Analysis Report
Overview
General Information |
---|
Analysis ID: | 10158 |
Start time: | 22:51:38 |
Start date: | 22/07/2015 |
Overall analysis duration: | 0h 3m 25s |
Report type: | full |
Sample file name: | 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe |
Cookbook file name: | default.jbs |
Analysis system description: | XP SP3 Native, physical Machine for testing VM-aware malware (Office 2003 SP3, Acrobat Reader 9.4.0, Flash 11.2, Internet Explorer 8) |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
HCA enabled: | true |
HCA success: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 64 | 0 - 100 | Report FP / FN |
Signature Overview |
---|
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality for read data from the clipboard | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_00401D10 |
Networking: |
---|
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: |
Boot Survival: |
---|
Creates an autostart registry key | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry value created or modified: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry value created or modified: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry value created or modified: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry value created or modified: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry value created or modified: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry value created or modified: |
Creates an undocumented autostart registry key | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Key value created or modified: |
Monitors registry run keys for changes | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry key monitored: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry key monitored: |
Persistence and Installation Behavior: |
---|
Drops PE files | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | File created: |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_00409153 |
Generates new code (likely due to unpacking of malware or shellcode) | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code execution: | ||
Source: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe | Code execution: |
PE file contains an invalid checksum | Show sources |
Source: initial sample | Static PE information: |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_004021F1 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00405D96 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00406925 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_0040A044 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_01D02EC9 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_01D0311B |
System Summary: |
---|
Tries to open an application configuration file (.cfg) | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | File opened: |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_00405B40 | |
Source: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe | Code function: | 4_1_00405B40 |
Contains functionality to enum processes or threads | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00404E98 |
PE file has an executable .text section and no other executable section | Show sources |
Source: initial sample | Static PE information: |
Reads ini files | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | File read: |
Spawns processes | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process created: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process created: |
Uses an in-process (OLE) Automation server | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Key value queried: |
Contains functionality to call native functions | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_004056E6 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_004061DB | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00404F33 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_0040EB29 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_004050D0 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_01D045B9 |
Creates files inside the system directory | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | File created: |
Creates mutexes | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Mutant created: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Mutant created: |
Enables driver privileges | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process token adjusted: |
Tries to load missing DLLs | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Section loaded: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Contains functionality to create a new security descriptor | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_004083CB |
Anti Debugging: |
---|
Contains functionality to register its own exception handler | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_00406B7A | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_00406218 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_00408A2E | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_0040B38C | |
Source: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe | Code function: | 4_1_00406B7A | |
Source: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe | Code function: | 4_1_00406218 | |
Source: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe | Code function: | 4_1_00408A2E | |
Source: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe | Code function: | 4_1_0040B38C |
Creates guard pages, often used to prevent reverse engineering and debugging | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Memory protected: |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00406791 |
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_00406218 |
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00404F33 |
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_00409153 |
Contains functionality to read the PEB | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_003E0000 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_003E0000 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_003E0408 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_0040E61F |
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_00401530 |
Malware Analysis System Evasion: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_004021F1 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00405D96 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00406925 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_0040A044 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_01D02EC9 | |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_01D0311B |
Contains functionality to query system information | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00402EF3 |
May tried to detect the virtual machine to hinder analysis (VM artifact strings found in memory) | Show sources |
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: |
Queries a list of all running processes | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information queried: |
Contains capabilities to detect virtual machines | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry key queried: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry key queried: |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00406791 |
Found evasive API chain (may stop execution after checking a module file name) | Show sources |
Source: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe | Evasive API call chain: | graph_4-3806 |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe TID: 1528 | Thread sleep count: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe TID: 2556 | Thread sleep time: |
Tries to detect sandboxes and other dynamic analysis tools (process name) | Show sources |
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: |
Hooking and other Techniques for Hiding and Protection: |
---|
Disables application error messsages (SetErrorMode) | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe | Process information set: |
Monitors certain registry keys / values for changes (often done to protect autostart functionality) | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Registry key monitored for changes: |
Stores large binary data to the registry | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Key value created or modified: |
Creates files in the recycle bin to hide itself | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | File created: |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
AV process strings found (often used to terminate AV products) | Show sources |
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: | ||
Source: 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Binary or memory string: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query local / system time | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_004054E1 |
Contains functionality to query the account / user name | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_00402EF3 |
Contains functionality to query windows version | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_0040547F |
Contains functionality locales information (e.g. system language) | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_1_0040BD88 | |
Source: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe | Code function: | 4_1_0040BD88 |
Contains functionality to detect query CPU information (cpuid) | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Code function: | 0_2_004015AC |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Qeruies volume information: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Qeruies volume information: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Qeruies volume information: | ||
Source: C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe | Qeruies volume information: |
Yara Overview |
---|
No Yara matches |
---|
Screenshot |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Path | Type and Hashes |
---|---|
| |
| |
| |
| |
| |
| |
| |
| |
|
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Pingable | Open Ports |
---|---|---|---|
213.110.134.23 | Ukraine | unknown | unknown |
194.165.16.15 | Russian Federation | unknown | unknown |
Static File Info |
---|
General | |
---|---|
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
TrID: |
|
File name: | 1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe |
File size: | 307712 |
MD5: | 9437eabf2fe5d32101e3fbf9f6027880 |
SHA1: | 1b42683bf2c6c0da6f6abd85720b64b387cbad99 |
SHA256: | e67aa9da71042fe85d03b7f57c18e611d3d16167ca9f86615088f2fd98b17a99 |
SHA512: | 4b64ae10fd31564c04540885b09019c148a907b73d6edb673383d0713139965d07a0fc4fac2ebf0bf799a205be0e4aafd09993b44f82354bed72f247c60e9652 |
File Icon |
---|
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40641f |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui 50 |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x55AEABC8 [Tue Jul 21 20:30:00 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007F777CBDAF1Dh |
jmp 00007F777CBD962Dh |
mov edi, edi |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [0041E7BCh] |
mov esi, dword ptr [0040D0E4h] |
call esi |
test eax, eax |
je 00007F777CBD97D3h |
mov eax, dword ptr [0041E7B8h] |
cmp eax, FFFFFFFFh |
je 00007F777CBD97C9h |
push eax |
push dword ptr [0041E7BCh] |
call esi |
call eax |
test eax, eax |
je 00007F777CBD97BAh |
mov eax, dword ptr [eax+000001F8h] |
jmp 00007F777CBD97D9h |
mov esi, 004190ACh |
push esi |
call dword ptr [0040D11Ch] |
test eax, eax |
jne 00007F777CBD97BDh |
push esi |
call 00007F777CBD9EC5h |
pop ecx |
test eax, eax |
je 00007F777CBD97CAh |
push 0041909Ch |
push eax |
call dword ptr [0040D120h] |
test eax, eax |
je 00007F777CBD97BAh |
push dword ptr [ebp+08h] |
call eax |
mov dword ptr [ebp+08h], eax |
mov eax, dword ptr [ebp+08h] |
pop esi |
pop ebp |
ret |
push 00000000h |
call 00007F777CBD973Ch |
pop ecx |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [0041E7BCh] |
mov esi, dword ptr [0040D0E4h] |
call esi |
test eax, eax |
je 00007F777CBD97D3h |
mov eax, dword ptr [0041E7B8h] |
cmp eax, FFFFFFFFh |
je 00007F777CBD97C9h |
push eax |
push dword ptr [0041E7BCh] |
call esi |
call eax |
test eax, eax |
je 00007F777CBD97BAh |
mov eax, dword ptr [eax+000001FCh] |
jmp 00007F777CBD97D9h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1a4e4 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x41000 | 0x2e1a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1a1e0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0x214 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Xored PE | ZLIB Complexity | File Type | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb4f4 | 0xb600 | 6.34633279914 | False | 0.579992273352 | data | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0xd000 | 0xe10e | 0xe200 | 1.3561252733 | False | 0.0758780420354 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1c000 | 0x24fdc | 0x3400 | 4.48242579635 | False | 0.549278846154 | ps database from kernel 8 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x41000 | 0x2e1a0 | 0x2e200 | 7.88320012192 | False | 0.972163998984 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country | Nbr Of Functions | Xored PE |
---|---|---|---|---|---|---|---|
MUI | 0x41420 | 0xf8 | data | English | United States | 0 | False |
RT_DIALOG | 0x41518 | 0x100 | data | English | United States | 0 | False |
RT_DIALOG | 0x41618 | 0xf8 | data | English | United States | 0 | False |
RT_DIALOG | 0x41710 | 0x60 | data | English | United States | 0 | False |
RT_DIALOG | 0x41770 | 0x100 | data | English | United States | 0 | False |
RT_DIALOG | 0x41870 | 0xf8 | data | English | United States | 0 | False |
RT_DIALOG | 0x41968 | 0x60 | data | English | United States | 0 | False |
RT_DIALOG | 0x419c8 | 0xf8 | data | English | United States | 0 | False |
RT_DIALOG | 0x41ac0 | 0xf0 | data | English | United States | 0 | False |
RT_DIALOG | 0x41bb0 | 0x58 | data | English | United States | 0 | False |
RT_DIALOG | 0x41c08 | 0xec | data | English | United States | 0 | False |
RT_DIALOG | 0x41cf4 | 0xe4 | data | English | United States | 0 | False |
RT_DIALOG | 0x41dd8 | 0x4c | data | English | United States | 0 | False |
RT_DIALOG | 0x41e24 | 0xf0 | data | English | United States | 0 | False |
RT_DIALOG | 0x41f14 | 0xe8 | data | English | United States | 0 | False |
RT_DIALOG | 0x41ffc | 0x50 | data | English | United States | 0 | False |
RT_VERSION | 0x4204c | 0x2b0 | data | 0 | False | ||
RT_MANIFEST | 0x422fc | 0x15a | ASCII text, with CRLF line terminators | 0 | False | ||
None | 0x42458 | 0x2cd48 | data | 0 | False |
Imports |
---|
DLL | Import |
---|---|
USER32.dll | AnyPopup, CreateIconFromResourceEx, GetDC, SetFocus, EndDialog, wsprintfW, CreateDialogParamW, GetCursorPos, FindWindowExW, GetAsyncKeyState, RegisterClassW, SetDlgItemTextA, MsgWaitForMultipleObjectsEx, GetDlgItem, ClientToScreen, SendMessageTimeoutW, SendMessageTimeoutA, GetScrollPos, GetSystemMetrics, GetKeyboardType, GetNextDlgTabItem, GetUserObjectInformationA, IsZoomed, GetSysColor, OpenClipboard |
SHELL32.dll | ShellExecuteA |
ole32.dll | OleGetClipboard, CoGetMalloc |
ADVAPI32.dll | AdjustTokenPrivileges |
GDI32.dll | GetCharWidthA, RectVisible, TextOutA, GetArcDirection, DPtoLP, Polygon, SetSystemPaletteUse, DeleteDC, SetDeviceGammaRamp, EndPage, GetNearestPaletteIndex, ExcludeClipRect, LineTo, GetTextMetricsW, GdiSetBatchLimit, CloseFigure, Escape, GetCharWidthW |
KERNEL32.dll | IsValidCodePage, LoadLibraryA, GetACP, GetCPInfo, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, HeapAlloc, HeapReAlloc, RtlUnwind, GetLocaleInfoA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW, HeapSize, GetOEMCP, GetStringTypeA, GlobalUnfix, GetFileType, CheckRemoteDebuggerPresent, SetProcessShutdownParameters, ConvertThreadToFiber, GlobalCompact, GetNumaNodeProcessorMask, VirtualAlloc, GetProcessAffinityMask, GetProcessHandleCount, GetNumaAvailableMemoryNode, CancelWaitableTimer, FileTimeToDosDateTime, GetPrivateProfileStringA, GlobalMemoryStatus, SetLastError, lstrcpynA, GlobalReAlloc, TlsGetValue, GetSystemDirectoryW, VirtualProtect, GetComputerNameA, WaitForMultipleObjects, TlsAlloc, IsBadReadPtr, SetHandleCount, SystemTimeToFileTime, FlushFileBuffers, SetEnvironmentVariableA, GetSystemTimeAsFileTime, GetCommandLineA, GetStartupInfoA, GetModuleHandleW, GetProcAddress, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, GetLastError, InterlockedDecrement, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, DeleteCriticalSection, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright Alexander Roshal 1993-2011 |
InternalName | Command line RAR |
FileVersion | 4.1.0 |
CompanyName | Alexander Roshal |
ProductName | WinRAR |
ProductVersion | 4.1.0 |
FileDescription | Command line RAR |
Translation | 0x0000 0x0000 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 22, 2015 22:52:00.389138937 CEST | 1370 | 55667 | 192.168.0.20 | 194.165.16.15 |
Jul 22, 2015 22:52:00.389175892 CEST | 55667 | 1370 | 194.165.16.15 | 192.168.0.20 |
Jul 22, 2015 22:52:00.389214993 CEST | 1370 | 55667 | 192.168.0.20 | 194.165.16.15 |
Jul 22, 2015 22:52:00.389388084 CEST | 1370 | 55667 | 192.168.0.20 | 194.165.16.15 |
Jul 22, 2015 22:52:00.389400005 CEST | 55667 | 1370 | 194.165.16.15 | 192.168.0.20 |
Jul 22, 2015 22:52:00.389429092 CEST | 1370 | 55667 | 192.168.0.20 | 194.165.16.15 |
Jul 22, 2015 22:52:00.389712095 CEST | 55667 | 1370 | 194.165.16.15 | 192.168.0.20 |
Jul 22, 2015 22:52:00.389796972 CEST | 1370 | 55667 | 192.168.0.20 | 194.165.16.15 |
Jul 22, 2015 22:52:01.861674070 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:01.861707926 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:01.861752987 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:01.861969948 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:01.861980915 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:01.862098932 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:01.862107038 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:02.739554882 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:02.791644096 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:02.791718006 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:02.791737080 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:02.840432882 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:02.840449095 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:02.840487003 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:02.840496063 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:03.719592094 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:03.778784990 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:03.778860092 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:03.778877020 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:03.778965950 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:03.820933104 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:03.932977915 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:03.933051109 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:03.933064938 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:03.933162928 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:03.960963011 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:03.960969925 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:03.961092949 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:03.961107969 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.035813093 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.035886049 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.035900116 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.041316032 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.041424036 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.041438103 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.048542976 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.048690081 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.048703909 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.050591946 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.050695896 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.050709963 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.059112072 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.059185028 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.059211969 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.059225082 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.059267998 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.203339100 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.212040901 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.212145090 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.212158918 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.214329958 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.214433908 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.214451075 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.220139980 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.220292091 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.220305920 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.247690916 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.247844934 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.247859001 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.249541998 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.249690056 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.249703884 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.249758959 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.249907970 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.249919891 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.251120090 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.251271963 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.251286983 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.251445055 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.251594067 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.251605034 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.256812096 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.256824017 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.282767057 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.282849073 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.282864094 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.282955885 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.376579046 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.382605076 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.382678986 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.382693052 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.382780075 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.383460045 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.385159016 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.385257959 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.385272026 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.385416031 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.385507107 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.385518074 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.397018909 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.397124052 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.397138119 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.397289991 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.397387028 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.397397995 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.397439003 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.398863077 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.400470972 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.400576115 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.400589943 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.400669098 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.400810003 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.400820017 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.406905890 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.407006979 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.407025099 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.412940025 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.412950993 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.413027048 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.413039923 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.413083076 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.415668011 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.415766954 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.415782928 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.416330099 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.416476011 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.416488886 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.423840046 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.423943996 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.423958063 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.427583933 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.427736044 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.427750111 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.428389072 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.428543091 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.428556919 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.428652048 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.432754040 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.432760954 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.432876110 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.434235096 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.434241056 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.434357882 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.434371948 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.438690901 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.438842058 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.438855886 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.464513063 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.464668989 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.464682102 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.475549936 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.546515942 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.546523094 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.546647072 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.552737951 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.553642035 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.553793907 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.553807974 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.560013056 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.560095072 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.560163021 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.560175896 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.563174963 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.563322067 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.563333988 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.564676046 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.564775944 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.564790010 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.566476107 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.566580057 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.566593885 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.567608118 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.567759991 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.567774057 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.568722963 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.568875074 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.568888903 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.569262981 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.576786995 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.577193022 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.577292919 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.577306986 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.582396984 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.582549095 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.582561970 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.584342003 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.584487915 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.584501028 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.584974051 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.585083008 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.585097075 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.585205078 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.585347891 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.585359097 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.586575985 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.586679935 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.586694002 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.594630003 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.594784021 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.594798088 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.598436117 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.598583937 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.598597050 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.600539923 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.607759953 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.607767105 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.607891083 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.647809029 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.648051977 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.648060083 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.648176908 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:04.716562033 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.716567993 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:04.716694117 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:05.346335888 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:05.346353054 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:05.346390963 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:05.346399069 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:06.261418104 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:06.378915071 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:06.378989935 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:06.379004002 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:06.403608084 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:06.403621912 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:06.403660059 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:06.403667927 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.301654100 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.313159943 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.313237906 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.313254118 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.313345909 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.318103075 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.324654102 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.324728012 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.324742079 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.324837923 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.327821016 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.327827930 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.327946901 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.397300959 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.415874004 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.415982962 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.415997982 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.425275087 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.425430059 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.425443888 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.429063082 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.429167986 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.429182053 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.649939060 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.650037050 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.650048971 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.912985086 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.927439928 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.927450895 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.927495003 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:07.927576065 CEST | 48755 | 1371 | 213.110.134.23 | 192.168.0.20 |
Jul 22, 2015 22:52:07.927613974 CEST | 1371 | 48755 | 192.168.0.20 | 213.110.134.23 |
Jul 22, 2015 22:52:10.242512941 CEST | 1372 | 55667 | 192.168.0.20 | 194.165.16.15 |
Jul 22, 2015 22:52:10.242558002 CEST | 55667 | 1372 | 194.165.16.15 | 192.168.0.20 |
Jul 22, 2015 22:52:10.242599010 CEST | 1372 | 55667 | 192.168.0.20 | 194.165.16.15 |
Jul 22, 2015 22:52:10.242794037 CEST | 1372 | 55667 | 192.168.0.20 | 194.165.16.15 |
Jul 22, 2015 22:52:10.242806911 CEST | 55667 | 1372 | 194.165.16.15 | 192.168.0.20 |
Jul 22, 2015 22:52:10.242826939 CEST | 1372 | 55667 | 192.168.0.20 | 194.165.16.15 |
Jul 22, 2015 22:52:10.242925882 CEST | 55667 | 1372 | 194.165.16.15 | 192.168.0.20 |
Jul 22, 2015 22:52:10.243139029 CEST | 1372 | 55667 | 192.168.0.20 | 194.165.16.15 |
Hooks - Code Manipulation Behavior |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
System Behavior |
---|
General |
---|
Start time: | 22:51:54 |
Start date: | 22/07/2015 |
Path: | C:\1b42683bf2c6c0da6f6abd85720b64b387cbad99-9437eabf2fe5d32101e3fbf9f6027880.exe |
Wow64 process (32bit): | false |
Commandline: | unknown |
Imagebase: | 0x400000 |
File size: | 307712 bytes |
MD5 hash: | 9437EABF2FE5D32101E3FBF9F6027880 |
General |
---|
Start time: | 22:52:10 |
Start date: | 22/07/2015 |
Path: | C:\WINDOWS\system32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | /c ping 127.0.0.1 >> nul |
Imagebase: | 0x4ad00000 |
File size: | 401920 bytes |
MD5 hash: | 9B890F756D087991322464912FE68E75 |
General |
---|
Start time: | 22:52:10 |
Start date: | 22/07/2015 |
Path: | C:\WINDOWS\system32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | /d /c del C:\1B4268~1.EXE |
Imagebase: | 0x7e360000 |
File size: | 401920 bytes |
MD5 hash: | 9B890F756D087991322464912FE68E75 |
General |
---|
Start time: | 22:52:10 |
Start date: | 22/07/2015 |
Path: | C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe |
Imagebase: | 0x400000 |
File size: | 156672 bytes |
MD5 hash: | B47B4634A0DD6BCCD5309C3679856DA0 |
General |
---|
Start time: | 22:52:11 |
Start date: | 22/07/2015 |
Path: | C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe |
Wow64 process (32bit): | |
Commandline: | C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Windows\IEUpdate\shadow.exe -watchdog |
Imagebase: | |
File size: | 156672 bytes |
MD5 hash: | B47B4634A0DD6BCCD5309C3679856DA0 |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 28.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 2.5% |
Total number of Nodes: | 1182 |
Total number of Limit Nodes: | 6 |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|