RedNet | a4bac13abfd4

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	399.50 KB
MD5	3333e40e61ff33675c26e7a712a7808d
SHA1	7e314834674c7bf514f68790a0e88b014e9115a4
SHA256	a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3
SSDeep	12288:SAAqMeiD2Fr/cJZtfc9GVM5tQHOBR/F+L412g:xAFDem3EMWPQHOL9X
ImpHash	dc0513b2e8e866ceee30009dd51093dc

File Reputation Information

Verdict

Malicious

PE Information

Image Base	0x00400000
Entry Point	0x0040B2B0
Size Of Code	0x00031800
Size Of Initialized Data	0x0003F200
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2021-11-02 10:38 (UTC+1)

Sections (6)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x0003174C	0x00031800	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.75
.data	0x00433000	0x00033D68	0x0002AE00	0x00031C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.94
.gay	0x00467000	0x00000400	0x00000400	0x0005CA00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.gayeta	0x00468000	0x00000400	0x00000400	0x0005CE00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.kux	0x00469000	0x00000096	0x00000200	0x0005D200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rsrc	0x0046A000	0x000069C8	0x00006A00	0x0005D400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.19

Imports (3)

KERNEL32.dll (181)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VerifyVersionInfoW	-	0x00401008	0x0003162C	0x00030A2C	0x00000453
WriteConsoleInputA	-	0x0040100C	0x00031630	0x00030A30	0x00000483
EnumDateFormatsW	-	0x00401010	0x00031634	0x00030A34	0x000000E3
CopyFileExW	-	0x00401014	0x00031638	0x00030A38	0x00000062
DnsHostnameToComputerNameW	-	0x00401018	0x0003163C	0x00030A3C	0x000000CF
FindNextFileW	-	0x0040101C	0x00031640	0x00030A40	0x00000130
ReadConsoleOutputCharacterW	-	0x00401020	0x00031644	0x00030A44	0x00000364
SetConsoleActiveScreenBuffer	-	0x00401024	0x00031648	0x00030A48	0x000003A5
LockFile	-	0x00401028	0x0003164C	0x00030A4C	0x00000305
GetProfileSectionA	-	0x0040102C	0x00031650	0x00030A50	0x00000231
QueryDosDeviceW	-	0x00401030	0x00031654	0x00030A54	0x0000034E
RequestWakeupLatency	-	0x00401034	0x00031658	0x00030A58	0x00000389
GetProcessPriorityBoost	-	0x00401038	0x0003165C	0x00030A5C	0x00000228
GetDriveTypeW	-	0x0040103C	0x00031660	0x00030A60	0x000001BB
GlobalGetAtomNameA	-	0x00401040	0x00031664	0x00030A64	0x0000028D
DeleteFileW	-	0x00401044	0x00031668	0x00030A68	0x000000C3
FindNextVolumeMountPointW	-	0x00401048	0x0003166C	0x00030A6C	0x00000134
TlsSetValue	-	0x0040104C	0x00031670	0x00030A70	0x00000435
SizeofResource	-	0x00401050	0x00031674	0x00030A74	0x00000420
WriteConsoleInputW	-	0x00401054	0x00031678	0x00030A78	0x00000486
GetConsoleTitleW	-	0x00401058	0x0003167C	0x00030A7C	0x0000019F
GetComputerNameExW	-	0x0040105C	0x00031680	0x00030A80	0x00000177
OpenEventA	-	0x00401060	0x00031684	0x00030A84	0x00000327
CallNamedPipeA	-	0x00401064	0x00031688	0x00030A88	0x0000002F
GetModuleHandleW	-	0x00401068	0x0003168C	0x00030A8C	0x000001F9
GetSystemDirectoryA	-	0x0040106C	0x00031690	0x00030A90	0x00000245
GetDriveTypeA	-	0x00401070	0x00031694	0x00030A94	0x000001BA
BuildCommDCBAndTimeoutsA	-	0x00401074	0x00031698	0x00030A98	0x0000002C
GetProcAddress	-	0x00401078	0x0003169C	0x00030A9C	0x00000220
GetModuleHandleA	-	0x0040107C	0x000316A0	0x00030AA0	0x000001F6
GetShortPathNameA	-	0x00401080	0x000316A4	0x00030AA4	0x00000237
DeleteFileA	-	0x00401084	0x000316A8	0x00030AA8	0x000000C0
GetCommandLineW	-	0x00401088	0x000316AC	0x00030AAC	0x00000170
InterlockedIncrement	-	0x0040108C	0x000316B0	0x00030AB0	0x000002C0
InterlockedExchange	-	0x00401090	0x000316B4	0x00030AB4	0x000002BD
CopyFileW	-	0x00401094	0x000316B8	0x00030AB8	0x00000065
CreateActCtxW	-	0x00401098	0x000316BC	0x00030ABC	0x00000068
FormatMessageW	-	0x0040109C	0x000316C0	0x00030AC0	0x00000148
EnterCriticalSection	-	0x004010A0	0x000316C4	0x00030AC4	0x000000D9
FindNextVolumeA	-	0x004010A4	0x000316C8	0x00030AC8	0x00000132
CreateIoCompletionPort	-	0x004010A8	0x000316CC	0x00030ACC	0x00000084
LoadLibraryA	-	0x004010AC	0x000316D0	0x00030AD0	0x000002F1
CreateNamedPipeW	-	0x004010B0	0x000316D4	0x00030AD4	0x00000090
GetSystemDefaultLangID	-	0x004010B4	0x000316D8	0x00030AD8	0x00000242
GetConsoleAliasesLengthA	-	0x004010B8	0x000316DC	0x00030ADC	0x00000180
WriteProfileSectionW	-	0x004010BC	0x000316E0	0x00030AE0	0x00000498
AddAtomW	-	0x004010C0	0x000316E4	0x00030AE4	0x00000004
InterlockedDecrement	-	0x004010C4	0x000316E8	0x00030AE8	0x000002BC
HeapFree	-	0x004010C8	0x000316EC	0x00030AEC	0x000002A1
_hwrite	-	0x004010CC	0x000316F0	0x00030AF0	0x0000049E
InterlockedCompareExchange	-	0x004010D0	0x000316F4	0x00030AF4	0x000002BA
GetStartupInfoW	-	0x004010D4	0x000316F8	0x00030AF8	0x0000023A
CreateMailslotW	-	0x004010D8	0x000316FC	0x00030AFC	0x00000089
GetCPInfoExW	-	0x004010DC	0x00031700	0x00030B00	0x0000015D
GetSystemWow64DirectoryW	-	0x004010E0	0x00031704	0x00030B04	0x00000254
GetLastError	-	0x004010E4	0x00031708	0x00030B08	0x000001E6
GetPrivateProfileIntW	-	0x004010E8	0x0003170C	0x00030B0C	0x00000217
GetConsoleAliasExesLengthW	-	0x004010EC	0x00031710	0x00030B10	0x0000017C
WaitForDebugEvent	-	0x004010F0	0x00031714	0x00030B14	0x00000461
SetLastError	-	0x004010F4	0x00031718	0x00030B18	0x000003EC
LoadLibraryW	-	0x004010F8	0x0003171C	0x00030B1C	0x000002F4
VerifyVersionInfoA	-	0x004010FC	0x00031720	0x00030B20	0x00000452
VirtualAlloc	-	0x00401100	0x00031724	0x00030B24	0x00000454
GetACP	-	0x00401104	0x00031728	0x00030B28	0x00000152
lstrcpyA	-	0x00401108	0x0003172C	0x00030B2C	0x000004AF
GetConsoleAliasA	-	0x0040110C	0x00031730	0x00030B30	0x00000179
GetDiskFreeSpaceExA	-	0x00401110	0x00031734	0x00030B34	0x000001B5
TerminateProcess	-	0x00401114	0x00031738	0x00030B38	0x0000042D
EnumResourceLanguagesA	-	0x00401118	0x0003173C	0x00030B3C	0x000000E6
SetConsoleTextAttribute	-	0x0040111C	0x00031740	0x00030B40	0x000003C0
GlobalGetAtomNameW	-	0x00401120	0x00031744	0x00030B44	0x0000028E
CreateJobSet	-	0x00401124	0x00031748	0x00030B48	0x00000087
MoveFileW	-	0x00401128	0x0003174C	0x00030B4C	0x00000316
lstrcpynA	-	0x0040112C	0x00031750	0x00030B50	0x000004B2
EnumSystemLocalesA	-	0x00401130	0x00031754	0x00030B54	0x000000F8
GetPrivateProfileSectionNamesW	-	0x00401134	0x00031758	0x00030B58	0x0000021A
GetFileAttributesW	-	0x00401138	0x0003175C	0x00030B5C	0x000001CE
FileTimeToSystemTime	-	0x0040113C	0x00031760	0x00030B60	0x00000110
GetTapeParameters	-	0x00401140	0x00031764	0x00030B64	0x00000255
lstrcmpW	-	0x00401144	0x00031768	0x00030B68	0x000004AA
SetEvent	-	0x00401148	0x0003176C	0x00030B6C	0x000003D3
MoveFileA	-	0x0040114C	0x00031770	0x00030B70	0x00000311
CreateMutexA	-	0x00401150	0x00031774	0x00030B74	0x0000008B
FindResourceW	-	0x00401154	0x00031778	0x00030B78	0x00000139
GetCommState	-	0x00401158	0x0003177C	0x00030B7C	0x0000016D
FormatMessageA	-	0x0040115C	0x00031780	0x00030B80	0x00000147
CreateFiber	-	0x00401160	0x00031784	0x00030B84	0x00000076
GetConsoleFontSize	-	0x00401164	0x00031788	0x00030B88	0x0000018D
LocalAlloc	-	0x00401168	0x0003178C	0x00030B8C	0x000002F9
SetFileShortNameA	-	0x0040116C	0x00031790	0x00030B90	0x000003E1
lstrcpyW	-	0x00401170	0x00031794	0x00030B94	0x000004B0
HeapLock	-	0x00401174	0x00031798	0x00030B98	0x000002A2
GetFileAttributesA	-	0x00401178	0x0003179C	0x00030B9C	0x000001C9
SetCalendarInfoW	-	0x0040117C	0x000317A0	0x00030BA0	0x00000399
GetSystemWindowsDirectoryW	-	0x00401180	0x000317A4	0x00030BA4	0x00000252
GetConsoleAliasesW	-	0x00401184	0x000317A8	0x00030BA8	0x00000182
EnumDateFormatsExW	-	0x00401188	0x000317AC	0x00030BAC	0x000000E2
GetComputerNameW	-	0x0040118C	0x000317B0	0x00030BB0	0x00000178
GetPrivateProfileStructW	-	0x00401190	0x000317B4	0x00030BB4	0x0000021F
_hread	-	0x00401194	0x000317B8	0x00030BB8	0x0000049D
LocalFlags	-	0x00401198	0x000317BC	0x00030BBC	0x000002FC
OpenWaitableTimerA	-	0x0040119C	0x000317C0	0x00030BC0	0x00000338
EnumResourceNamesW	-	0x004011A0	0x000317C4	0x00030BC4	0x000000ED
CreateFileMappingW	-	0x004011A4	0x000317C8	0x00030BC8	0x0000007C
SetProcessShutdownParameters	-	0x004011A8	0x000317CC	0x00030BCC	0x000003F9
lstrcpynW	-	0x004011AC	0x000317D0	0x00030BD0	0x000004B3
GetFullPathNameW	-	0x004011B0	0x000317D4	0x00030BD4	0x000001DF
WriteConsoleW	-	0x004011B4	0x000317D8	0x00030BD8	0x0000048C
FreeUserPhysicalPages	-	0x004011B8	0x000317DC	0x00030BDC	0x00000150
WriteConsoleOutputCharacterW	-	0x004011BC	0x000317E0	0x00030BE0	0x0000048A
OpenJobObjectW	-	0x004011C0	0x000317E4	0x00030BE4	0x0000032E
CreateFileW	-	0x004011C4	0x000317E8	0x00030BE8	0x0000007F
SetCurrentDirectoryA	-	0x004011C8	0x000317EC	0x00030BEC	0x000003C6
GlobalWire	-	0x004011CC	0x000317F0	0x00030BF0	0x00000298
GetFileInformationByHandle	-	0x004011D0	0x000317F4	0x00030BF4	0x000001D0
GetProfileSectionW	-	0x004011D4	0x000317F8	0x00030BF8	0x00000232
CommConfigDialogW	-	0x004011D8	0x000317FC	0x00030BFC	0x0000004F
CreateFileA	-	0x004011DC	0x00031800	0x00030C00	0x00000078
GetDefaultCommConfigA	-	0x004011E0	0x00031804	0x00030C04	0x000001B1
LocalFree	-	0x004011E4	0x00031808	0x00030C08	0x000002FD
Sleep	-	0x004011E8	0x0003180C	0x00030C0C	0x00000421
InitializeCriticalSection	-	0x004011EC	0x00031810	0x00030C10	0x000002B4
DeleteCriticalSection	-	0x004011F0	0x00031814	0x00030C14	0x000000BE
LeaveCriticalSection	-	0x004011F4	0x00031818	0x00030C18	0x000002EF
RaiseException	-	0x004011F8	0x0003181C	0x00030C1C	0x0000035A
RtlUnwind	-	0x004011FC	0x00031820	0x00030C20	0x00000392
WideCharToMultiByte	-	0x00401200	0x00031824	0x00030C24	0x0000047A
GetCommandLineA	-	0x00401204	0x00031828	0x00030C28	0x0000016F
GetStartupInfoA	-	0x00401208	0x0003182C	0x00030C2C	0x00000239
HeapValidate	-	0x0040120C	0x00031830	0x00030C30	0x000002A9
IsBadReadPtr	-	0x00401210	0x00031834	0x00030C34	0x000002C8
UnhandledExceptionFilter	-	0x00401214	0x00031838	0x00030C38	0x0000043E
SetUnhandledExceptionFilter	-	0x00401218	0x0003183C	0x00030C3C	0x00000415
GetModuleFileNameW	-	0x0040121C	0x00031840	0x00030C40	0x000001F5
GetCurrentProcess	-	0x00401220	0x00031844	0x00030C44	0x000001A9
IsDebuggerPresent	-	0x00401224	0x00031848	0x00030C48	0x000002D1
TlsGetValue	-	0x00401228	0x0003184C	0x00030C4C	0x00000434
TlsAlloc	-	0x0040122C	0x00031850	0x00030C50	0x00000432
GetCurrentThreadId	-	0x00401230	0x00031854	0x00030C54	0x000001AD
TlsFree	-	0x00401234	0x00031858	0x00030C58	0x00000433
GetOEMCP	-	0x00401238	0x0003185C	0x00030C5C	0x00000213
GetCPInfo	-	0x0040123C	0x00031860	0x00030C60	0x0000015B
IsValidCodePage	-	0x00401240	0x00031864	0x00030C64	0x000002DB
SetFilePointer	-	0x00401244	0x00031868	0x00030C68	0x000003DF
QueryPerformanceCounter	-	0x00401248	0x0003186C	0x00030C6C	0x00000354
GetTickCount	-	0x0040124C	0x00031870	0x00030C70	0x00000266
GetCurrentProcessId	-	0x00401250	0x00031874	0x00030C74	0x000001AA
GetSystemTimeAsFileTime	-	0x00401254	0x00031878	0x00030C78	0x0000024F
ExitProcess	-	0x00401258	0x0003187C	0x00030C7C	0x00000104
GetModuleFileNameA	-	0x0040125C	0x00031880	0x00030C80	0x000001F4
FreeEnvironmentStringsA	-	0x00401260	0x00031884	0x00030C84	0x0000014A
GetEnvironmentStrings	-	0x00401264	0x00031888	0x00030C88	0x000001BF
FreeEnvironmentStringsW	-	0x00401268	0x0003188C	0x00030C8C	0x0000014B
GetEnvironmentStringsW	-	0x0040126C	0x00031890	0x00030C90	0x000001C1
SetHandleCount	-	0x00401270	0x00031894	0x00030C94	0x000003E8
GetStdHandle	-	0x00401274	0x00031898	0x00030C98	0x0000023B
GetFileType	-	0x00401278	0x0003189C	0x00030C9C	0x000001D7
HeapDestroy	-	0x0040127C	0x000318A0	0x00030CA0	0x000002A0
HeapCreate	-	0x00401280	0x000318A4	0x00030CA4	0x0000029F
VirtualFree	-	0x00401284	0x000318A8	0x00030CA8	0x00000457
WriteFile	-	0x00401288	0x000318AC	0x00030CAC	0x0000048D
HeapAlloc	-	0x0040128C	0x000318B0	0x00030CB0	0x0000029D
HeapSize	-	0x00401290	0x000318B4	0x00030CB4	0x000002A6
HeapReAlloc	-	0x00401294	0x000318B8	0x00030CB8	0x000002A4
FlushFileBuffers	-	0x00401298	0x000318BC	0x00030CBC	0x00000141
GetConsoleCP	-	0x0040129C	0x000318C0	0x00030CC0	0x00000183
GetConsoleMode	-	0x004012A0	0x000318C4	0x00030CC4	0x00000195
DebugBreak	-	0x004012A4	0x000318C8	0x00030CC8	0x000000B4
OutputDebugStringA	-	0x004012A8	0x000318CC	0x00030CCC	0x0000033A
OutputDebugStringW	-	0x004012AC	0x000318D0	0x00030CD0	0x0000033B
InitializeCriticalSectionAndSpinCount	-	0x004012B0	0x000318D4	0x00030CD4	0x000002B5
MultiByteToWideChar	-	0x004012B4	0x000318D8	0x00030CD8	0x0000031A
LCMapStringA	-	0x004012B8	0x000318DC	0x00030CDC	0x000002E1
LCMapStringW	-	0x004012BC	0x000318E0	0x00030CE0	0x000002E3
GetStringTypeA	-	0x004012C0	0x000318E4	0x00030CE4	0x0000023D
GetStringTypeW	-	0x004012C4	0x000318E8	0x00030CE8	0x00000240
GetLocaleInfoA	-	0x004012C8	0x000318EC	0x00030CEC	0x000001E8
SetStdHandle	-	0x004012CC	0x000318F0	0x00030CF0	0x000003FC
WriteConsoleA	-	0x004012D0	0x000318F4	0x00030CF4	0x00000482
GetConsoleOutputCP	-	0x004012D4	0x000318F8	0x00030CF8	0x00000199
CloseHandle	-	0x004012D8	0x000318FC	0x00030CFC	0x00000043

USER32.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CharToOemBuffW	-	0x004012E0	0x00031904	0x00030D04	0x00000035
CharUpperW	-	0x004012E4	0x00031908	0x00030D08	0x0000003A
GetMessageTime	-	0x004012E8	0x0003190C	0x00030D0C	0x0000014D
LoadMenuA	-	0x004012EC	0x00031910	0x00030D10	0x000001DE

ADVAPI32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
AbortSystemShutdownW	-	0x00401000	0x00031624	0x00030A24	0x00000004

Memory Dumps (37)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Relevant Image	32-bit	0x00417800	... Actions Go to Process Download Dump
buffer	1	0x00643858	0x0066CB87	First Execution	32-bit	0x00643858	... Actions Go to Process Download Dump
buffer	1	0x00580000	0x005B7FFF	First Execution	32-bit	0x00580000	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x00580000	0x005B7FFF	Content Changed	32-bit	0x005804F6	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x0040CD2F	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x0040E1D8	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x0041087E	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x0041388D	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x00411CBA	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x004145D2	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x00417625	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x0040FA58	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x004019F0	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x00407270	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x0040223B	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x02350000	0x0237AFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x025A0000	0x025C8FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0259E000	0x0259FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00194000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x001F1EC8	0x001F1F47	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x001F1F50	0x001F274F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00580000	0x005B7FFF	First Network Behavior	32-bit	0x00580920	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x00643858	0x0066CB87	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x006B22A0	0x006B231F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02141018	0x021410BB	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x021417A8	0x02141836	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02141840	0x021418F3	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02141D30	0x02141DBC	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02142110	0x0214219E	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02142490	0x02142CB3	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02150048	0x02163D69	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02163D78	0x021A3D99	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x021A3DA8	0x021CE1B5	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	First Network Behavior	32-bit	0x00402403	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x004104E9	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Content Changed	32-bit	0x00414661	... Actions Go to Process Go to YARA Match Download Dump
a4bac13abfd454b26ddd32a25d87080e7e4bf8b6a9e85e7e91736b3f944565c3.exe	1	0x00400000	0x00470FFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

b14bcf7e766be0d5ea1f045fa63bc03a3d5c18687539e66f42a3051e5ea8d0af

Downloaded File

Text

MIME Type	text/plain
File Size	14 Bytes
MD5	3ef2dc2ead803750e71a9e1aa2cdc958
SHA1	7098b9a4017107563f330678349c8e80b8e10ae6
SHA256	b14bcf7e766be0d5ea1f045fa63bc03a3d5c18687539e66f42a3051e5ea8d0af
SSDeep	3:eubLXj:euLXj
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information