238FB0EA |
General |
---|
Start time: | 18:52:45 |
Start date: | 07/09/2015 |
Path: | C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe |
Imagebase: | 0x76a30000 |
File size: | 1222772 bytes |
MD5 hash: | 9C306303F6656435500A6A3C53793758 |
General |
---|
Start time: | 18:53:09 |
Start date: | 07/09/2015 |
Path: | C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Users\admin\AppData\Local\Temp\FB_3804.tmp.exe |
Imagebase: | 0x400000 |
File size: | 912416 bytes |
MD5 hash: | BA2A65C19C961A51739E28DF238FB0EA |
General |
---|
Start time: | 18:53:10 |
Start date: | 07/09/2015 |
Path: | C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Users\admin\AppData\Local\Temp\FB_3449.tmp.exe |
Imagebase: | 0x77290000 |
File size: | 561152 bytes |
MD5 hash: | FBDEC6F2A565E5B6844A7DE2F785EC88 |
General |
---|
Start time: | 18:53:10 |
Start date: | 07/09/2015 |
Path: | C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Users\admin\AppData\Local\Temp\FB_390E.tmp.exe |
Imagebase: | 0x400000 |
File size: | 1222772 bytes |
MD5 hash: | 9C306303F6656435500A6A3C53793758 |
General |
---|
Start time: | 18:53:13 |
Start date: | 07/09/2015 |
Path: | C:\Program Files\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Program Files\Internet Explorer\iexplore.exe |
Imagebase: | 0x767d0000 |
File size: | 815288 bytes |
MD5 hash: | 363BC25BACB34E9D40441968B1B3D5BE |
General |
---|
Start time: | 18:53:22 |
Start date: | 07/09/2015 |
Path: | C:\Users\admin\AppData\Roaming\Java\java.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Users\admin\AppData\Roaming\Java\java.exe |
Imagebase: | 0x77290000 |
File size: | 561152 bytes |
MD5 hash: | FBDEC6F2A565E5B6844A7DE2F785EC88 |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 1% |
Dynamic/Decrypted Code Coverage: | 0.4% |
Signature Coverage: | 8.1% |
Total number of Nodes: | 491 |
Total number of Limit Nodes: | 3 |
Executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 0.7% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 15 |
Total number of Limit Nodes: | 0 |
Executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 1.9% |
Dynamic/Decrypted Code Coverage: | 0.5% |
Signature Coverage: | 26% |
Total number of Nodes: | 420 |
Total number of Limit Nodes: | 9 |
Executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 1.9% |
Dynamic/Decrypted Code Coverage: | 0.5% |
Signature Coverage: | 24% |
Total number of Nodes: | 420 |
Total number of Limit Nodes: | 9 |
Executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 1.9% |
Dynamic/Decrypted Code Coverage: | 0.5% |
Signature Coverage: | 24.1% |
Total number of Nodes: | 419 |
Total number of Limit Nodes: | 9 |
Executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 3.3% |
Dynamic/Decrypted Code Coverage: | 2% |
Signature Coverage: | 3.7% |
Total number of Nodes: | 1220 |
Total number of Limit Nodes: | 56 |
Executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|