Detections

Yara:

CobaltStrikeBeacon

Analysis

Category Package Started Completed Duration Log
STATIC 2020-10-12 16:24:23 2020-10-12 16:24:23 0 seconds Show Log

    

File Details

File Name cfc7b6a8ad0959f4ea3f6b6f09492ea93961938008b61279567f1bddf1a7bc06.dll
File Size 261000 bytes
File Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
PE timestamp 2020-06-23 19:21:26
MD5 da5633a2ba0a3891a3d95513ccc8e6ed
SHA1 6d978d16f35c60bcdbe54405b608aec51a24bd3c
SHA256 cfc7b6a8ad0959f4ea3f6b6f09492ea93961938008b61279567f1bddf1a7bc06
SHA512 e299727ff832e509f081be5b0cce20b78e3fca87e8e1abbdcc7a75a7af31d75456aaab06c781ff0a83b388a9501300cf9acce8e4975cc9d472a5d47a6d87ef72
CRC32 4D45AB9C
Ssdeep 3072:Br+U7LVLn1BFdjGQX8dbDCRUCnhqxmTy1WOeJfUuIRrT10ZFPjEzcuT5rxAgYJu3:Br+USu+WOeOTCjLEIuTAg7+2
Yara
  • shellcode_stack_strings - Match x86 that appears to be stack string creation. - Author: William Ballenthin
CAPE Yara
  • CobaltStrikeBeacon Payload - Author: enzo
Download Download ZIP Resubmit sample

Signatures

CAPE detected the CobaltStrikeBeacon malware family
CAPE has extracted a malware configuration
extracted_config: CobaltStrikeBeacon

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

BinGraph Download graph

2020-10-12T16:54:24.865505 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/ Nothing to display.
MZARUH
!This program cannot be run in DOS mode.
ZGMXZ
Z(+PZ
Z(+QZQ
Z(+RZ
ZRich
.text
`.rdata
@.data
.pdata
@.reloc
t$ WATAUAVAWH
A_A^A]A\_
WAVAWH
A_A^_
x ATAVAWH
0A_A^A\
@SUVWAVAWH
XA_A^_^][
WATAUAVAWH
A_A^A]A\_
x AVH
WATAUAVAWH
|$(!D$
A_A^A]A\_
\$ UVWATAUAVAWH
A_A^A]A\_^]
x UATAUAVAWH
o.hE3
A_A^A]A\]
x AVH
N,+~(I
IcApL
WATAUAVAWH
Hc~pH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
D$(8]
0A_A^A]A\_
SUVWATAUAVAWH
D$0E3
HA_A^A]A\_^][
H SWH
USVWH
u0+]0
X_^[]
H SUVWH
H_^][
` UAVAWH
@A_A^]
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
p AWA
t$(A_
|$ UATAUAVAWH
A_A^A]A\]
t$ UWAVH
<+t*<-t)
x AVH
t$ WATAUAVAWH
u"9D$XH
A_A^A]A\_
9+~ A
9/~ A
L$8E3
9D$Xt
WAVAWH
A_A^_
UAVAWH
A_A^]
VWAVH
!D$(H
9|$ t8L
9l$ u
@A^_^
x AVH
D!L$
UVWATAUAVAWH
D+eoA
A_A^A]A\_^]
9|$ t4L
D$0E3
9D$ u
9>~.L
WATAUAVAWH
A_A^A]A\_
WAVAWH
A_A^_
L$ E3
9D$(t
H SVWH
` UAVAWH
A_A^]
u 9D$8t
UAVAWH
VUUUL
A_A^]
UVWATAUAVAWH
L$ 9r
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
UAVAWH
A_A^]
t$ WH
UVWATAUAVAW
A_A^A]A\_^]
x AVH
@USVWATAUAVAWH
T$XE3
L$0u%H
A_A^A]A\_^[]
@USVWATAUAVAWH
|$pA+
L$<Hc
T$8u%H
D$$Ic
|$pE+
A_A^A]A\_^[]
` UAVAWH
VUUUL
A_A^]
UVWATAUAVAWH
A_A^A]A\_^]
` UAVAWH
A_A^]
WATAUAVAWH
A_A^A]A\_
UAVAWH
D9t$h
D9t$P~
A_A^]
L$ Lc
UAVAWH
@A_A^]
x AVH
WAVAWH
A_A^_
x AVH
WATAUAVAWH
A_A^A]A\_
@SUVWATAUAVAWH
A_A^A]A\_^][
x ATAVAWH
@A_A^A\
x AVH
WATAUAVAWH
A_A^A]A\_
D$HHc
x UATAUAVAWH
A_A^A]A\]
T$ Ic
T$ A;
K SUVWAVH
0A^_^][
wQLcY
HcL$PA
x AVH
WAVAWH
0A_A^_
L$ E3
UWAUAVAWH
H!|$`H
!|$(H!|$ M
D$(H!|$
H!|$ L
A_A^A]_]
WAVAWH
A_A^_
t$ WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
UATAVH
A^A\]
WAVAWH
@A_A^_
UWAVH
H!t$ L
L$ Hc
x AVH
;T$(}#C
x Hct$(E3
x AVH
UVWAVAWH
D$>fD
A_A^_^]
u$H95
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
x AVH
x AVH
UAVAWH
A_A^]
x AVH
UAVAWH
A_A^]
WATAUAVAWH
A_A^A]A\_
L$XE3
WATAUAVAWH
A_A^A]A\_
UAVAWH
A_A^]
WAVAWH
A_A^_
UATAUAVAWH
A_A^A]A\]
VWATAVAWH
H9|$pI
0A_A^A\_^
|$ UAVAWH
H!E(H
t/H9}(u)
A_A^]
D$ E3
x AVH
VWAVH
A^_^
WAVAWH
D$PE3
A_A^_
VWATAVAWH
@A_A^A\_^
L$PE3
UWATAVAWH
D$ IPHL
D$$PAPI
D$0GetI
D$4fEntf
D$8ry
D$DpAdd
D$HrTabf
D$Lle
A_A^A\_]
T$`E3
UWATAVAWH
A_A^A\_]
x AVH
D$HE3
x AVH
x ATAVAWH
fD9c8u
fD9{8u
A_A^A\
uEf9o8u$H
b9\$0vX;
L$hD+
D$0E3
D$hD;
WATAUAVAWH
A_A^A]A\_
x AUAVAWH
A_A^A]
D$HE3
t";D$0u
HcL$0D
UWAVH
VWAVH
!\$`H
L$`D+
0A^_^
t#;D$0u
HcL$0D
x AVH
UVWAVAWH
PA_A^_^]
t$ WATAUAVAWH
0A_A^A]A\_
H#D$ H
x AVH
WAVAWH
A_A^_
UVWATAUAVAWH
A_A^A]A\_^]
VWAVH
0A^_^
UVWATAWH
A_A\_^]
x AWH
D$8E;
L$8E3
L$8E3
x AVH
t=H;]`u7
UATAUAVAWH
LcG$H
LcD$0
T$PLc
LcG$H
Hct$0LcG$H
A_A^A]A\]
|$ UAVAWH
uQHc}0I
A_A^]
t$ WAVAWH
A_A^_
UAVAWH
A_A^]
x ATAVAWH
A_A^A\
x AVH
AAAAAAAAH
BBBBBBBBH
L$(H+
L$(H+
L$(H+
x AVH
p WAVAWH
H;D$H
A_A^_
VWAWH
L$hHc
@A__^
x AWH
WAVAWH
A_A^_
system32H
WATAUAVAWH
A_A^A]A\_
D$(E3
UWAVH
x AVH
A:8uiI
t"A88t
L$ USVWH
X_^[]
UAVAWH
A_A^]
L$ E3
fffffff
x AWH
WATAUAVAWH
|$ H;
@A_A^A]A\_
|$ AVH
WATAUAVAWH
A_A^A]A\_
H AVH
L$ UVWATAUAVAWH
A_A^A]A\_^]
|$hH+
p AWH
t$ WATAUAVAW
D$0H;
Ic^$L
A_A^A]A\_
VWAVH
PA^_^
t$ WAVAWH
A_A^_
Genuua
ineIuY
nteluQ3
UVWATAUAVAWH
D$L0A
D$DD9T$\
|$h+t$D+
|$Dtp
,X< w
A_A^A]A\_^]
WAVAWH
A_A^_
L$0H;
UVWATAUAVAWH
D$L0A
D$DD9T$\
|$h+t$D+
|$Dtp
,X< w
A_A^A]A\_^]
VWATAVAWH
A_A^A\_^
\$ WH
T$PE3
@SVWH
T$`E3
\$0H3
LcA<E3
HcH<H
ATAVAWH
A_A^A\
x AVH
x AVH
x AVH
WAVAWH
A_A^_
VWATAVAWH
0A_A^A\_^
WATAUAVAWH
tAE3
A_A^A]A\_
D$p H
\$0H;
L$0H;
p AWH
l$ VWATAVAWH
D9|$
L$8H3
A_A^A\_^
VWAVH
A^_^
AUAVAWH
0A_A^A]
|$ ;=>o
VWAUAVAWH
0A_A^A]_^
VWATAVAWH
A_A^A\_^
\$ UVWATAUAVAWH
!|$HHc
l$PMk
!|$XI
|$HD9l$X
HcD$LH;
HcD$LH;
D$PHc
H!|$ L
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
USVWATAUAVAWH
L09A:
L0:A:
8UXt#D
D1:Hc
t<fA;
XA_A^A]A\_^[]
t$ WATAUAVAW
D$0H;
A_A^A]A\_
VWATAVAWH
xs;=OT
A_A^A\_^
VWATAVAWH
A_A^A\_^
` AUAVAWH
D$(E3
t$8Hc0I
\$0D9=
A_A^A]
t$ WH
sYHcL$HH
x ATAVAWH
< tD<
A_A^A\
\$ UH
H3E H3E
x AVH
fD90t
fD93u
fD93u
t$8H+
@SUVWATAVAWH
tcH95
L$HH3
PA_A^A\_^][
L$ WH
UWAVH
`A^_]
x AVH
@UATAUAVAWH
!t$(H!t$ I
A_A^A]A\]
@UATAUAVAWH
A_A^A]A\]
` AUAVAWH
|$ Hc
0A_A^A]
VWAVH
A^_^
D$(A9h
@8l$8t
L$(9i
)fD;A
r"fD;A
@8l$8t
x AVH
D82u&H
D$0L9
r=D8v
D8t$Ht
x AVH
UVWATAUAVAWH
A_A^A]A\_^]
t#fE9
x AUAVAWH
A_A^A]
Uy]E3
t$ UH
|$x t
HcL$ H
L$0H+
HcL$ H
L$0H+
HcL$ H
D$0HcD$$H
UVWATAVH
0A^A\_^]
UVWATAUAVAWH
t8L9%C
0A_A^A]A\_^]
tfM9$
D9d$xttH
UVWATAUAVAWH
L$purL
0A_A^A]A\_^]
fB94`
twI9<
d$pE3
D9t$xtpH
T$(9r
@83t'
@8t$8t
@USVWATAUAVAWH
A_A^A]A\_^[]
x AVH
x AVH
@8l$Ht
x AVH
fD93tSH
CfD93u
UAVAWH
A_A^]
USVWATAUAVAWH
HcJ<H
t]+uoA;6rUA
D9m_v
A_A^A]A\_^[]
@USVWATAUAVAWH
eHA_A^A]A\_^[]
x AVH
HcD$hH
|$ UH
HcM H
%s!%s
IsWow64Process
kernel32
%s as %s\%s: %d
%s\%s
%02d/%02d/%02d %02d:%02d:%02d
%I64d
%02d/%02d/%02d %02d:%02d:%02d
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
NtQueueApcThread
ntdll
NtMapViewOfSection
ntdll.dll
RtlCreateUserThread
%.2X:
process
?%s=%s
%s&%s=%s
%s%s: %s
%s&%s
abcdefghijklmnop
0e`tk
$z`O8+
T\(E_
,l+/
u+>2FLB
Rr8E{
Xi_GY!
eG%G'8|
7>H+xHi
z?\)FQ
|dA[P
APme2
.Tu&r
,n%s8E"M
-Y{kVz
">J%&!*
-*Aoy
sysnative
%s (admin)
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: %d
CorExitProcess
(null)
( 8PX
700WP
`h````
xpxxxx
('8PW
700PP
`h`hhh
xppwpp
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
UNICODE
UTF-8
UTF-16LE
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
CreateFile2
=j&&LZ66lA??~
S11b?
e##F^
t,,X.
M;;va
}{))R>
gK99r
!H88p
c!!B0
f""D~**T
V22dN::t
o%%Jr..\$
x((Pz
)w--Z
,cccc||||wwww{{{{
kkkkoooo
gggg++++
YYYYGGGG
&&&&6666????
nnnnZZZZ
RRRR;;;;
[[[[jjjj
9999JJJJLLLLXXXX
CCCCMMMM3333
PPPP<<<<
~~~~====dddd]]]]
ssss````
""""****
2222::::
$$$$\\\\
7777mmmm
llllVVVV
eeeezzzz
xxxx%%%%....
pppp>>>>
ffffHHHH
aaaa5555WWWW
UUUU((((
BBBBhhhhAAAA
QSeA~
!tX)i
='9-6d
aiKwZ
;fD4~
_jbF~T
11#?*0
t\lHBW
00006666
CCCCDDDD
TTTT{{{{
####====
ffff((((
vvvv[[[[
IIIImmmm
%%%%rrrr
]]]]eeee
llllppppHHHHPPPP
FFFFWWWW
kkkk::::
AAAAOOOOgggg
tttt""""
nnnnGGGG
VVVV>>>>KKKK
yyyy
YYYY''''
____````QQQQ
;;;;MMMM
ccccUUUU!!!!
}}}}cc
T00`P
&&Lj66lZ??~A
O44h\
s11bS
R##Fe
&''Ni
>//^q
, @`
99rKJJ
u!!Bc
==zGdd
""Df**T~
;22dV::tN
$$Hl\\
C77nYmm
%%Jo..\r
55j_WW
g+V}+
&Lj&6lZ6?~A?
R;vM;
9rK9J
M3fU3
P<xD<
~=zG=d
"Df"*T~*
2dV2:tN:
$Hl$\
7nY7m
x%Jo%.\r.
p>|B>
a5j_5W
U(Px(
ggV}++
Lj&&lZ66~A??
h\44Q
bS11*?
Xt,,4.
RRvM;;
MMfU33
PPxD<<%
Bc!! 0
~~zG==
Df""T~**;
dV22tN::
xxJo%%\r..8$
pp|B>>q
aaj_55
UUPx((
QPeA~S
0 Umv
SbEwd
\h!T[
.6$:g
>4$8,@
p\lHtW
`3SbE
+HpXhE
pZlNr
T6$:.
wZiK
!tI)i
`3QbE
T[$:.6
;f[4~
_TbF~
h8,4$
2Ht\l
,4$8'9-6:.6$1#?*XhHpSeA~NrZlE
Sbt\lH
QeFbF~TiKwZ
4$8,9-6'.6$:#?*1hHpXeA~SrZlN
SbE\lHtQeF
F~TbKwZi
$8,4-6'96$:.?*1#HpXhA~SeZlNrSbE
lHt\eF
Q~TbFwZiK
8,4$6'9-$:.6*1#?pXhH~SeAlNrZbE
SHt\lF
QeTbF~ZiKw
"3DUfw
"3DUfw
"3DUfw
Stack around the variable '
' was corrupted.
The variable '
' is being used without being initialized.
The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
A cast to a smaller data type has caused a loss of data. If this was intentional, you should mask the source of the cast with the appropriate bitmask. For example:
char c = (i & 0xFF);
Changing the code in this way will not affect the quality of the resulting optimized code.
Stack memory was corrupted
A local variable was used before it was initialized
Stack memory around _alloca was corrupted
Unknown Runtime Check Error
Unknown Filename
Unknown Module Name
Run-Time Check Failure #%d - %s
Stack corrupted near unknown variable
Stack pointer corruption
Cast to smaller type causing loss of data
Stack memory corruption
Local variable used before initialization
Stack around _alloca corrupted
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
PDBOpenValidate5
?456789:;<=
!"#$%&'()*+,-./0123
Microsoft Base Cryptographic Provider v1.0
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
sha256
abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
sprng
LibTomMath
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
LoadLibraryA
GetModuleHandleA
Sleep
GetLastError
WaitForSingleObject
WriteFile
FlushFileBuffers
CloseHandle
GetLocalTime
GetTickCount
CreatePipe
DisconnectNamedPipe
GetStartupInfoA
SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetCurrentProcess
GetCurrentThread
ReadFile
ConnectNamedPipe
CreateNamedPipeA
VirtualProtectEx
TerminateProcess
ReadProcessMemory
WriteProcessMemory
GetThreadContext
ResumeThread
CreateProcessA
GetCurrentDirectoryW
GetFullPathNameA
GetLogicalDrives
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExpandEnvironmentStringsA
GetFileAttributesA
FindFirstFileA
FindNextFileA
CopyFileA
MoveFileA
VirtualProtect
OpenProcess
GetCurrentProcessId
VirtualAllocEx
CreateThread
OpenThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CreateRemoteThread
SetThreadContext
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
Wow64GetThreadContext
Wow64SetThreadContext
SetLastError
SetNamedPipeHandleState
PeekNamedPipe
CreateFileA
WaitNamedPipeA
GetModuleFileNameA
GetComputerNameA
GetVersionExA
GetACP
GetOEMCP
HeapAlloc
HeapFree
GetProcessHeap
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
SetErrorMode
UpdateProcThreadAttribute
DuplicateHandle
ProcessIdToSessionId
Process32First
Process32Next
VirtualQuery
ExitProcess
ExitThread
KERNEL32.dll
ImpersonateNamedPipeClient
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
ImpersonateLoggedOnUser
CreateProcessAsUserA
CreateProcessWithLogonW
CreateProcessWithTokenW
GetUserNameA
RevertToSelf
GetTokenInformation
AllocateAndInitializeSid
FreeSid
LookupAccountSidA
LogonUserA
DuplicateTokenEx
CheckTokenMembership
ADVAPI32.dll
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
InternetQueryDataAvailable
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
WININET.dll
WS2_32.dll
EncodePointer
DecodePointer
GetModuleHandleExW
AreFileApisANSI
GetCommandLineA
GetCurrentThreadId
GetStdHandle
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LoadLibraryExW
RtlUnwindEx
IsValidCodePage
GetCPInfo
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetFileType
DeleteFileW
CreateDirectoryW
RemoveDirectoryW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
LoadLibraryW
HeapSize
HeapReAlloc
CompareStringW
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
CreateFileW
SetEndOfFile
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
SetEnvironmentVariableA
SetEnvironmentVariableW
RaiseException
beacon.x64.dll
ReflectiveLoader
././.,.&.,./.,/
.-.,.*..%
.*.,.*.>...+./.,.:.(./.,.
.).-/.
#///+.-
,-/./...............................................................................................&.-/.
[^JOZK
AZFK\]
q.......................................................................................................................................................................................................'.-.
{^JOZK
~\AZAMAB
.......................................................................$.-.n
[^JOZK
AZFK\]
q.....................%.-/....*.............................................................................................................................................................................................................................................................".-/....$...%oMMK^Z
...>...
MAC...).......#.../...*
MOL..."..........................................................................................................................................................................#.-/....$...%oMMK^Z
...).......,[email protected]
...(...*fA]Z...).../...#.../...*
MOL..."......................................................................................................................................................... .-.>[
.3.-.n
r]W]YAY
r\[@JBB
KVK...................................0.-.n
r]W]@OZGXKr\[@JBB
KVK..................................!.-.
.................................................................................................................................1./.,...=.,.*&&**.:.,.*.....4.-.>ikz..............5.-.>ikz..............2.,.*...N.
.,.*|
./.,...
./.,...
.................................................................................................................................
./.,...
./.,.,.
.*...............................................................................................................................
.*...............................................................................................................................
./.,...
.,.*/
.,.*.....
./.,.n.
./.,.n.
.,.*.....
.-/..................................................................................................................................................................................................................................................................
.-/..................................................................................................................................................................................................................................................................
/,-*.............................................................................................................................
./.,....
?Pt"}
sp93k
TLJz&
:a-d8
jkVM/p7
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
rijndael
mscoree.dll
R6002
- floating point support not loaded
R6008
- not enough space for arguments
R6009
- not enough space for environment
R6010
- abort() has been called
R6016
- not enough space for thread data
R6017
- unexpected multithread lock error
R6018
- unexpected heap error
R6019
- unable to open console device
R6024
- not enough space for _onexit/atexit table
R6025
- pure virtual function call
R6026
- not enough space for stdio initialization
R6027
- not enough space for lowio initialization
R6028
- unable to initialize heap
R6030
- CRT not initialized
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6032
- not enough space for locale information
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6034
- inconsistent onexit begin-end variables
DOMAIN error
SING error
TLOSS error
runtime error
Runtime Error!
Program:
<program name unknown>
Microsoft Visual C++ Runtime Library
(null)
kernel32.dll
ADVAPI32.DLL
ja-JP
zh-CN
ko-KR
zh-TW
USER32.DLL
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
en-US
ar-SA
bg-BG
ca-ES
cs-CZ
da-DK
de-DE
el-GR
fi-FI
fr-FR
he-IL
hu-HU
is-IS
it-IT
nl-NL
nb-NO
pl-PL
pt-BR
ro-RO
ru-RU
hr-HR
sk-SK
sq-AL
sv-SE
th-TH
tr-TR
ur-PK
id-ID
uk-UA
be-BY
sl-SI
et-EE
lv-LV
lt-LT
fa-IR
vi-VN
hy-AM
az-AZ-Latn
eu-ES
mk-MK
tn-ZA
xh-ZA
zu-ZA
af-ZA
ka-GE
fo-FO
hi-IN
mt-MT
se-NO
ms-MY
kk-KZ
ky-KG
sw-KE
uz-UZ-Latn
tt-RU
bn-IN
pa-IN
gu-IN
ta-IN
te-IN
kn-IN
ml-IN
mr-IN
sa-IN
mn-MN
cy-GB
gl-ES
kok-IN
syr-SY
div-MV
quz-BO
ns-ZA
mi-NZ
ar-IQ
de-CH
en-GB
es-MX
fr-BE
it-CH
nl-BE
nn-NO
pt-PT
sr-SP-Latn
sv-FI
az-AZ-Cyrl
se-SE
ms-BN
uz-UZ-Cyrl
quz-EC
ar-EG
zh-HK
de-AT
en-AU
es-ES
fr-CA
sr-SP-Cyrl
se-FI
quz-PE
ar-LY
zh-SG
de-LU
en-CA
es-GT
fr-CH
hr-BA
smj-NO
ar-DZ
zh-MO
de-LI
en-NZ
es-CR
fr-LU
bs-BA-Latn
smj-SE
ar-MA
en-IE
es-PA
fr-MC
sr-BA-Latn
sma-NO
ar-TN
en-ZA
es-DO
sr-BA-Cyrl
sma-SE
ar-OM
en-JM
es-VE
sms-FI
ar-YE
en-CB
es-CO
smn-FI
ar-SY
en-BZ
es-PE
ar-JO
en-TT
es-AR
ar-LB
en-ZW
es-EC
ar-KW
en-PH
es-CL
ar-AE
es-UY
ar-BH
es-PY
ar-QA
es-BO
es-SV
es-HN
es-NI
es-PR
zh-CHT
af-za
ar-ae
ar-bh
ar-dz
ar-eg
ar-iq
ar-jo
ar-kw
ar-lb
ar-ly
ar-ma
ar-om
ar-qa
ar-sa
ar-sy
ar-tn
ar-ye
az-az-cyrl
az-az-latn
be-by
bg-bg
bn-in
bs-ba-latn
ca-es
cs-cz
cy-gb
da-dk
de-at
de-ch
de-de
de-li
de-lu
div-mv
el-gr
en-au
en-bz
en-ca
en-cb
en-gb
en-ie
en-jm
en-nz
en-ph
en-tt
en-us
en-za
en-zw
es-ar
es-bo
es-cl
es-co
es-cr
es-do
es-ec
es-es
es-gt
es-hn
es-mx
es-ni
es-pa
es-pe
es-pr
es-py
es-sv
es-uy
es-ve
et-ee
eu-es
fa-ir
fi-fi
fo-fo
fr-be
fr-ca
fr-ch
fr-fr
fr-lu
fr-mc
gl-es
gu-in
he-il
hi-in
hr-ba
hr-hr
hu-hu
hy-am
id-id
is-is
it-ch
it-it
ja-jp
ka-ge
kk-kz
kn-in
kok-in
ko-kr
ky-kg
lt-lt
lv-lv
mi-nz
mk-mk
ml-in
mn-mn
mr-in
ms-bn
ms-my
mt-mt
nb-no
nl-be
nl-nl
nn-no
ns-za
pa-in
pl-pl
pt-br
pt-pt
quz-bo
quz-ec
quz-pe
ro-ro
ru-ru
sa-in
se-fi
se-no
se-se
sk-sk
sl-si
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sq-al
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
sv-fi
sv-se
sw-ke
syr-sy
ta-in
te-in
th-th
tn-za
tr-tr
tt-ru
uk-ua
ur-pk
uz-uz-cyrl
uz-uz-latn
vi-vn
xh-za
zh-chs
zh-cht
zh-cn
zh-hk
zh-mo
zh-sg
zh-tw
zu-za
zh-CHS
((((( H
h(((( H
H
CONOUT$
Runtime Check Error.
Unable to display RTC Message.
Run-Time Check Failure #%d - %s
bin\amd64\MSPDB110.DLL
SOFTWARE\Wow6432Node\Microsoft\VisualStudio\11.0\Setup\VC
ProductDir
No antivirus signatures available.
Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Processing ( 0.81 seconds )

  • 0.671 CAPE
  • 0.087 AnalysisInfo
  • 0.037 TargetInfo
  • 0.009 Strings
  • 0.005 Debug
  • 0.001 BehaviorAnalysis

Signatures ( 0.05900000000000001 seconds )

  • 0.011 ransomware_files
  • 0.008 ransomware_extensions
  • 0.006 antiav_detectreg
  • 0.004 antiav_detectfile
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_ftp
  • 0.003 territorial_disputes_sigs
  • 0.002 geodo_banking_trojan
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 browser_security
  • 0.001 disables_backups
  • 0.001 disables_browser_warn
  • 0.001 azorult_mutexes
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 revil_mutexes
  • 0.001 ursnif_behavior

Reporting ( 1.403 seconds )

  • 1.403 BinGraph