Analysis Report TkAngEQurH.exe
Overview
General Information |
---|
Joe Sandbox Version: | 25.0.0 Tiger's Eye |
Analysis ID: | 763719 |
Start date: | 18.01.2019 |
Start time: | 15:22:17 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 8m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | TkAngEQurH.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 (Office 2010 SP2, Java 1.8.0_40 1.8.0_191, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies |
|
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@4/6@7/2 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Whitelisted | Detection | |
---|---|---|---|---|---|---|
Threshold | 100 | 0 - 100 | Report FP / FN | false |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
All HTTP servers contacted by the sample do not resolve. Likely the sample is an old dropper which does no longer work |
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample monitors Window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control |
---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Graphical User Interface1 | Bootkit1 | Startup Items2 | Software Packing2 | Input Capture11 | Process Discovery3 | Application Deployment Software | Input Capture11 | Data Encrypted1 | Uncommonly Used Port1 |
Replication Through Removable Media | Service Execution | Startup Items2 | Process Injection111 | Disabling Security Tools1 | Network Sniffing | Account Discovery1 | Remote Services | Data from Removable Media | Exfiltration Over Other Network Medium | Standard Cryptographic Protocol1 |
Drive-by Compromise | Windows Management Instrumentation | Accessibility Features | Path Interception | Process Injection111 | Input Capture | Security Software Discovery5111 | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Remote Access Tools1 |
Exploit Public-Facing Application | Scheduled Task | System Firmware | DLL Search Order Hijacking | Obfuscated Files or Information3 | Credentials in Files | Remote System Discovery1 | Logon Scripts | Input Capture | Data Encrypted | Standard Non-Application Layer Protocol2 |
Spearphishing Link | Command-Line Interface | Shortcut Modification | File System Permissions Weakness | Masquerading | Account Manipulation | System Network Configuration Discovery1 | Shared Webroot | Data Staged | Scheduled Transfer | Standard Application Layer Protocol2 |
Spearphishing Attachment | Graphical User Interface | Modify Existing Service | New Service | DLL Search Order Hijacking | Brute Force | System Information Discovery34 | Third-party Software | Screen Capture | Data Transfer Size Limits | Commonly Used Port |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for dropped file | Show sources |
Source: | virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | virustotal: | Perma Link |
Antivirus detection for unpacked file | Show sources |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 0_2_00464696 | |
Source: | Code function: | 4_2_00464696 |
Software Vulnerabilities: |
---|
Found inlined nop instructions (likely shell or obfuscated code) | Show sources |
Source: | Code function: | 4_2_00397585 | |
Source: | Code function: | 4_2_0039E0BE | |
Source: | Code function: | 4_2_0039E138 | |
Source: | Code function: | 4_2_00390136 | |
Source: | Code function: | 4_2_0039D10A | |
Source: | Code function: | 4_2_0039D10A | |
Source: | Code function: | 4_2_0039D10A | |
Source: | Code function: | 4_2_00391177 | |
Source: | Code function: | 4_2_0039D217 | |
Source: | Code function: | 4_2_00391247 | |
Source: | Code function: | 4_2_00390282 | |
Source: | Code function: | 4_2_00389404 | |
Source: | Code function: | 4_2_00389474 | |
Source: | Code function: | 4_2_003914ED | |
Source: | Code function: | 4_2_0039155D | |
Source: | Code function: | 4_2_0039D542 | |
Source: | Code function: | 4_2_003915E0 | |
Source: | Code function: | 4_2_0039164D | |
Source: | Code function: | 4_2_0039F79F | |
Source: | Code function: | 4_2_0039F79F | |
Source: | Code function: | 4_2_00391856 | |
Source: | Code function: | 4_2_0039F97C | |
Source: | Code function: | 4_2_00389D77 | |
Source: | Code function: | 4_2_00389D77 | |
Source: | Code function: | 4_2_00399D5C | |
Source: | Code function: | 4_2_00399D5C | |
Source: | Code function: | 4_2_00399D5C | |
Source: | Code function: | 4_2_00399D5C | |
Source: | Code function: | 4_2_00388DE2 | |
Source: | Code function: | 4_2_00390E02 | |
Source: | Code function: | 4_2_00390E02 | |
Source: | Code function: | 4_2_00390E02 | |
Source: | Code function: | 4_2_00390E02 | |
Source: | Code function: | 4_2_00390E02 | |
Source: | Code function: | 4_2_0038FF33 | |
Source: | Code function: | 4_2_00390F40 | |
Source: | Code function: | 4_2_00390F40 |
Networking: |
---|
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: | TCP traffic: |
May check the online IP address of the machine | Show sources |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
IP address seen in connection with other malware | Show sources |
Source: | IP Address: |
Internet Provider seen in connection with other malware | Show sources |
Source: | ASN Name: |
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior) | Show sources |
Source: | TCP traffic: |
Found strings which match to known social media urls | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Performs DNS lookups | Show sources |
Source: | DNS traffic detected: |
Urls found in memory or binary data | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Uses HTTPS | Show sources |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to retrieve information about pressed keystrokes | Show sources |
Source: | Code function: | 0_2_00402344 |
System Summary: |
---|
Binary is likely a compiled AutoIt script file | Show sources |
Source: | Code function: | 0_2_00403B4C | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | Code function: | 4_2_00403B4C | |
Source: | Code function: | 4_1_00403B4C | |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
PE file has nameless sections | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Contains functionality to communicate with device drivers | Show sources |
Source: | Code function: | 4_2_0038C6D8 |
Creates mutexes | Show sources |
Source: | Mutant created: |
Detected potential crypto function | Show sources |
Source: | Code function: | 0_2_004233C7 | |
Source: | Code function: | 0_2_0040E800 | |
Source: | Code function: | 0_2_0040FE40 | |
Source: | Code function: | 0_2_0048804A | |
Source: | Code function: | 0_2_0040E060 | |
Source: | Code function: | 0_2_00437006 | |
Source: | Code function: | 0_2_0041710E | |
Source: | Code function: | 0_2_00413190 | |
Source: | Code function: | 0_2_00401287 | |
Source: | Code function: | 0_2_00422405 | |
Source: | Code function: | 0_2_0042F419 | |
Source: | Code function: | 0_2_00436522 | |
Source: | Code function: | 0_2_004216C4 | |
Source: | Code function: | 0_2_00416843 | |
Source: | Code function: | 0_2_0042283A | |
Source: | Code function: | 0_2_004278D3 | |
Source: | Code function: | 0_2_004389DF | |
Source: | Code function: | 4_2_004233C7 | |
Source: | Code function: | 4_2_0040E800 | |
Source: | Code function: | 4_2_0048804A | |
Source: | Code function: | 4_2_0040E060 | |
Source: | Code function: | 4_2_00437006 | |
Source: | Code function: | 4_2_0041710E | |
Source: | Code function: | 4_2_00413190 | |
Source: | Code function: | 4_2_00422405 | |
Source: | Code function: | 4_2_0042F419 | |
Source: | Code function: | 4_2_00436522 | |
Source: | Code function: | 4_2_004216C4 | |
Source: | Code function: | 4_2_00416843 | |
Source: | Code function: | 4_2_0042283A | |
Source: | Code function: | 4_2_004278D3 | |
Source: | Code function: | 4_2_0040192B | |
Source: | Code function: | 4_2_004389DF | |
Source: | Code function: | 4_2_00418A0E | |
Source: | Code function: | 4_2_00436A94 | |
Source: | Code function: | 4_2_0042DBB5 | |
Source: | Code function: | 4_2_00421BB8 | |
Source: | Code function: | 4_2_0042CD61 | |
Source: | Code function: | 4_2_0040FE40 | |
Source: | Code function: | 4_2_00421FD0 | |
Source: | Code function: | 4_2_0042BFE6 | |
Source: | Code function: | 4_2_00384017 | |
Source: | Code function: | 4_2_00381252 | |
Source: | Code function: | 4_2_00385389 | |
Source: | Code function: | 4_2_0039C4D0 | |
Source: | Code function: | 4_2_003844CA | |
Source: | Code function: | 4_2_0038456E | |
Source: | Code function: | 4_2_0039C553 | |
Source: | Code function: | 4_2_0038A54E | |
Source: | Code function: | 4_2_0038560B | |
Source: | Code function: | 4_2_0039C6D9 | |
Source: | Code function: | 4_2_0038571F | |
Source: | Code function: | 4_2_0038177E | |
Source: | Code function: | 4_2_0038192D | |
Source: | Code function: | 4_2_00383FE3 | |
Source: | Code function: | 4_1_004233C7 | |
Source: | Code function: | 4_1_0040E800 | |
Source: | Code function: | 4_1_0048804A | |
Source: | Code function: | 4_1_0040E060 | |
Source: | Code function: | 4_1_00437006 |
Found potential string decryption / allocating functions | Show sources |
Source: | Code function: |
PE file contains strange resources | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
Reads the hosts file | Show sources |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Sample file is different than original file name gathered from version info | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Sample reads its own file content | Show sources |
Source: | File read: | Jump to behavior |
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011) | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
Classification label | Show sources |
Source: | Classification label: |
Contains functionality for error logging | Show sources |
Source: | Code function: | 0_2_0046A2D5 |
Contains functionality to enum processes or threads | Show sources |
Source: | Code function: | 4_2_00463E91 |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: | Code function: | 0_2_00404FE9 |
Creates files inside the user directory | Show sources |
Source: | File created: | Jump to behavior |
Parts of this applications are using the .NET runtime (Probably coded in C#) | Show sources |
Source: | Section loaded: | Jump to behavior |
Queries process information (via WMI, Win32_Process) | Show sources |
Source: | WMI Queries: |
Reads ini files | Show sources |
Source: | File read: | Jump to behavior |
Reads software policies | Show sources |
Source: | Key opened: | Jump to behavior |
Sample is known by Antivirus | Show sources |
Source: | virustotal: |
Sample might require command line arguments (.Net) | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Spawns processes | Show sources |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Uses an in-process (OLE) Automation server | Show sources |
Source: | Key value queried: | Jump to behavior |
Reads the Windows registered owner settings | Show sources |
Source: | Key value created or modified: | Jump to behavior |
Uses Microsoft Silverlight | Show sources |
Source: | File opened: | Jump to behavior |
Submission file is bigger than most known malware samples | Show sources |
Source: | Static file information: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Contains functionality to dynamically determine API calls | Show sources |
Source: | Code function: | 0_2_0047C304 |
PE file contains sections with non-standard names | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: | Code function: | 0_2_004143CD | |
Source: | Code function: | 0_2_004143B9 | |
Source: | Code function: | 4_2_004143CD | |
Source: | Code function: | 4_2_004143B9 | |
Source: | Code function: | 4_2_00428B98 | |
Source: | Code function: | 4_2_003808DA |
Binary may include packed or encrypted code | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior: |
---|
Contains functionality to infect the boot sector | Show sources |
Source: | Code function: | 4_2_0038C787 | |
Source: | Code function: | 4_2_0038C787 | |
Source: | Code function: | 4_2_0038C787 | |
Source: | Code function: | 4_2_0038C787 |
Drops PE files | Show sources |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Contains functionality to infect the boot sector | Show sources |
Source: | Code function: | 4_2_0038C787 | |
Source: | Code function: | 4_2_0038C787 | |
Source: | Code function: | 4_2_0038C787 | |
Source: | Code function: | 4_2_0038C787 |
Creates a start menu entry (Start Menu\Programs\Startup) | Show sources |
Source: | File created: | Jump to behavior |
Stores files to the Windows start menu directory | Show sources |
Source: | File created: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Contains functionality to check if a window is minimized (may be used to check if an application is visible) | Show sources |
Source: | Code function: | 4_2_00404A35 |
Extensive use of GetProcAddress (often used to hide API calls) | Show sources |
Source: | Code function: | 0_2_004233C7 |
Disables application error messsages (SetErrorMode) | Show sources |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Query firmware table information (likely to detect VMs) | Show sources |
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior |
Contains capabilities to detect virtual machines | Show sources |
Source: | File opened / queried: | Jump to behavior |
Contains functionality to detect virtual machines (SGDT) | Show sources |
Source: | Code function: | 4_2_0038C4DB |
Contains functionality to detect virtual machines (SIDT) | Show sources |
Source: | Code function: | 4_2_0038C4B6 |
Found a high number of Window / User specific system calls (may be a loop to detect user behavior) | Show sources |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Found large amount of non-executed APIs | Show sources |
Source: | API coverage: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Queries disk information (often used to detect virtual machines) | Show sources |
Source: | File opened: | Jump to behavior |
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Sample execution stops while process was sleeping (likely an evasion) | Show sources |
Source: | Last function: | ||
Source: | Last function: |
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: | Code function: | 0_2_00464696 | |
Source: | Code function: | 4_2_00464696 |
Contains functionality to query system information | Show sources |
Source: | Code function: | 0_2_00404AFE |
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Program exit points | Show sources |
Source: | API call chain: | graph_0-39822 |
Queries a list of all running drivers | Show sources |
Source: | System information queried: | Jump to behavior |
Queries a list of all running processes | Show sources |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) | Show sources |
Source: | Code function: | 4_2_003988CA |
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (window names) | Show sources |
Source: | Open window title or class name: | ||
Source: | Open window title or class name: |
Checks for debuggers (devices) | Show sources |
Source: | File opened: | ||
Source: | File opened: |
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: | System information queried: | Jump to behavior |
Checks if the current process is being debugged | Show sources |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: | Code function: | 0_2_00403B4C |
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError) | Show sources |
Source: | Code function: | 4_2_00435CCC |
Contains functionality to dynamically determine API calls | Show sources |
Source: | Code function: | 0_2_0047C304 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: | Code function: | 4_2_004399F2 |
Enables debug privileges | Show sources |
Source: | Process token adjusted: | Jump to behavior |
Contains functionality to register its own exception handler | Show sources |
Source: | Code function: | 0_2_0042A364 | |
Source: | Code function: | 0_2_0042A395 | |
Source: | Code function: | 4_2_0042A364 | |
Source: | Code function: | 4_2_0042A395 | |
Source: | Code function: | 4_1_0042A364 |
Creates guard pages, often used to prevent reverse engineering and debugging | Show sources |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | Jump to behavior |
Contains functionality to launch a program with higher privileges | Show sources |
Source: | Code function: | 0_2_00403B4C |
Contains functionality to simulate keystroke presses | Show sources |
Source: | Code function: | 4_2_00404A35 |
Creates a process in suspended mode (likely to inject code) | Show sources |
Source: | Process created: | Jump to behavior |
Contains functionality to create a new security descriptor | Show sources |
Source: | Code function: | 4_2_00464C03 |
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query CPU information (cpuid) | Show sources |
Source: | Code function: | 0_2_0042886B |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Contains functionality to query local / system time | Show sources |
Source: | Code function: | 0_2_004350D7 |
Contains functionality to query the account / user name | Show sources |
Source: | Code function: | 0_2_00442230 |
Contains functionality to query time zone information | Show sources |
Source: | Code function: | 0_2_0043418A |
Contains functionality to query windows version | Show sources |
Source: | Code function: | 0_2_00404AFE |
Queries the cryptographic machine GUID | Show sources |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI) | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
OS version to string mapping found (often used in BOTs) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Remote Access Functionality: |
---|
Detected Imminent RAT | Show sources |
Source: | String found in binary or memory: |
Contains functionality to start a terminal service | Show sources |
Source: | String found in binary or memory: |
Samplename | Analysis ID | SHA256 | Similarity |
---|
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:22:33 | API Interceptor | |
15:24:16 | API Interceptor | |
15:24:18 | Autostart |
Antivirus Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | virustotal | Browse |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | virustotal | Browse |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Dropper.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Dropper.Gen | ||
100% | Avira | TR/Dropper.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Dropper.Gen | ||
100% | Avira | TR/Dropper.MSIL.Gen |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | virustotal | Browse |
URLs |
---|
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
No yara matches |
---|
Unpacked PEs |
---|
No yara matches |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
45.55.57.244 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
iptrackeronline.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DIGITALOCEAN-ASN-DigitalOceanIncUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
HETZNER-ASDE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup |
---|
|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Size (bytes): | 170 |
Entropy (8bit): | 6.70616225953984 |
Encrypted: | false |
MD5: | 7EAE23D1B7069F35BF62DEA8C5F31833 |
SHA1: | FE2D0DAF72379532525E811F17ADE7C73E5F55AD |
SHA-256: | 05717E5CA6D10E0970E2BF91A7B1A79124FD03510EC67A363028AD8BA45A8DF9 |
SHA-512: | 37E76892C8211C9D54009A72B2F50D1C5B7E78AC987DA5DB77775636095A5F7955C9A1786B53A7BCCE71812E40F02AB16AB6586FC1FA5FEB05F347217A91E791 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Size (bytes): | 1562 |
Entropy (8bit): | 7.006894037192563 |
Encrypted: | false |
MD5: | 6DAE2802D8C3A7C1B00C8FE1EC67F22C |
SHA1: | 8CE76AA7C8CAD5956632ADF485E149E54AEC7805 |
SHA-256: | 2E784E0627B4E8C560C5F152778D487738DAEC8468D76DE3FCEA2A25EEA64437 |
SHA-512: | F993DC535292626B1A9C255D1FAF7ED4360D22628716EE2C695EB6B7015B4832E99A10561BE5129DD7C9EC719F48CC2DFE00DA29D99A0762A1B8C58F8814DF7C |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Size (bytes): | 810 |
Entropy (8bit): | 6.6092852162220455 |
Encrypted: | false |
MD5: | D2F21B47E97A4DF648758867D773075A |
SHA1: | 6C33450A8B2F2C1D7282B8AFAA4D808909AA255B |
SHA-256: | 9DB03033FC72B691C71FF9CD76415BDD9007946D35590470F52FBBFE9C210C5F |
SHA-512: | F500ED057512F9429571FC9D111BDE9C9323EAFE52FBA97FC359FD5C3762BF642995DCFF7B3AE4F80AB308EFF317D3EC7F8A59C174112A6A3FC2BA5F844CA3A0 |
Malicious: | false |
Reputation: | low |
Process: | C:\Users\user\Desktop\TkAngEQurH.exe |
File Type: | |
Size (bytes): | 818 |
Entropy (8bit): | 3.1949319387267714 |
Encrypted: | false |
MD5: | FCB89B5EC63E2F3FC733C41C40CB6479 |
SHA1: | C3BD07DB57D78DD9B3871BDD26DDFE5A14A48EA7 |
SHA-256: | FB7398E6FD2D82EDB286E97477C9A08437B545926211DE60756235ADF2991E36 |
SHA-512: | 02EA4A8B7397826ACB333B073B803A3A04BA000CD72C26B2B966AB240F548FADA2794180F8E33C6F2E470778E5D677C7FEDBA43458E17F4AC9D14ED1BC6D887B |
Malicious: | false |
Reputation: | low |
Process: | C:\Users\user\Desktop\TkAngEQurH.exe |
File Type: | |
Size (bytes): | 1277968 |
Entropy (8bit): | 7.872549178114576 |
Encrypted: | false |
MD5: | D6C644512C430CD64965C2259150F371 |
SHA1: | 3CC4AB3774B9C0FE1373F66FFE8580DB790732C1 |
SHA-256: | 3BC0AE9CD143920A55A4A53C61DD516CE5069F3D9453D2A08FC47273F29D1CF3 |
SHA-512: | 49F3C4DC7E42980AA82E88DAB6933D30B2A05939DB1D8BBC5CC076DF761D2970ED85611813BCB5D97915835FD9C4DBE9F1F44F53D4BA026DDCE1DB8327B1B8DD |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Process: | C:\Users\user\Desktop\TkAngEQurH.exe |
File Type: | |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
iptrackeronline.com | 45.55.57.244 | true | false | high | |
doddyfire.dyndns.org | 144.76.215.120 | true | true | 3%, virustotal, Browse | low |
www.iptrackeronline.com | unknown | unknown | false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
45.55.57.244 | United States | 14061 | DIGITALOCEAN-ASN-DigitalOceanIncUS | false | |
144.76.215.120 | Germany | 24940 | HETZNER-ASDE | true |
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.872549178114576 |
TrID: |
|
File name: | TkAngEQurH.exe |
File size: | 1277968 |
MD5: | d6c644512c430cd64965c2259150f371 |
SHA1: | 3cc4ab3774b9c0fe1373f66ffe8580db790732c1 |
SHA256: | 3bc0ae9cd143920a55a4a53c61dd516ce5069f3d9453d2a08fc47273f29d1cf3 |
SHA512: | 49f3c4dc7e42980aa82e88dab6933d30b2a05939db1d8bbc5cc076df761d2970ed85611813bcb5d97915835fd9c4dbe9f1f44f53d4ba026ddce1db8327b1b8dd |
SSDEEP: | 24576:5T791Po0nH/tGM8Vuh4EmNfSu6+S2xtxZYCJSRHjvyUfVboVrKVq:B9ZnH/tZQJfS7+SqxZYNJyImtGq |
File Content Preview: | MZ*\.bo....|.o.Y2.Z.;..e...Syy.<_07p....,......p....C.~...t%.....Q............................................................................................................................................................................................. |
File Icon |
---|
Icon Hash: | b271f8e4ec603142 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x5ff000 |
Entrypoint Section: | |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE |
Time Stamp: | 0x5BD0F21F [Wed Oct 24 22:28:47 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 984c4c57e82d8e821a29c7a241b6100b |
Entrypoint Preview |
---|
Instruction |
---|
jmp 00007FC528F46D56h |
test eax, 50E0169Fh |
jmp 00007FC528F46D53h |
xor eax, 000015E8h |
add bl, ch |
add cl, byte ptr [edi] |
mov bl, EBh |
add dword ptr [ecx], ebp |
xor eax, eax |
jmp 00007FC528F46D57h |
mov ss, word ptr [esi+71A2B34Eh] |
pop edi |
jmp 00007FC528F46D53h |
imul bl |
add dword ptr [ecx-15B7C748h], esi |
imul bl |
add al, 3Bh |
mov ebx, 02EB1CFBh |
add dl, byte ptr [ebx+05h] |
enter 15B7h, 09h |
jmp 00007FC528F46D53h |
cmp dh, byte ptr [ebp+40h] |
jmp 00007FC528F46D54h |
cmp eax, 30FF647Fh |
jmp 00007FC528F46D55h |
mov edx, 896419ACh |
and bl, ch |
add al, 1Dh |
imul eax, esp, 55h |
jmp 00007FC528F46D57h |
fisub word ptr [esi-749486E6h] |
adc bl, ch |
add al, 18h |
popfd |
pop ebx |
int 64h |
pop dword ptr [eax] |
jmp 00007FC528F46D53h |
mov dword ptr [ebx+03EB04C4h], eax |
or eax, EB586254h |
add eax, dword ptr [edx-143C67E5h] |
add eax, C29925F1h |
lodsd |
jmp 00007FC528F46D57h |
imul dword ptr [edi-74167F83h] |
push esp |
and al, 0Ch |
jmp 00007FC528F46D56h |
ficomp word ptr [ebx+05EBE70Ah] |
mov byte ptr [ebp-4671FB25h], ch |
cld |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x164000 | 0x158 | |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x165000 | 0x99468 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
0x1000 | 0x163000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ | |
0x164000 | 0x1000 | 0x200 | False | 0.375 | data | 2.71681508808 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ | |
.rsrc | 0x165000 | 0x99468 | 0x97e0f | False | 0.872212443437 | data | 7.64749388637 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
0x1ff000 | 0x18000 | 0x178f0 | False | 0.999357486321 | DOS executable (COM) | 7.99656260563 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x165090 | 0x128 | GLS_BINARY_LSB_FIRST | English | Great Britain |
RT_ICON | 0x1651e0 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | Great Britain |
RT_ICON | 0x175a30 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294967295 | English | Great Britain |
RT_STRING | 0x1fded4 | 0x594 | empty | English | Great Britain |
RT_STRING | 0x1fd848 | 0x68a | empty | English | Great Britain |
RT_STRING | 0x1fd3b8 | 0x490 | empty | English | Great Britain |
RT_STRING | 0x1fcdbc | 0x5fc | data | English | Great Britain |
RT_STRING | 0x1fc760 | 0x65c | data | English | Great Britain |
RT_STRING | 0x1fc2f8 | 0x466 | data | English | Great Britain |
RT_STRING | 0x1fc1a0 | 0x158 | data | English | Great Britain |
RT_RCDATA | 0x179e10 | 0x81a1c | data | ||
RT_RCDATA | 0x1fb854 | 0x13f | data | ||
RT_GROUP_ICON | 0x1fb9dc | 0x22 | data | English | Great Britain |
RT_GROUP_ICON | 0x1fba28 | 0x14 | data | English | Great Britain |
RT_VERSION | 0x1fba7c | 0x2f4 | data | English | Great Britain |
RT_MANIFEST | 0x1fbdb0 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain |
Imports |
---|
DLL | Import |
---|---|
kernel32.dll | GetModuleHandleA |
user32.dll | ShowWindow |
advapi32.dll | RegOpenKeyExW |
comctl32.dll | ImageList_Remove |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Sector Bin Resources @ 2014 |
FileVersion | 2.84.36.0 |
CompanyName | Sector Bin Resources |
Comments | http://www.autoitscript.com/autoit3/ |
ProductName | Sector Bin Resources |
ProductVersion | 04.13.73 |
FileDescription | Sector Bin Resources |
Translation | 0x0809 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 18, 2019 15:25:13.347815037 CET | 51176 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:13.380264997 CET | 53 | 51176 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:13.388881922 CET | 49223 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:13.410773993 CET | 9003 | 49223 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:13.410862923 CET | 49223 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:13.433890104 CET | 9003 | 49223 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:13.646061897 CET | 49223 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:13.668275118 CET | 9003 | 49223 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:13.668580055 CET | 9003 | 49223 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:13.668689966 CET | 49223 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:14.547825098 CET | 49810 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:14.715215921 CET | 53 | 49810 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:14.751549959 CET | 49224 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:14.773816109 CET | 9003 | 49224 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:14.773940086 CET | 49224 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:14.796585083 CET | 9003 | 49224 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:15.077342987 CET | 49224 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:15.099008083 CET | 9003 | 49224 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:15.099164963 CET | 49224 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:15.297827005 CET | 55151 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:15.303133965 CET | 53216 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:15.335510015 CET | 53 | 55151 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:15.341490030 CET | 53 | 53216 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:15.512525082 CET | 49792 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:15.516726017 CET | 50672 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:15.539720058 CET | 53 | 49792 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:15.555186033 CET | 53 | 50672 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:15.596584082 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:15.597083092 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:15.692912102 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:15.693032026 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:15.693255901 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:15.693381071 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:16.044563055 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:16.045317888 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:16.140913963 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:16.141149044 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:16.143090963 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:16.143132925 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:16.143155098 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:16.143234968 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:16.143774033 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:16.143944025 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:16.143970966 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:16.143996000 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:16.245321035 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:16.245495081 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:16.342365980 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:16.342569113 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:16.454133034 CET | 54414 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.455672979 CET | 61734 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.466495991 CET | 53 | 54414 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.467209101 CET | 53 | 61734 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.468589067 CET | 55067 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.470194101 CET | 64117 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.482518911 CET | 53 | 64117 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.495161057 CET | 53 | 55067 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.577227116 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:16.577323914 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:16.869142056 CET | 62987 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.875061989 CET | 55067 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.896189928 CET | 53 | 62987 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.898175955 CET | 63357 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.901897907 CET | 53 | 55067 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.903693914 CET | 51216 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.915956974 CET | 53 | 51216 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.939346075 CET | 53 | 63357 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:17.012172937 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.021322966 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.148574114 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.157392979 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.255556107 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.255585909 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.255676985 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.255695105 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.255923033 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.255938053 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.255958080 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.255973101 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.255989075 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.256005049 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.256012917 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.256341934 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.264533043 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.264699936 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.264730930 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.264759064 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.264786959 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.264831066 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.264853001 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.264858961 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.264905930 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.264935017 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.264961958 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.264972925 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.265980005 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.273585081 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.352205992 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.352292061 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.352338076 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.352355957 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.352387905 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.352468014 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.352484941 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.352530956 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.352560043 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.352587938 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.360946894 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.360997915 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.361036062 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.361067057 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.361093998 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.361119986 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.361140966 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:17.361191034 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.361547947 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:17.368777990 CET | 49224 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:17.392438889 CET | 9003 | 49224 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:17.392551899 CET | 49224 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:17.392632961 CET | 49224 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:17.414625883 CET | 9003 | 49224 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:18.267760992 CET | 52355 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:18.299943924 CET | 53 | 52355 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:18.300663948 CET | 49231 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:18.322956085 CET | 9003 | 49231 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:18.323024035 CET | 49231 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:18.345494986 CET | 9003 | 49231 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:18.346359968 CET | 49231 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:18.419441938 CET | 9003 | 49231 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:18.419529915 CET | 49231 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:18.473973989 CET | 9003 | 49231 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:18.474386930 CET | 49231 | 9003 | 192.168.1.16 | 144.76.215.120 |
Jan 18, 2019 15:25:18.540304899 CET | 9003 | 49231 | 144.76.215.120 | 192.168.1.16 |
Jan 18, 2019 15:25:22.269650936 CET | 443 | 49226 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:22.269762993 CET | 49226 | 443 | 192.168.1.16 | 45.55.57.244 |
Jan 18, 2019 15:25:22.274197102 CET | 443 | 49225 | 45.55.57.244 | 192.168.1.16 |
Jan 18, 2019 15:25:22.274311066 CET | 49225 | 443 | 192.168.1.16 | 45.55.57.244 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 18, 2019 15:25:13.347815037 CET | 51176 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:13.380264997 CET | 53 | 51176 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:14.547825098 CET | 49810 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:14.715215921 CET | 53 | 49810 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:15.297827005 CET | 55151 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:15.303133965 CET | 53216 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:15.335510015 CET | 53 | 55151 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:15.341490030 CET | 53 | 53216 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:15.512525082 CET | 49792 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:15.516726017 CET | 50672 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:15.539720058 CET | 53 | 49792 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:15.555186033 CET | 53 | 50672 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.454133034 CET | 54414 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.455672979 CET | 61734 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.466495991 CET | 53 | 54414 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.467209101 CET | 53 | 61734 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.468589067 CET | 55067 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.470194101 CET | 64117 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.482518911 CET | 53 | 64117 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.495161057 CET | 53 | 55067 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.869142056 CET | 62987 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.875061989 CET | 55067 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.896189928 CET | 53 | 62987 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.898175955 CET | 63357 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.901897907 CET | 53 | 55067 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.903693914 CET | 51216 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:16.915956974 CET | 53 | 51216 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:16.939346075 CET | 53 | 63357 | 8.8.8.8 | 192.168.1.16 |
Jan 18, 2019 15:25:18.267760992 CET | 52355 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 18, 2019 15:25:18.299943924 CET | 53 | 52355 | 8.8.8.8 | 192.168.1.16 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 18, 2019 15:25:13.347815037 CET | 192.168.1.16 | 8.8.8.8 | 0xb8e7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 18, 2019 15:25:14.547825098 CET | 192.168.1.16 | 8.8.8.8 | 0x544d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 18, 2019 15:25:15.297827005 CET | 192.168.1.16 | 8.8.8.8 | 0x75d9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 18, 2019 15:25:15.303133965 CET | 192.168.1.16 | 8.8.8.8 | 0x3f2a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 18, 2019 15:25:15.512525082 CET | 192.168.1.16 | 8.8.8.8 | 0xacf6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 18, 2019 15:25:15.516726017 CET | 192.168.1.16 | 8.8.8.8 | 0xdde3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 18, 2019 15:25:18.267760992 CET | 192.168.1.16 | 8.8.8.8 | 0xb0a7 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 18, 2019 15:25:13.380264997 CET | 8.8.8.8 | 192.168.1.16 | 0xb8e7 | No error (0) | 144.76.215.120 | A (IP address) | IN (0x0001) | ||
Jan 18, 2019 15:25:14.715215921 CET | 8.8.8.8 | 192.168.1.16 | 0x544d | No error (0) | 144.76.215.120 | A (IP address) | IN (0x0001) | ||
Jan 18, 2019 15:25:15.335510015 CET | 8.8.8.8 | 192.168.1.16 | 0x75d9 | No error (0) | iptrackeronline.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 18, 2019 15:25:15.335510015 CET | 8.8.8.8 | 192.168.1.16 | 0x75d9 | No error (0) | 45.55.57.244 | A (IP address) | IN (0x0001) | ||
Jan 18, 2019 15:25:15.341490030 CET | 8.8.8.8 | 192.168.1.16 | 0x3f2a | No error (0) | iptrackeronline.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 18, 2019 15:25:15.341490030 CET | 8.8.8.8 | 192.168.1.16 | 0x3f2a | No error (0) | 45.55.57.244 | A (IP address) | IN (0x0001) | ||
Jan 18, 2019 15:25:15.539720058 CET | 8.8.8.8 | 192.168.1.16 | 0xacf6 | No error (0) | iptrackeronline.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 18, 2019 15:25:15.539720058 CET | 8.8.8.8 | 192.168.1.16 | 0xacf6 | No error (0) | 45.55.57.244 | A (IP address) | IN (0x0001) | ||
Jan 18, 2019 15:25:15.555186033 CET | 8.8.8.8 | 192.168.1.16 | 0xdde3 | No error (0) | iptrackeronline.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 18, 2019 15:25:15.555186033 CET | 8.8.8.8 | 192.168.1.16 | 0xdde3 | No error (0) | 45.55.57.244 | A (IP address) | IN (0x0001) | ||
Jan 18, 2019 15:25:18.299943924 CET | 8.8.8.8 | 192.168.1.16 | 0xb0a7 | No error (0) | 144.76.215.120 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jan 18, 2019 15:25:16.143155098 CET | 45.55.57.244 | 443 | 192.168.1.16 | 49226 | CN=iptrackeronline.com CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Mon Dec 10 17:41:36 CET 2018 Thu Mar 17 17:40:46 CET 2016 | Sun Mar 10 17:41:36 CET 2019 Wed Mar 17 17:40:46 CET 2021 | 769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,0 | 05af1f5ca1b87cc9cc9b25185115607d |
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Thu Mar 17 17:40:46 CET 2016 | Wed Mar 17 17:40:46 CET 2021 | |||||||
Jan 18, 2019 15:25:16.143970966 CET | 45.55.57.244 | 443 | 192.168.1.16 | 49225 | CN=iptrackeronline.com CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Mon Dec 10 17:41:36 CET 2018 Thu Mar 17 17:40:46 CET 2016 | Sun Mar 10 17:41:36 CET 2019 Wed Mar 17 17:40:46 CET 2021 | 769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,0 | 05af1f5ca1b87cc9cc9b25185115607d |
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Thu Mar 17 17:40:46 CET 2016 | Wed Mar 17 17:40:46 CET 2021 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 15:22:33 |
Start date: | 18/01/2019 |
Path: | C:\Users\user\Desktop\TkAngEQurH.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1277968 bytes |
MD5 hash: | D6C644512C430CD64965C2259150F371 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 15:24:16 |
Start date: | 18/01/2019 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x80000 |
File size: | 64672 bytes |
MD5 hash: | ADF76F395D5A0ECBBF005390B73C3FD2 |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | moderate |
General |
---|
Start time: | 15:24:22 |
Start date: | 18/01/2019 |
Path: | C:\Users\user\AppData\Roaming\TkAngEQurH.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1277968 bytes |
MD5 hash: | D6C644512C430CD64965C2259150F371 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 7.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 9.9% |
Total number of Nodes: | 1207 |
Total number of Limit Nodes: | 42 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.39% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.13% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.85% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.47% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.20% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.12% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.13% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.19% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.50% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.01% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.31% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.23% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.26% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.60% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.09% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.60% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.44% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.21% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
Non-executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.59% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.46% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.05% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.06% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.48% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.12% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.27% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.65% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.14% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.43% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.16% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.14% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.43% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.47% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.93% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.16% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.75% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.22% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.17% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.38% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.16% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.64% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.46% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.55% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.60% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.17% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.08% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.08% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Execution Graph |
---|
Execution Coverage: | 3.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 6.2% |
Total number of Nodes: | 1372 |
Total number of Limit Nodes: | 98 |
Graph
Executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.19% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.47% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.20% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.13% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.39% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.19% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.01% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.31% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.23% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.17% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.19% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.09% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.21% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.19% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.19% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.46% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.13% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.05% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.69% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.12% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.97% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 5.06% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.48% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 7.75% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.12% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.27% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.65% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.27% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.83% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.18% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.48% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.14% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.83% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004674D2, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 33synchronizationthreadUNIQUE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.43% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.16% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.14% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.43% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.47% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.93% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.93% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.48% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.97% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.16% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.12% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.85% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 3.75% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.22% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.17% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.38% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.18% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.16% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.17% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.46% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.48% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.55% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.60% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.17% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.25% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.08% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.08% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.17% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.21% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.15% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 2.71% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.31% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.30% |