Edit tour

Windows Analysis Report
SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe

Overview

General Information

Sample name:SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe
Analysis ID:1401858
MD5:e48a16d4ebf8d89f865d8bce8bee62bc
SHA1:744f2e4dcc209d6fe89763a98a200f389f136a33
SHA256:9cca6dbd850e46175cd1c039676659b72d211140833e91a66992ac627200475a
Tags:exe
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Installs a global keyboard hook
Allocates memory with a write watch (potentially for evading sandboxes)
Detected potential crypto function
Enables debug privileges
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeVirustotal: Detection: 15%Perma Link
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\Lenovo\source\repos\JAVAR V2\keylogger module 2\bin\Release\keylogger module 2.pdb source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeCode function: 0_2_0182F1C40_2_0182F1C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeCode function: 0_2_064FDA700_2_064FDA70
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe, 00000000.00000000.1998263473.0000000000D92000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamekeylogger module 2.exeF vs SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe, 00000000.00000002.3243286641.0000000001137000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe, 00000000.00000002.3243457916.00000000012EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeBinary or memory string: OriginalFilenamekeylogger module 2.exeF vs SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeSection loaded: textshaping.dllJump to behavior
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal52.spyw.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeMutant created: NULL
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeMutant created: \Sessions\1\BaseNamedObjects\{aboba-B9A1-45fd-A8CF-72F04E6BDE8F}
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeVirustotal: Detection: 15%
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\Lenovo\source\repos\JAVAR V2\keylogger module 2\bin\Release\keylogger module 2.pdb source: SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeCode function: 0_2_064C213B push esp; ret 0_2_064C2141
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeCode function: 0_2_064F28E1 pushad ; ret 0_2_064F28ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeMemory allocated: 1820000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeMemory allocated: 3180000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeMemory allocated: 5180000 memory reserve | memory write watchJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeProcess token adjusted: DebugJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
1
DLL Side-Loading
1
Virtualization/Sandbox Evasion
11
Input Capture
1
Virtualization/Sandbox Evasion
Remote Services11
Input Capture
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools
LSASS Memory12
System Information Discovery
Remote Desktop Protocol1
Archive Collected Data
Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1401858 Sample: SecuriteInfo.com.Malicious_... Startdate: 02/03/2024 Architecture: WINDOWS Score: 52 8 Multi AV Scanner detection for submitted file 2->8 5 SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe 2 2->5         started        process3 signatures4 10 Installs a global keyboard hook 5->10

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe5%ReversingLabs
SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe16%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
No contacted IP infos
Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1401858
Start date and time:2024-03-02 12:26:09 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 4s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:5
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe
Detection:MAL
Classification:mal52.spyw.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 99%
  • Number of executed functions: 18
  • Number of non-executed functions: 2
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
No simulations
No context
No context
No context
No context
No context
No created / dropped files found
File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):5.7008651716085605
TrID:
  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
  • Win32 Executable (generic) a (10002005/4) 49.78%
  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
  • Generic Win/DOS Executable (2004/3) 0.01%
  • DOS Executable Generic (2002/1) 0.01%
File name:SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe
File size:61'952 bytes
MD5:e48a16d4ebf8d89f865d8bce8bee62bc
SHA1:744f2e4dcc209d6fe89763a98a200f389f136a33
SHA256:9cca6dbd850e46175cd1c039676659b72d211140833e91a66992ac627200475a
SHA512:dba3d0dd0b46cf9f7d92729576574baf7de2dd23da119637363b4ef19d172eb1854e26e2f6a422ad5f3d65cb7f6e94d0ce551e65a5b37708a7f37fc21cd7a943
SSDEEP:1536:W0P8DXMINbqUInqzq1EUa7D8O7Jjw8piAFW:AIKq1ETw8E
TLSH:4B534AA46F8E4537C6AD6BBF70D317520378CAA69003E7EB5DEA21B41C937480D315AB
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... .a............................v.... ... ....@.. .......................`............`................................
Icon Hash:00928e8e8686b000
Entrypoint:0x410576
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:0x61ED20DB [Sun Jan 23 09:33:15 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
Instruction
jmp dword ptr [00410584h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop eax
add eax, 00000001h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x105280x4c.text
IMAGE_DIRECTORY_ENTRY_RESOURCE0x120000x5f6.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xc.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x1058c0x1c.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x105840x8.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x20000xe61c0xe8006d1f05d5bab41849e80c783b60e70948False0.41818763469827586data5.771477350623775IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc0x120000x5f60x600ebd364afdc82351dcbd15061dbe05afeFalse0.421875data4.172337071353766IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x140000xc0x20021b83b1cee5608e8cf03ee5a6595949fFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_VERSION0x120900x36cdata0.3995433789954338
RT_MANIFEST0x1240c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
DLLImport
mscoree.dll_CorExeMain
No network behavior found

Click to jump to process

Click to jump to process

  • File
  • Registry

Click to dive into process behavior distribution

Target ID:0
Start time:12:26:58
Start date:02/03/2024
Path:C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe
Wow64 process (32bit):true
Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Malicious_Behavior.SB.15788.19774.exe
Imagebase:0xd80000
File size:61'952 bytes
MD5 hash:E48A16D4EBF8D89F865D8BCE8BEE62BC
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:10.9%
Dynamic/Decrypted Code Coverage:100%
Signature Coverage:0%
Total number of Nodes:348
Total number of Limit Nodes:21
Show Legend
Hide Nodes/Edges
execution_graph 35790 64ca2de 35791 64ca2df 35790->35791 35797 64c60ef 35791->35797 35807 64c6273 35791->35807 35813 64c6100 35791->35813 35823 64c6186 35791->35823 35792 64ca2ee 35798 64c612f 35797->35798 35802 64c6166 35797->35802 35799 64c6134 35798->35799 35798->35802 35801 64c6148 35799->35801 35805 64c62b8 DrawTextExW 35799->35805 35806 64c6273 DrawTextExW 35799->35806 35800 64c6264 35800->35792 35802->35800 35828 64cade8 35802->35828 35832 64cadf8 35802->35832 35805->35801 35806->35801 35808 64c627b 35807->35808 35810 64c621d 35807->35810 35808->35792 35809 64c6264 35809->35792 35810->35809 35811 64cade8 DrawTextExW 35810->35811 35812 64cadf8 DrawTextExW 35810->35812 35811->35810 35812->35810 35814 64c612f 35813->35814 35818 64c6166 35813->35818 35815 64c6134 35814->35815 35814->35818 35817 64c6148 35815->35817 35821 64c62b8 DrawTextExW 35815->35821 35822 64c6273 DrawTextExW 35815->35822 35816 64c6264 35816->35792 35818->35816 35819 64cade8 DrawTextExW 35818->35819 35820 64cadf8 DrawTextExW 35818->35820 35819->35818 35820->35818 35821->35817 35822->35817 35825 64c6166 35823->35825 35824 64c6264 35824->35792 35825->35824 35826 64cade8 DrawTextExW 35825->35826 35827 64cadf8 DrawTextExW 35825->35827 35826->35825 35827->35825 35829 64cadf8 35828->35829 35830 64c41a0 DrawTextExW 35829->35830 35831 64cae05 35830->35831 35831->35802 35833 64c41a0 DrawTextExW 35832->35833 35834 64cae05 35833->35834 35834->35802 35835 182d6e0 35836 182d726 35835->35836 35840 182d8c0 35836->35840 35843 182d8af 35836->35843 35837 182d813 35841 182d8ee 35840->35841 35846 182d27c 35840->35846 35841->35837 35844 182d27c DuplicateHandle 35843->35844 35845 182d8ee 35844->35845 35845->35837 35847 182d928 DuplicateHandle 35846->35847 35848 182d9be 35847->35848 35848->35841 35849 64ca0e8 35850 64ca10c 35849->35850 35852 64ca113 35849->35852 35851 64ca166 35852->35851 35855 64ca498 35852->35855 35860 64ca5d0 35852->35860 35856 64ca4ba 35855->35856 35857 64ca4ff 35856->35857 35865 64ca9d0 35856->35865 35869 64ca9e0 35856->35869 35857->35851 35862 64ca5f1 35860->35862 35861 64ca673 35861->35851 35862->35861 35863 64ca9d0 DrawTextExW 35862->35863 35864 64ca9e0 DrawTextExW 35862->35864 35863->35861 35864->35861 35866 64ca9ee 35865->35866 35867 64caa03 35866->35867 35868 64c25f8 DrawTextExW 35866->35868 35867->35857 35868->35867 35870 64ca9ee 35869->35870 35871 64c25f8 DrawTextExW 35870->35871 35872 64caa03 35870->35872 35871->35872 35872->35857 35873 64c5b28 35875 64c5b5f 35873->35875 35874 64c5cb8 35875->35874 35878 64c6e90 35875->35878 35882 64c6ea0 35875->35882 35879 64c6ea0 35878->35879 35880 64c25f8 DrawTextExW 35879->35880 35881 64c6eeb 35880->35881 35881->35874 35883 64c6eb0 35882->35883 35884 64c25f8 DrawTextExW 35883->35884 35885 64c6eeb 35884->35885 35885->35874 35594 64fc048 35595 64fc055 35594->35595 35598 64fbce8 35595->35598 35599 64fbcf3 35598->35599 35603 64fc140 35599->35603 35606 64fc130 35599->35606 35600 64fc068 35610 64fc1d0 35603->35610 35604 64fc14c 35604->35600 35607 64fc140 35606->35607 35609 64fc1d0 SetWindowsHookExW 35607->35609 35608 64fc14c 35608->35600 35609->35608 35611 64fc1ee 35610->35611 35612 64fc211 35611->35612 35614 64fc292 35611->35614 35612->35604 35618 64fc2c0 35614->35618 35622 64fc2b0 35614->35622 35615 64fc2ad 35615->35612 35619 64fc2d4 35618->35619 35626 64fbf4c 35619->35626 35623 64fc2c0 35622->35623 35624 64fbf4c SetWindowsHookExW 35623->35624 35625 64fc32f 35624->35625 35625->35615 35627 64fc3b8 SetWindowsHookExW 35626->35627 35629 64fc32f 35627->35629 35629->35615 35630 64f46c8 35631 64f46ef 35630->35631 35632 64f46d5 35630->35632 35636 64c3d18 35632->35636 35644 64c3d28 35632->35644 35633 64f46dc 35637 64c3d28 35636->35637 35638 64c3d4f 35637->35638 35652 64c3fe0 35637->35652 35657 64fad00 35637->35657 35663 64facf1 35637->35663 35670 64c3ff0 35637->35670 35638->35633 35639 64c3ded 35645 64c3d4b 35644->35645 35646 64c3d4f 35645->35646 35648 64c3fe0 DrawTextExW 35645->35648 35649 64c3ff0 DrawTextExW 35645->35649 35650 64facf1 DrawTextExW 35645->35650 35651 64fad00 DrawTextExW 35645->35651 35646->35633 35647 64c3ded 35648->35647 35649->35647 35650->35647 35651->35647 35653 64c3ff0 35652->35653 35675 64c4190 35653->35675 35681 64c41a0 35653->35681 35654 64c4082 35654->35639 35659 64fad26 35657->35659 35658 64fadb2 35658->35639 35750 64c62c8 35659->35750 35756 64c6350 35659->35756 35762 64c62b8 35659->35762 35665 64fac99 35663->35665 35666 64facfa 35663->35666 35664 64fadb2 35664->35639 35665->35639 35667 64c62c8 DrawTextExW 35666->35667 35668 64c62b8 DrawTextExW 35666->35668 35669 64c6350 DrawTextExW 35666->35669 35667->35664 35668->35664 35669->35664 35671 64c4002 35670->35671 35673 64c4190 DrawTextExW 35671->35673 35674 64c41a0 DrawTextExW 35671->35674 35672 64c4082 35672->35639 35673->35672 35674->35672 35677 64c41a0 35675->35677 35676 64c41b7 35676->35654 35677->35676 35687 64c4260 35677->35687 35692 64c4250 35677->35692 35678 64c4242 35678->35654 35683 64c41b3 35681->35683 35682 64c41b7 35682->35654 35683->35682 35685 64c4250 DrawTextExW 35683->35685 35686 64c4260 DrawTextExW 35683->35686 35684 64c4242 35684->35654 35685->35684 35686->35684 35688 64c4286 35687->35688 35689 64c42af 35688->35689 35697 64f4e89 35688->35697 35702 64f4e98 35688->35702 35689->35678 35693 64c4260 35692->35693 35694 64c42af 35693->35694 35695 64f4e89 DrawTextExW 35693->35695 35696 64f4e98 DrawTextExW 35693->35696 35694->35678 35695->35694 35696->35694 35699 64f4eb7 35697->35699 35698 64f503d 35698->35689 35699->35698 35707 64f5048 35699->35707 35711 64f5058 35699->35711 35704 64f4eb7 35702->35704 35703 64f503d 35703->35689 35704->35703 35705 64f5048 DrawTextExW 35704->35705 35706 64f5058 DrawTextExW 35704->35706 35705->35704 35706->35704 35708 64f505e 35707->35708 35715 64cb551 35708->35715 35709 64f5085 35709->35699 35712 64f5061 35711->35712 35714 64cb551 DrawTextExW 35712->35714 35713 64f5085 35713->35699 35714->35713 35716 64cb58a 35715->35716 35717 64cb59b 35715->35717 35716->35709 35717->35716 35720 64cbc80 35717->35720 35725 64cbc90 35717->35725 35721 64cbcb8 35720->35721 35722 64cbdbe 35721->35722 35730 64cc7b8 35721->35730 35735 64cc7a9 35721->35735 35722->35716 35726 64cbcb8 35725->35726 35727 64cbdbe 35726->35727 35728 64cc7b8 DrawTextExW 35726->35728 35729 64cc7a9 DrawTextExW 35726->35729 35727->35716 35728->35727 35729->35727 35731 64cc7ce 35730->35731 35740 64ccc20 35731->35740 35745 64ccc11 35731->35745 35732 64cc844 35732->35722 35736 64cc7b2 35735->35736 35738 64ccc20 DrawTextExW 35736->35738 35739 64ccc11 DrawTextExW 35736->35739 35737 64cc844 35737->35722 35738->35737 35739->35737 35742 64ccc33 35740->35742 35741 64cccbe 35741->35732 35742->35732 35742->35741 35743 64ccce0 DrawTextExW 35742->35743 35744 64cccd1 DrawTextExW 35742->35744 35743->35741 35744->35741 35746 64ccc1a 35745->35746 35746->35732 35747 64cccbe 35746->35747 35748 64ccce0 DrawTextExW 35746->35748 35749 64cccd1 DrawTextExW 35746->35749 35747->35732 35748->35747 35749->35747 35752 64c62de 35750->35752 35751 64c62fb 35754 64c3ff0 DrawTextExW 35751->35754 35752->35751 35753 64c3ff0 DrawTextExW 35752->35753 35753->35751 35755 64c631f 35754->35755 35755->35658 35758 64c6303 35756->35758 35761 64c635b 35756->35761 35757 64c6333 35757->35658 35758->35757 35759 64c3ff0 DrawTextExW 35758->35759 35760 64c631f 35759->35760 35760->35658 35761->35658 35763 64c628b 35762->35763 35765 64c62bb 35762->35765 35763->35658 35764 64c62fb 35767 64c3ff0 DrawTextExW 35764->35767 35765->35763 35765->35764 35766 64c3ff0 DrawTextExW 35765->35766 35766->35764 35768 64c631f 35767->35768 35768->35658 35894 18246b8 35896 18246b9 35894->35896 35895 182471a 35896->35895 35897 18246fb 35896->35897 35903 18247f0 35896->35903 35908 182425c 35897->35908 35899 1824714 35912 64fcb50 35899->35912 35916 64fcb41 35899->35916 35904 1824815 35903->35904 35920 1824900 35904->35920 35924 18248ef 35904->35924 35909 1824267 35908->35909 35932 1825e98 35909->35932 35911 1827426 35911->35899 35913 64fcb5f 35912->35913 36008 64fc574 35913->36008 35917 64fcb50 35916->35917 35918 64fc574 OleInitialize 35917->35918 35919 64fcb7f 35918->35919 35919->35895 35921 1824927 35920->35921 35923 1824a04 35921->35923 35928 1824520 35921->35928 35925 1824927 35924->35925 35926 1824520 CreateActCtxA 35925->35926 35927 1824a04 35925->35927 35926->35927 35929 1825990 CreateActCtxA 35928->35929 35931 1825a53 35929->35931 35931->35931 35933 1825ea3 35932->35933 35936 1825ee8 35933->35936 35935 1827505 35935->35911 35937 1825ef3 35936->35937 35940 18270e8 35937->35940 35939 18275e2 35939->35935 35941 18270f3 35940->35941 35944 1827118 35941->35944 35943 18276e5 35943->35939 35945 1827123 35944->35945 35947 182886b 35945->35947 35951 182af18 35945->35951 35946 18288a9 35946->35943 35947->35946 35955 182d010 35947->35955 35960 182d000 35947->35960 35965 182af50 35951->35965 35968 182af3f 35951->35968 35952 182af2e 35952->35947 35956 182d031 35955->35956 35957 182d055 35956->35957 35992 182d5c8 35956->35992 35996 182d5b9 35956->35996 35957->35946 35961 182d031 35960->35961 35962 182d055 35961->35962 35963 182d5c8 2 API calls 35961->35963 35964 182d5b9 2 API calls 35961->35964 35962->35946 35963->35962 35964->35962 35972 182b037 35965->35972 35966 182af5f 35966->35952 35969 182af50 35968->35969 35971 182b037 2 API calls 35969->35971 35970 182af5f 35970->35952 35971->35970 35973 182b07c 35972->35973 35974 182b059 35972->35974 35973->35966 35974->35973 35980 182b2d0 35974->35980 35984 182b2e0 35974->35984 35975 182b280 GetModuleHandleW 35977 182b2ad 35975->35977 35976 182b074 35976->35973 35976->35975 35977->35966 35981 182b2f4 35980->35981 35982 182b319 35981->35982 35988 182a428 35981->35988 35982->35976 35985 182b2f4 35984->35985 35986 182a428 LoadLibraryExW 35985->35986 35987 182b319 35985->35987 35986->35987 35987->35976 35989 182b8c0 LoadLibraryExW 35988->35989 35991 182b939 35989->35991 35991->35982 35994 182d5d5 35992->35994 35993 182d60f 35993->35957 35994->35993 36000 182d1b4 35994->36000 35997 182d5d5 35996->35997 35998 182d1b4 2 API calls 35997->35998 35999 182d60f 35997->35999 35998->35999 35999->35957 36001 182d1b9 36000->36001 36003 182df20 36001->36003 36004 182d2dc 36001->36004 36003->36003 36005 182d2e7 36004->36005 36006 1827118 2 API calls 36005->36006 36007 182df8f 36006->36007 36007->36003 36010 64fc57f 36008->36010 36012 64fc5b4 36010->36012 36011 64fcc44 36011->36011 36016 64fc5bf 36012->36016 36013 64fcebf 36017 64fced7 36013->36017 36020 64fc808 36013->36020 36014 64fc808 OleInitialize 36014->36013 36016->36013 36016->36014 36016->36017 36018 64fd06e 36017->36018 36024 64fc8c4 36017->36024 36018->36011 36021 64fc813 36020->36021 36022 64fc8c4 OleInitialize 36021->36022 36023 64fd109 36021->36023 36022->36023 36023->36017 36025 64fc8cf 36024->36025 36026 64fd423 36025->36026 36028 64fc8e0 36025->36028 36026->36018 36029 64fd458 OleInitialize 36028->36029 36030 64fd4bc 36029->36030 36030->36026 35769 64c6cc0 35771 64c6cd3 35769->35771 35770 64c6cf5 35771->35770 35773 64c25f8 35771->35773 35774 64c2603 35773->35774 35776 64c6d3b 35774->35776 35777 64c2608 35774->35777 35776->35770 35778 64c2613 35777->35778 35782 64cb508 35778->35782 35786 64cb518 35778->35786 35779 64cb4ff 35779->35776 35783 64cb521 35782->35783 35785 64cb551 DrawTextExW 35783->35785 35784 64cb546 35784->35779 35785->35784 35787 64cb521 35786->35787 35789 64cb551 DrawTextExW 35787->35789 35788 64cb546 35788->35779 35789->35788 35886 64c3ba0 35889 64c3cd3 35886->35889 35890 64c3cf1 35889->35890 35892 64c3d18 DrawTextExW 35890->35892 35893 64c3d28 DrawTextExW 35890->35893 35891 64c3bbc 35892->35891 35893->35891

Executed Functions

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 521 182b037-182b057 522 182b083-182b087 521->522 523 182b059-182b066 call 182a3c0 521->523 525 182b09b-182b0dc 522->525 526 182b089-182b093 522->526 529 182b068 523->529 530 182b07c 523->530 532 182b0e9-182b0f7 525->532 533 182b0de-182b0e6 525->533 526->525 578 182b06e call 182b2d0 529->578 579 182b06e call 182b2e0 529->579 530->522 534 182b11b-182b11d 532->534 535 182b0f9-182b0fe 532->535 533->532 540 182b120-182b127 534->540 537 182b100-182b107 call 182a3cc 535->537 538 182b109 535->538 536 182b074-182b076 536->530 539 182b1b8-182b278 536->539 542 182b10b-182b119 537->542 538->542 571 182b280-182b2ab GetModuleHandleW 539->571 572 182b27a-182b27d 539->572 543 182b134-182b13b 540->543 544 182b129-182b131 540->544 542->540 547 182b148-182b151 call 182a3dc 543->547 548 182b13d-182b145 543->548 544->543 552 182b153-182b15b 547->552 553 182b15e-182b163 547->553 548->547 552->553 554 182b181-182b185 553->554 555 182b165-182b16c 553->555 576 182b188 call 182b9d0 554->576 577 182b188 call 182b9e0 554->577 555->554 557 182b16e-182b17e call 182a3ec call 182a3fc 555->557 557->554 560 182b18b-182b18e 562 182b190-182b1ae 560->562 563 182b1b1-182b1b7 560->563 562->563 573 182b2b4-182b2c8 571->573 574 182b2ad-182b2b3 571->574 572->571 574->573 576->560 577->560 578->536 579->536
APIs
  • GetModuleHandleW.KERNELBASE(00000000), ref: 0182B29E
Memory Dump Source
  • Source File: 00000000.00000002.3244236697.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1820000_SecuriteInfo.jbxd
Similarity
  • API ID: HandleModule
  • String ID:
  • API String ID: 4139908857-0
  • Opcode ID: 2f0fed5b596b61e2eb97846980bee900b9a89b422988d122fcdf8648cb97a15e
  • Instruction ID: ed3cc17f73a5ee54bb42a09c9b47e21c357bc203b50c4ca52454643fa9554f3d
  • Opcode Fuzzy Hash: 2f0fed5b596b61e2eb97846980bee900b9a89b422988d122fcdf8648cb97a15e
  • Instruction Fuzzy Hash: 4E818770A01B158FD726CF29D44475ABBF2FF88300F10892ED48AC7A50DB74EA89CB91
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 580 1824520-1825a51 CreateActCtxA 583 1825a53-1825a59 580->583 584 1825a5a-1825ab4 580->584 583->584 591 1825ac3-1825ac7 584->591 592 1825ab6-1825ab9 584->592 593 1825ad8 591->593 594 1825ac9-1825ad5 591->594 592->591 595 1825ad9 593->595 594->593 595->595
APIs
  • CreateActCtxA.KERNEL32(?), ref: 01825A41
Memory Dump Source
  • Source File: 00000000.00000002.3244236697.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1820000_SecuriteInfo.jbxd
Similarity
  • API ID: Create
  • String ID:
  • API String ID: 2289755597-0
  • Opcode ID: 75e8e7913671cc1feafa97dc902d5eba1f5c554c15a61339fbb34b2ac90f05f5
  • Instruction ID: a760cae70886ec160ef292e79b85f134ac84a40847838e30af240ed000a49d5c
  • Opcode Fuzzy Hash: 75e8e7913671cc1feafa97dc902d5eba1f5c554c15a61339fbb34b2ac90f05f5
  • Instruction Fuzzy Hash: 214102B0C0032DCBDB25CFA9C884BDDBBB5BF48704F20806AD409AB254D7B56985CF90
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 597 1825985-1825a51 CreateActCtxA 599 1825a53-1825a59 597->599 600 1825a5a-1825ab4 597->600 599->600 607 1825ac3-1825ac7 600->607 608 1825ab6-1825ab9 600->608 609 1825ad8 607->609 610 1825ac9-1825ad5 607->610 608->607 611 1825ad9 609->611 610->609 611->611
APIs
  • CreateActCtxA.KERNEL32(?), ref: 01825A41
Memory Dump Source
  • Source File: 00000000.00000002.3244236697.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1820000_SecuriteInfo.jbxd
Similarity
  • API ID: Create
  • String ID:
  • API String ID: 2289755597-0
  • Opcode ID: e7ca498ce4faeae30c34c986dc8c436be86d2dce4264bd3409ff1aad3d84659a
  • Instruction ID: 597cb2ff1825847f1f3b14599e2156c2f73337f11aeff97c58c7c070ccbf1f0d
  • Opcode Fuzzy Hash: e7ca498ce4faeae30c34c986dc8c436be86d2dce4264bd3409ff1aad3d84659a
  • Instruction Fuzzy Hash: 1D41E3B0C00729CFDB25CFA9C985BDDBBB1BF48704F20806AD409AB255DB756989CF90
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 613 64cf4f9-64cf54c 615 64cf54e-64cf554 613->615 616 64cf557-64cf566 613->616 615->616 617 64cf568 616->617 618 64cf56b-64cf5a4 DrawTextExW 616->618 617->618 619 64cf5ad-64cf5ca 618->619 620 64cf5a6-64cf5ac 618->620 620->619
APIs
  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,064CF4E5,?,?), ref: 064CF597
Memory Dump Source
  • Source File: 00000000.00000002.3245341475.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_64c0000_SecuriteInfo.jbxd
Similarity
  • API ID: DrawText
  • String ID:
  • API String ID: 2175133113-0
  • Opcode ID: e0b3e04cf8021719b55f167c8c8f0fd526461f01ea77be8c70f3a043e2c01e86
  • Instruction ID: 4c1d2dc7d1059915ba085137dca0d1e3bfa9e373c05d9085627b5ccede655f84
  • Opcode Fuzzy Hash: e0b3e04cf8021719b55f167c8c8f0fd526461f01ea77be8c70f3a043e2c01e86
  • Instruction Fuzzy Hash: 3C31B2B5D01249AFDB51CF9AD884ADEFBF5FF48320F14842AE919A7310D774A944CBA0
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 623 64cdd54-64cf54c 625 64cf54e-64cf554 623->625 626 64cf557-64cf566 623->626 625->626 627 64cf568 626->627 628 64cf56b-64cf5a4 DrawTextExW 626->628 627->628 629 64cf5ad-64cf5ca 628->629 630 64cf5a6-64cf5ac 628->630 630->629
APIs
  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,064CF4E5,?,?), ref: 064CF597
Memory Dump Source
  • Source File: 00000000.00000002.3245341475.00000000064C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064C0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_64c0000_SecuriteInfo.jbxd
Similarity
  • API ID: DrawText
  • String ID:
  • API String ID: 2175133113-0
  • Opcode ID: 4e8b3e6f5c4d76f5a08b83aa99a02396659c1f61a23c435db4fb52b38d6d4383
  • Instruction ID: d694a59285976a94a68a65d8f38e0b30d854324580048fbb975aa6a62412311b
  • Opcode Fuzzy Hash: 4e8b3e6f5c4d76f5a08b83aa99a02396659c1f61a23c435db4fb52b38d6d4383
  • Instruction Fuzzy Hash: 5831D1B5D002099FDB50CF9AD884AAEFBF5FF48320F14842EE919A7311D374A945CBA0
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 633 64fbf4c-64fc402 636 64fc40e-64fc455 SetWindowsHookExW 633->636 637 64fc404-64fc40c 633->637 641 64fc45e-64fc48a 636->641 642 64fc457-64fc45d 636->642 637->636 642->641
APIs
  • SetWindowsHookExW.USER32(?,00000000,?,?,?,?,?,04183590,?,?,064FC32F,00000000,00000000), ref: 064FC448
Memory Dump Source
  • Source File: 00000000.00000002.3245419238.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_64f0000_SecuriteInfo.jbxd
Similarity
  • API ID: HookWindows
  • String ID:
  • API String ID: 2559412058-0
  • Opcode ID: 16b5117d4eae0cc0d034b26ff6469e48a353f4ae5366793e8542652db784c936
  • Instruction ID: cefa5dc138ecc48ede5bbd464673021daa86377e08508d5ea55ab950e199be27
  • Opcode Fuzzy Hash: 16b5117d4eae0cc0d034b26ff6469e48a353f4ae5366793e8542652db784c936
  • Instruction Fuzzy Hash: 952113B49102199FCB50DFA9D984AEEFBF5FF48310F10842AE919A7350C779A944CBA1
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 646 64fc3b0-64fc402 649 64fc40e 646->649 650 64fc404-64fc40c 646->650 652 64fc418-64fc41b 649->652 650->649 653 64fc423-64fc455 SetWindowsHookExW 652->653 654 64fc45e-64fc48a 653->654 655 64fc457-64fc45d 653->655 655->654
APIs
  • SetWindowsHookExW.USER32(?,00000000,?,?,?,?,?,04183590,?,?,064FC32F,00000000,00000000), ref: 064FC448
Memory Dump Source
  • Source File: 00000000.00000002.3245419238.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_64f0000_SecuriteInfo.jbxd
Similarity
  • API ID: HookWindows
  • String ID:
  • API String ID: 2559412058-0
  • Opcode ID: e916d9b9fed0b4a00ef2ffbff91b83eb2c98e65cf1dc02d2f353463e46d782d7
  • Instruction ID: 177fc8e33b47c62d6b98c456fe9708c058f384572e1b1781989d3a6199c34d6b
  • Opcode Fuzzy Hash: e916d9b9fed0b4a00ef2ffbff91b83eb2c98e65cf1dc02d2f353463e46d782d7
  • Instruction Fuzzy Hash: 232115B4D002199FCB50DFA9D984AEEFBF5FF48310F10841AE519A7350C779A940CBA1
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 659 182d27c-182d9bc DuplicateHandle 661 182d9c5-182d9e2 659->661 662 182d9be-182d9c4 659->662 662->661
APIs
  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0182D8EE,?,?,?,?,?), ref: 0182D9AF
Memory Dump Source
  • Source File: 00000000.00000002.3244236697.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1820000_SecuriteInfo.jbxd
Similarity
  • API ID: DuplicateHandle
  • String ID:
  • API String ID: 3793708945-0
  • Opcode ID: adcb85e43cdbac29e7ab4c60cf8595e9dd36da7ed715e6accd6d19705278aeab
  • Instruction ID: 59f4700d25b1445cf54ddc6d87d58661d71191ae5e014821d8f808358883490f
  • Opcode Fuzzy Hash: adcb85e43cdbac29e7ab4c60cf8595e9dd36da7ed715e6accd6d19705278aeab
  • Instruction Fuzzy Hash: 1A21D4B59002589FDB10CF9AD584AEEBFF5EB48310F14841AE918A7310D378A944CFA0
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 665 182d920-182d9bc DuplicateHandle 666 182d9c5-182d9e2 665->666 667 182d9be-182d9c4 665->667 667->666
APIs
  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0182D8EE,?,?,?,?,?), ref: 0182D9AF
Memory Dump Source
  • Source File: 00000000.00000002.3244236697.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1820000_SecuriteInfo.jbxd
Similarity
  • API ID: DuplicateHandle
  • String ID:
  • API String ID: 3793708945-0
  • Opcode ID: 695a78a24759aa6c2fe81418f7f5d6b0b3e72c44f9bf32a5aed3f60df19c2e5e
  • Instruction ID: 3ced2b4914ae08b8cadcd8e3b68439899198678abb8f6037b327a5f8528b41ae
  • Opcode Fuzzy Hash: 695a78a24759aa6c2fe81418f7f5d6b0b3e72c44f9bf32a5aed3f60df19c2e5e
  • Instruction Fuzzy Hash: E321E0B59002489FDB10CFA9D984ADEBFF5FB08310F14845AE918B3350D378AA94CFA4
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 670 182a428-182b900 672 182b902-182b905 670->672 673 182b908-182b937 LoadLibraryExW 670->673 672->673 674 182b940-182b95d 673->674 675 182b939-182b93f 673->675 675->674
APIs
  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0182B319,00000800,00000000,00000000), ref: 0182B92A
Memory Dump Source
  • Source File: 00000000.00000002.3244236697.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1820000_SecuriteInfo.jbxd
Similarity
  • API ID: LibraryLoad
  • String ID:
  • API String ID: 1029625771-0
  • Opcode ID: 85ed1181ac7996d0e66f09f72f2076ac656e5f8f819852725d87aeb53afd3957
  • Instruction ID: f5be6427c447a5363ef520668d084b65bae38d164461a1e0f9a4cec38bac30bf
  • Opcode Fuzzy Hash: 85ed1181ac7996d0e66f09f72f2076ac656e5f8f819852725d87aeb53afd3957
  • Instruction Fuzzy Hash: 551126B6D013198FDB20CF9AD444AEEFBF4EB48310F10842AD519B7200D379A645CFA4
Uniqueness

Uniqueness Score: -1.00%

APIs
  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0182B319,00000800,00000000,00000000), ref: 0182B92A
Memory Dump Source
  • Source File: 00000000.00000002.3244236697.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1820000_SecuriteInfo.jbxd
Similarity
  • API ID: LibraryLoad
  • String ID:
  • API String ID: 1029625771-0
  • Opcode ID: 848628a09389607c022dd5ee1a19b5a7b80baef50a7ad1d1aace85f36c5d8401
  • Instruction ID: fe57c514ad5a52ff23e5a53737b393bf52e5c3eaff856c51a3e82a34e1d92278
  • Opcode Fuzzy Hash: 848628a09389607c022dd5ee1a19b5a7b80baef50a7ad1d1aace85f36c5d8401
  • Instruction Fuzzy Hash: 2711E4B6D002598FDB10CF9AD484AEEFFF5EF48310F14841AD519A7210C379A645CFA4
Uniqueness

Uniqueness Score: -1.00%

APIs
  • OleInitialize.OLE32(00000000), ref: 064FD4AD
Memory Dump Source
  • Source File: 00000000.00000002.3245419238.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_64f0000_SecuriteInfo.jbxd
Similarity
  • API ID: Initialize
  • String ID:
  • API String ID: 2538663250-0
  • Opcode ID: 9ba89f8cbc74842ea11faeaca177d9528cbba18abb645680730dfe2e351c2e36
  • Instruction ID: 0a394ff08dbde0ef1b0a5331fb682e7ad379d54694bec14891d8fec30a2e0e76
  • Opcode Fuzzy Hash: 9ba89f8cbc74842ea11faeaca177d9528cbba18abb645680730dfe2e351c2e36
  • Instruction Fuzzy Hash: EB1106B5D103588FCB20DF9AD545BDEBFF8AB48310F148459E518B7250C379A644CFA5
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleW.KERNELBASE(00000000), ref: 0182B29E
Memory Dump Source
  • Source File: 00000000.00000002.3244236697.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1820000_SecuriteInfo.jbxd
Similarity
  • API ID: HandleModule
  • String ID:
  • API String ID: 4139908857-0
  • Opcode ID: 91197ed44e21a53fd991fdc79dcd7bf7e74ba8c10521eff1cd2b02dbc87472eb
  • Instruction ID: 9fc108dc8699800704dfd20efd79a6ba8678c10f75909fc16f8b4a2c83303f10
  • Opcode Fuzzy Hash: 91197ed44e21a53fd991fdc79dcd7bf7e74ba8c10521eff1cd2b02dbc87472eb
  • Instruction Fuzzy Hash: 44110FB5C003598FDB10CF9AC444A9EFBF4EB89310F10841AD929A7210C379A645CFA1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • OleInitialize.OLE32(00000000), ref: 064FD4AD
Memory Dump Source
  • Source File: 00000000.00000002.3245419238.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_64f0000_SecuriteInfo.jbxd
Similarity
  • API ID: Initialize
  • String ID:
  • API String ID: 2538663250-0
  • Opcode ID: f316be8de57c4723a1b8d1abcbb488e313a81f66285b124b981eea1c22b6505b
  • Instruction ID: f77b902df8f57144b8f08f8d53667568d57bc93044b4512d8c86d3a77d57184e
  • Opcode Fuzzy Hash: f316be8de57c4723a1b8d1abcbb488e313a81f66285b124b981eea1c22b6505b
  • Instruction Fuzzy Hash: BD1103B1D103488FCB60EF9AD548B9EFBF8EB48320F10845AD619A7310C379A944CFA5
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.3243987688.00000000017DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017DD000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_17dd000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 3ff43a4dd80fa49cecdc66e179766583cdd847271df9ba6e6ab722ec8ce4a93c
  • Instruction ID: 911f388ba775a05c77522331add111e5aa21efefc1cc8b77116ac807f1f09ab7
  • Opcode Fuzzy Hash: 3ff43a4dd80fa49cecdc66e179766583cdd847271df9ba6e6ab722ec8ce4a93c
  • Instruction Fuzzy Hash: B021D071604208DFDB25DFA8D984B26FF75EB88354F24C5A9D90A4B296C33AD406CAA1
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.3243987688.00000000017DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017DD000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_17dd000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 8c844ca3a1ec564aa6dfee55099dfd7b659f5902bab70ba40c9f927f377bcaf2
  • Instruction ID: 571c61f5017ccdd8d5da9486462b8fc6d54f400097b8d4e5a9ff9da573228d7d
  • Opcode Fuzzy Hash: 8c844ca3a1ec564aa6dfee55099dfd7b659f5902bab70ba40c9f927f377bcaf2
  • Instruction Fuzzy Hash: F621F871548208DFDB15DF94D5C0F25FB75FB84324F20C5ADD9494B296C33AE406CA61
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.3243987688.00000000017DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017DD000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_17dd000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d9d38245f84f9178cdc52c9dd14062488a5524c84929edecf24214ae01937142
  • Instruction ID: fffcfa024480028c74aa3ac5039796c7516020b6dae34cfe2da6a70e0dc287f0
  • Opcode Fuzzy Hash: d9d38245f84f9178cdc52c9dd14062488a5524c84929edecf24214ae01937142
  • Instruction Fuzzy Hash: 7D2192755083849FCB13CF64D994711BF71EB86214F28C5EAD8498F2A7C33AD80ACB62
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.3243987688.00000000017DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017DD000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_17dd000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
  • Instruction ID: 7292c6609e33863085d638b3b07850de5d8ac817b0315c2be814677483c31716
  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
  • Instruction Fuzzy Hash: 5511BB75508284DFDB12CF54C6C4B15FFB1FB84224F24C6A9D8494B696C33AE40ACB62
Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Memory Dump Source
  • Source File: 00000000.00000002.3245419238.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_64f0000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 6e7617e3e68488b37cd439baf027196f1917c51dc85881064e4c96c44bc92a0d
  • Instruction ID: 8c9c7e8d9b139b163f210dae1d438776695586a63708ba86f248d8d94b4d65d9
  • Opcode Fuzzy Hash: 6e7617e3e68488b37cd439baf027196f1917c51dc85881064e4c96c44bc92a0d
  • Instruction Fuzzy Hash: 3AF15C30E102098FDB54DFA9C944B9EBBF2FF48314F14816AE509AF3A5DB74A945CB90
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.3244236697.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_1820000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 68e5ac2a122c97a2e4f7d904f51b396d9bcd652ed1d07f03caa9b07762ec8e3f
  • Instruction ID: 72e995f143aace2d3c0be9ad6b82f76e817de6b4b3fe133c4de65b66f7f5001a
  • Opcode Fuzzy Hash: 68e5ac2a122c97a2e4f7d904f51b396d9bcd652ed1d07f03caa9b07762ec8e3f
  • Instruction Fuzzy Hash: 21A17535E00229CFCF06DFB8C44459EB7B2FF85304B158569E905EB255DB71EA85CB50
Uniqueness

Uniqueness Score: -1.00%