Windows
Analysis Report
dup2patcher.dll
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
loaddll32.exe (PID: 7460 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\dup 2patcher.d ll" MD5: 51E6071F9CBA48E79F10C84515AAE618) conhost.exe (PID: 7468 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) cmd.exe (PID: 7512 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\dup 2patcher.d ll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) rundll32.exe (PID: 7536 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",#1 MD5: 889B99C52A60DD49227C5E485A016679) WerFault.exe (PID: 7644 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 536 -s 628 MD5: C31336C1EFC2CCB44B4326EA793040F2) rundll32.exe (PID: 7520 cmdline:
rundll32.e xe C:\User s\user\Des ktop\dup2p atcher.dll ,AddMsg MD5: 889B99C52A60DD49227C5E485A016679) WerFault.exe (PID: 7652 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 520 -s 616 MD5: C31336C1EFC2CCB44B4326EA793040F2) rundll32.exe (PID: 7816 cmdline:
rundll32.e xe C:\User s\user\Des ktop\dup2p atcher.dll ,CloseFile Mapping MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 7908 cmdline:
rundll32.e xe C:\User s\user\Des ktop\dup2p atcher.dll ,CloseFile Mapping_re adonly MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 7936 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",AddMsg MD5: 889B99C52A60DD49227C5E485A016679) WerFault.exe (PID: 7244 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 936 -s 624 MD5: C31336C1EFC2CCB44B4326EA793040F2) rundll32.exe (PID: 7944 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",CloseFi leMapping MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 7952 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",CloseFi leMapping_ readonly MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 7960 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",write_d isk_file MD5: 889B99C52A60DD49227C5E485A016679) WerFault.exe (PID: 7256 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 960 -s 624 MD5: C31336C1EFC2CCB44B4326EA793040F2) rundll32.exe (PID: 7968 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",load_pa tcher MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 7980 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",SetRegS tring MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 7992 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",SetRegD word MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 8000 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",SearchA ndReplace MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 8072 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",Reg_Del ete_Value MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 8108 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",LoadFil eMapping MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 8116 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",GetRegS tring MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 8124 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",GetRegD word MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 8140 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",GetPlug inDataMemo ry MD5: 889B99C52A60DD49227C5E485A016679) rundll32.exe (PID: 8156 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\dup2 patcher.dl l",GetPatc herWindowH andle MD5: 889B99C52A60DD49227C5E485A016679)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security | ||
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security | ||
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security | ||
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security | ||
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security | ||
Click to see the 2 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security | ||
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security | ||
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security | ||
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security | ||
JoeSecurity_GenericPatcher | Yara detected Generic Patcher | Joe Security | ||
Click to see the 2 entries |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 3_2_6CD76CE0 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 3_2_6CD771E0 |
Source: | Code function: | 3_2_6CD771E0 |
System Summary |
---|
Source: | Static PE information: |
Source: | Code function: | 3_2_6CD79FA0 | |
Source: | Code function: | 3_2_6CD777A9 | |
Source: | Code function: | 3_2_6CD79762 | |
Source: | Code function: | 3_2_6CD7805E | |
Source: | Code function: | 16_2_10001B17 | |
Source: | Code function: | 16_2_10001AE4 | |
Source: | Code function: | 16_2_100015E5 |
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 3_2_6CD7149B |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Code function: | 3_2_6CD75AFE |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | Stalling execution: | graph_16-808 |
Source: | Code function: | 3_2_6CD768D3 |
Source: | Window / User API: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Code function: | 3_2_6CD76CE0 |
Source: | Code function: | 3_2_6CD74616 |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | |||
Source: | Process queried: |
Source: | Code function: | 3_2_6CD768D3 |
Source: | Code function: | 3_2_6CD75AFE |
Source: | Code function: | 3_2_6CD767DE | |
Source: | Code function: | 3_2_6CD767F8 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 3_2_6CD76FA0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 11 Process Injection | 21 Virtualization/Sandbox Evasion | OS Credential Dumping | 31 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 21 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 2 Clipboard Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Rundll32 | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 3 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
65% | ReversingLabs | Win32.Trojan.Generic | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1411078 |
Start date and time: | 2024-03-18 15:39:26 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 36 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | dup2patcher.dll |
Detection: | MAL |
Classification: | mal68.evad.winDLL@44/19@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target rundll32.exe, PID 7960 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: dup2patcher.dll
Time | Type | Description |
---|---|---|
15:41:13 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\bassmod.dll | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_5aa1c5c01549fa45ad9a16e66b3c3c2aa3426eb_7522e4b5_23c4799e-a01f-4f8f-8700-ed783e5e0556\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8634090815005683 |
Encrypted: | false |
SSDEEP: | 192:4vPiieO6KK0BU/wjeTzDzuiFJZ24IO8dci2:QPiifvRBU/wjejzuiFJY4IO8dci |
MD5: | 4805E6C7F695BD02215C85857080E26F |
SHA1: | 5E324E3C7212287BE07E666959F85BBF654AFB7C |
SHA-256: | 3B37C27439867E4DB9B5DCC95F4CDB603A77FDC589C1F35F7DAA19A4ECA82715 |
SHA-512: | 08B3223218CD93A3CF60E4443C73341D253D716C6880438FF1B92A5F04473928E2995FCACF403380F4698FB5A24702F4574E001BCAD670C7C9BCD0DB617CD841 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_717b893d71ade4662cb34ff8156d52b401b83c9_7522e4b5_43c3c8b8-f495-436e-b067-5961b7a877fa\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8633748343734353 |
Encrypted: | false |
SSDEEP: | 192:M9/2i5ObN0BU/wjeTzDzuiFJZ24IO8dci:S2iQbOBU/wjejzuiFJY4IO8dci |
MD5: | C5BC27AF25418B43C10A04523AD371CC |
SHA1: | F603098DEEE7DC48C78AAC501B913671139DA477 |
SHA-256: | 350575B82AB66A6DEEA1BBC336B4F0B364474F2631869C17CF84B0226F5F42EB |
SHA-512: | A5E911A8271C776C0A88DB77640BD9A02AEA06BD54F8A09FEB4971D704EEA485C348AE8CE0F27468EC61A7CF57B9504D45A214DE33C36B59445CE7B11342F529 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_717b893d71ade4662cb34ff8156d52b401b83c9_7522e4b5_4911ab3a-36da-4fff-bddc-3152bc9cdcd8\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8627133963712349 |
Encrypted: | false |
SSDEEP: | 96:EeFD6iEhVyCLsj94sh7efoQXIDcQvc6QcEVcw3cE/O/a/z+HbHg/BQAS/YyNl4E5:DYiEOAN0BU/wjeTzDzuiFJZ24IO8dci |
MD5: | D6708028BCD34EBA70FA25ECDB43F536 |
SHA1: | F3ED8BB7CCF88847CBAA3414E9B9EDA9189F04E9 |
SHA-256: | 89D8836FE3C7F4F8B65F535D0B20073A7707BD65C60C4442E15383E27918FF7A |
SHA-512: | F178E5CA3A1C2B9594A404C7069F7C3DCC9256124E7DF179510AC725773F8B0BC641A6CA9BE3F94F3D82261476B89B33F003CC21C373ED0062B9E82E5382F270 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_717b893d71ade4662cb34ff8156d52b401b83c9_7522e4b5_a92e9e53-3091-45c3-a6b1-e201de41f298\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8628110966767798 |
Encrypted: | false |
SSDEEP: | 192:pYitOAN0BU/wjeTzDzuiFJZ24IO8dciY:iikAOBU/wjejzuiFJY4IO8dciY |
MD5: | 23E8D0F7A8C2DEB922DAC2CB693F7138 |
SHA1: | FE739D1FB52133CA566E51AFDC1B8B3548FC31A7 |
SHA-256: | 7BDC781AEF31D1304CB898A0C061418A5AC52A3BD1263CF893012088C7E24243 |
SHA-512: | F59B047A09981122BCF12A796027AD064C898332BB42421BF3BC3374A75E6EF0B8F8F14F1FA58751D2B43F669881A61258CCC3B0D65BF352C8494DBC6F4F5340 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44482 |
Entropy (8bit): | 1.9136058928091428 |
Encrypted: | false |
SSDEEP: | 192:fkpI0QBUYA6eO5H46HTJSh2gegTGK03AeI2x+Qn5:M7QBUwZ5HNHcegKTAeWQn |
MD5: | F4FAAB0C7E77F91FE1F390FE90B6D76F |
SHA1: | 6B1B032010A7B80E4E80C042EA6B04E6712A06AE |
SHA-256: | 44EA82163F45229BE3B6C9845EF18681536687BD09D2374513D45DE34114200E |
SHA-512: | 73F13DF4BDE786DF24E4EF1828986C9EB66FA9F646AB3C2FCEFA64CA7094CA624FF37510369D6D651922122C5709A3E7E6165D366CF1BCDBCAADAAE38F3A4F9E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41606 |
Entropy (8bit): | 2.003216266983777 |
Encrypted: | false |
SSDEEP: | 192:fkF2QBUPA6OO5H4+m3aVmycg57fXUPhL5zEZI:MF2QBUbJ5Hrmycq78PhkI |
MD5: | 79B6839E11D07F254C8A2487D7491FD3 |
SHA1: | E97255B78C6B7FD2E43D034FFE4C2A455187DC6E |
SHA-256: | EA98C5FEFF74D49760E3100FB624488E63A1BE2A5A0DF4D4493101825574BB3F |
SHA-512: | 3413FC0281E6012A1889701EA1C8BB7209391797E1198ACAAAD1CA06C5C15551C31FEF76889B9B3693BF375B26853E2C3FEDFF65599A1BB6B9F0E3AC8536C285 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8270 |
Entropy (8bit): | 3.691434301913823 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJljh6IQl6YHr6igmfT73Dprt89bq9sfSHOm:R6lXJZh6IQl6YL6igmfT73kq2fq |
MD5: | 63626F3A7E52DC6C511CF7CF5A4D7426 |
SHA1: | D9F3C0D4B61CCCE3180EED58CD0A6A1F6A21FCC6 |
SHA-256: | A8222E7D07F6F429EA135CE28D4885AB171FF2434AF0C00025D599D874EE6F5A |
SHA-512: | D31D1372CCADCFC49F2FA361BB71714C0CD02DC32A9E3371FF0EF74D5603BE36503A5770F542AF6033DE9CF4B98E16DEECCC461D227894DC10127F5D474F135A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8262 |
Entropy (8bit): | 3.6916520780216944 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJCjk6IQo6YKQ6CgmfT73DprY89bqjsfxOm:R6lXJ0k6IQo6YN6CgmfT737qIfB |
MD5: | EF1E3EFFCBC4F3638F60363363CBB5B8 |
SHA1: | 312944955CDEE480ECB70D15CFED27DC3A0FB8B1 |
SHA-256: | E30A46FD02B0AB8E5B21E9278477D70D702F9C30B209793F03C0AFED9AB8C10A |
SHA-512: | D4E3E8BE3D3D7648F9FDD876D2ABA91C6AFAD4AD13F4BF59B4884F912BB912A4CFEDBEEF88E5AF65F3D9A2D9EC11656E1CE2658FE5BD075E4396FAA45BC5CB7F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4652 |
Entropy (8bit): | 4.45524215086991 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFiJg77aI9Z+WpW8VYVYm8M4JCdPsFl+q8/CSGScSrd:uIjfyI7j/7VhJRGJ3rd |
MD5: | 8D65CCE7A076BB1DAA1ADEB1AE64ADCB |
SHA1: | 99D7613860590CE04E4DD01E450FAC6C1D8291F7 |
SHA-256: | F834CC990339053F718773C4970E57F551ABCB2A589A072A4CC9E8CB74964502 |
SHA-512: | C429A1E1041C20CD83BCBDBA9CED3BE03BB9A19A75636AAEB7D5F27BEBBABBC912C89CA3244EACB1625C2833FA6B9DFFFC8071E7D68E78B287758893D3643BEE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4652 |
Entropy (8bit): | 4.4571387114883905 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFiJg77aI9Z+WpW8VYFYm8M4JCdPsFi+q8/CzGScSgd:uIjfyI7j/7VZJWPJ3gd |
MD5: | 906BA3F1352C02A744D631B2A924B0F4 |
SHA1: | E9ACDEA73E91948ED6BB96B65B7DA9F52381AD44 |
SHA-256: | DBE916F396941DF344ABDD9576FA5900F46A939CDDA4CCDC197F18752353A278 |
SHA-512: | 6A5612945C39BB117ED0A3493E740DE06844453801FE5B6BA8A12C1064D887273DEDD77343BE6A363600C515D3B4CD3C27418DCEE2A2E391B62BBE1C89E87E03 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41446 |
Entropy (8bit): | 2.0152169867690217 |
Encrypted: | false |
SSDEEP: | 192:VkJwQBU+A6lXO5H4WHDHt+3ZHSIQwrS9CMIeAAS9R:eJwQBUSg5HPBIHRQkS9+dAS |
MD5: | EA563DF2337F511E12182C45ED58E2B8 |
SHA1: | 2CA83AA6742ABDB879ECC48523318E21AEC621A2 |
SHA-256: | 9EF59072F0048F84D37DBD907B5F7C868C743B36113408FEC18378A45D63CFF1 |
SHA-512: | 96A41EB0E285421D1E40340BA7BE8E062E5459090981A9CF1675DC1715D57263489A58AD5D755067E2979BA4511A2EE935692AB153A72D9BAC27E8FBC6D03FE4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44070 |
Entropy (8bit): | 1.9084622428371156 |
Encrypted: | false |
SSDEEP: | 192:VkfdQBUeA6XEXO5H4LFsIyUKg0g+Vvxw/:efdQBUy55H4GUKp5w/ |
MD5: | C67885E656764EBDC4FE68F8E1CC7CE7 |
SHA1: | 4D74C5193F81EE8304A5B0305DE65938E31627FF |
SHA-256: | 10C898E3F1D312E4956CFFBD66D4C3070471A69782BCAB39F105C1E84C259103 |
SHA-512: | D93027BBE31076D0300D196E9D71FB72C6AD1385CF8DAA902FF4DB2E16E4E898FD1A11F5F243DE29A8992907AB215EA760193596826CD2B38D47503F0739E4BE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8288 |
Entropy (8bit): | 3.6915361991192523 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJd06IQrS7t6YHa6f8gmfTRJTG3Dpra89bZFsf81Tm:R6lXJe6IQe7t6Y66EgmfTRJi3NZef8s |
MD5: | 33DEB296812A89AD79C72ECE1DAEF644 |
SHA1: | A47E029E3FD7DF7EC76D0896DD4F0A18F45DE973 |
SHA-256: | 3003954DB92E9858B7A702BC7E14A2BE98A527AB9B3155D1E316772E58473ABB |
SHA-512: | CA645FF6584559DDD73729D2B7695148E069D26562305F0755302A7CDA1CA6A307D1D61B1056D774B3ECC72A3D16048C9AE135B4B70F158E166F1FF9DA7746F2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4656 |
Entropy (8bit): | 4.459350849309811 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsjJg77aI9Z+WpW8VYdYm8M4JCdPPFo+q8/ahJGScSwd:uIjf9I7j/7VpJzJJJ3wd |
MD5: | 5C3B958AFFA2FDE0DF4A6F53A86520BD |
SHA1: | C8B79791A09324F90DA502D2986D2358EEB8E3A2 |
SHA-256: | 410A18C1D00122862B553A6D57241B498F173CFE1FEB1443CADFC307F84570C2 |
SHA-512: | 1C713DAFB875CFDFF62884A9BE642E915D80327673C714BBD43A56033E34221FF3C391F5F1D0AE725423634A580407169243CFDAACB6E2B1ACFBAA4864E4E254 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8284 |
Entropy (8bit): | 3.689632985672657 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJ+V6IQw6YHj6f8gmfT73Dpr189bZcsf06Tm:R6lXJc6IQw6YD6EgmfT73MZvfK |
MD5: | D0B4C5E0819F651EC1723EDD484E48AE |
SHA1: | 82A15AB0E5A736130C9D49E287B41C422E62E1ED |
SHA-256: | 4D1CDC06F57B6306B003390765E73AE3C9979FB6FED6FF35378C2221751B00A8 |
SHA-512: | 372133F4979E8316D4E0329767A2A8AA7444AB38A639C31F682397BB12BE5CF291361A03F16358ED8E0617A17D04BE4241D54934377819F450CC17D944562ECF |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4652 |
Entropy (8bit): | 4.455520517610147 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsjJg77aI9Z+WpW8VY9Ym8M4JCdPsFL+q8/CPGScS4d:uIjf9I7j/7VBJPDJ34d |
MD5: | CEFD9F87E167400C8E55339EF205030B |
SHA1: | 4F21027128201F904DC96C5BD7C203C6800478FB |
SHA-256: | E376499F8046B9DE87D7998E471F69C87C29BE7528DFF527E66540B94DB3356A |
SHA-512: | 5E1F5D3C86C7E116E77A3A3EA01CE45635EF839F95268D081066650F433B50445EB13C4D4A6AE0BB49DC3AF50179D0E205083391A4606802F8F6197CBC9FD2EF |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | modified |
Size (bytes): | 9728 |
Entropy (8bit): | 6.1880911690664036 |
Encrypted: | false |
SSDEEP: | 192:Yjtr1Et860Vu6tAo2j+feMnkqtDXuulsa7k0yRlm7/Pdl:AtU8Zu6K+feJCuwsL00la/Pd |
MD5: | 780D14604D49E3C634200C523DEF8351 |
SHA1: | E208EF6F421D2260070A9222F1F918F1DE0A8EEB |
SHA-256: | 844EB66A10B848D3A71A8C63C35F0A01550A46D2FF8503E2CA8947978B03B4D2 |
SHA-512: | A49C030F11DA8F0CDC4205C86BEC00653EC2F8899983CAD9D7195FD23255439291AAEC5A7E128E1A103EFD93B8566E86F15AF89EBA4EFEBF9DEBCE14A7A5564B |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.466236487843889 |
Encrypted: | false |
SSDEEP: | 6144:yIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNxdwBCswSbG:3XD94+WlLZMM6YFHT+G |
MD5: | 8B0263C086B522580FE9611E6E6DB8E2 |
SHA1: | 608A72174F3FDF77E6522C20304523194273DD75 |
SHA-256: | EE43FAE69F704EC8FDD1EE50A35DFA818577BC7872D57E13257D858977BB82E3 |
SHA-512: | C45F6ACA51C49574CB7ADBA842D88ADB999E71F5609E1833C95C80842688317715922BB8B365644B0FA4EB11A0C88C1FC9AD935CAF3DB76CAD52D3AC4688F75D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43 |
Entropy (8bit): | 2.873975431849053 |
Encrypted: | false |
SSDEEP: | 3:NNAb/Xs6Iu9v:fj6Iu9v |
MD5: | 0DFC49F33913C29D911693F804AA4B7B |
SHA1: | 4231F9731BA16E024959470640151B69AA58DF6E |
SHA-256: | 187FEF245C6F38EF8899AF96C28C1F6227AC0F86288B651B0CF938CB09A15A77 |
SHA-512: | 82A090D26D81F44A5B2356BA1EFCA91A9623772F2CB8688A59AF4C4221C3D626B5E63B952377F9ECA49A04E81AB754BF369C42F23CA587DEF0646BAE5C967852 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.978636454243838 |
TrID: |
|
File name: | dup2patcher.dll |
File size: | 845'312 bytes |
MD5: | 1e4c47cb43d537d50a60592b42345da9 |
SHA1: | 0433554c251dc75b8ba4251663aa1a3bce641306 |
SHA256: | 6f8650fa49a74fbbabb51f1cced99d11732c177ecb1049ec59ebc79b16daf1ed |
SHA512: | d6e316cf0a45f479d84ba74917407220ba9421f9edd656835487fb6ccb79f7bbf78a44e885d1f9c440cb5ac4387f3f9b943b505148efc34fd73db22f83b03288 |
SSDEEP: | 12288:dc2ldltF9jWPSOF94sd0WLOpK2AAYuoUwwZS9ss:oXF94sdzLOA2quFZSe |
TLSH: | F6050A1A2E45795FE25840310EFC8A385164BEA54E7A27B33408BD7DE7F3DE22E95B04 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........bd..............! .....n#.......u.......................u.......u.......u.......u......Rich............................PE..L.. |
Icon Hash: | 3a4d4e4b4d4dc524 |
Entrypoint: | 0x100020e0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x50D4CDC6 [Fri Dec 21 20:59:50 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 83020f15ee2bf91778ac579a3da17a47 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFC00h |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007FB49C889D7Dh |
push dword ptr [ebp+08h] |
pop dword ptr [1000D8A2h] |
jmp 00007FB49C889D78h |
cmp dword ptr [ebp+0Ch], 00000000h |
jne 00007FB49C889D72h |
mov eax, 00000001h |
leave |
retn 000Ch |
call 00007FB49C88BD8Dh |
ret |
mov eax, dword ptr [1000D8A6h] |
ret |
lea esp, dword ptr [esp+00000000h] |
lea esp, dword ptr [esp+00h] |
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
push esi |
push edi |
push ebx |
lea edi, dword ptr [ebp-10h] |
push edi |
push dword ptr [ebp+08h] |
call 00007FB49C889DC0h |
xor ebx, ebx |
jmp 00007FB49C889D95h |
jmp 00007FB49C889DA2h |
cmp byte ptr [esi], 00000018h |
jne 00007FB49C889D8Eh |
push 00000010h |
lea eax, dword ptr [esi+01h] |
push eax |
push edi |
call 00007FB49C889DF9h |
or eax, eax |
je 00007FB49C889D7Eh |
mov eax, esi |
add eax, 11h |
pop ebx |
pop edi |
pop esi |
leave |
retn 0004h |
inc ebx |
push ebx |
push dword ptr [1000D8A2h] |
call 00007FB49C8890A7h |
mov esi, eax |
or esi, esi |
jne 00007FB49C889D3Eh |
xor eax, eax |
pop ebx |
pop edi |
pop esi |
leave |
retn 0004h |
lea esp, dword ptr [esp+00000000h] |
nop |
push ebp |
mov ebp, esp |
push esi |
push edi |
push ebx |
push dword ptr [ebp+08h] |
call 00007FB49C88E877h |
mov ebx, eax |
cmp ebx, 00000000h |
jbe 00007FB49C889D9Eh |
call 00007FB49C892153h |
push ebx |
push dword ptr [ebp+08h] |
call 00007FB49C89218Ah |
call 00007FB49C8921E5h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xbe70 | 0x1a2 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb250 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x23000 | 0xc2008 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe6000 | 0x848 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xb000 | 0x244 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x984a | 0x9a00 | 630036cb54e7f57d038ff4e758d19300 | False | 0.4360541801948052 | data | 6.469679413749833 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xb000 | 0x1012 | 0x1200 | 9d9e0caf081d12bd2054b1f9f8747760 | False | 0.4123263888888889 | data | 4.894290260501196 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xd000 | 0x157b8 | 0xa00 | 80e4d51bc569aa91cd637e3c92bafcc8 | False | 0.37890625 | data | 4.928521806064837 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x23000 | 0xc2008 | 0xc2200 | e4d2f23758b25ecefe459da9623fc9f1 | False | 0.26892883733097234 | data | 5.88629001180517 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0xe6000 | 0x95a | 0xa00 | 229327a048e1470575c5f96c41498a2a | False | 0.731640625 | data | 6.124819387518312 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x23ac0 | 0x134 | data | 0.37012987012987014 | ||
RT_BITMAP | 0x23bf4 | 0x3aa | Device independent bitmap graphic, 18 x 16 x 24, image size 898, resolution 11808 x 11808 px/m | 0.6151385927505331 | ||
RT_BITMAP | 0x23fa0 | 0x3aa | Device independent bitmap graphic, 18 x 16 x 24, image size 898, resolution 11808 x 11808 px/m | 0.6876332622601279 | ||
RT_BITMAP | 0x2434c | 0x3aa | Device independent bitmap graphic, 18 x 16 x 24, image size 898, resolution 11808 x 11808 px/m | 0.6780383795309168 | ||
RT_BITMAP | 0x246f8 | 0x3aa | Device independent bitmap graphic, 18 x 16 x 24, image size 898, resolution 11808 x 11808 px/m | 0.6631130063965884 | ||
RT_BITMAP | 0x24aa4 | 0x3aa | Device independent bitmap graphic, 18 x 16 x 24, image size 898, resolution 11808 x 11808 px/m | 0.6257995735607675 | ||
RT_BITMAP | 0x24e50 | 0x3aa | Device independent bitmap graphic, 18 x 16 x 24, image size 898, resolution 11808 x 11808 px/m | 0.5895522388059702 | ||
RT_BITMAP | 0x251fc | 0x2226 | Device independent bitmap graphic, 99 x 29 x 24, image size 8702, resolution 11808 x 11808 px/m | 0.44623655913978494 | ||
RT_BITMAP | 0x27424 | 0x2226 | Device independent bitmap graphic, 99 x 29 x 24, image size 8702, resolution 11808 x 11808 px/m | 0.5518188057652711 | ||
RT_BITMAP | 0x2964c | 0x2226 | Device independent bitmap graphic, 99 x 29 x 24, image size 8702, resolution 11808 x 11808 px/m | 0.2981011210249371 | ||
RT_BITMAP | 0x2b874 | 0x2576 | Device independent bitmap graphic, 102 x 31 x 24, image size 9550, resolution 11808 x 11808 px/m | 0.49290928050052135 | ||
RT_BITMAP | 0x2ddec | 0x2576 | Device independent bitmap graphic, 102 x 31 x 24, image size 9550, resolution 11808 x 11808 px/m | 0.4760166840458811 | ||
RT_BITMAP | 0x30364 | 0x2576 | Device independent bitmap graphic, 102 x 31 x 24, image size 9550, resolution 11808 x 11808 px/m | 0.5982273201251304 | ||
RT_BITMAP | 0x328dc | 0x2576 | Device independent bitmap graphic, 102 x 31 x 24, image size 9550, resolution 11808 x 11808 px/m | 0.34254431699687177 | ||
RT_BITMAP | 0x34e54 | 0x10aa | Device independent bitmap graphic, 64 x 22 x 24, image size 4226, resolution 3779 x 3779 px/m | 0.28504453820909514 | ||
RT_BITMAP | 0x35f00 | 0x10aa | Device independent bitmap graphic, 64 x 22 x 24, image size 4226, resolution 3779 x 3779 px/m | 0.3295827473042663 | ||
RT_BITMAP | 0x36fac | 0x10aa | Device independent bitmap graphic, 64 x 22 x 24, image size 4226, resolution 3779 x 3779 px/m | 0.2222222222222222 | ||
RT_BITMAP | 0x38058 | 0x1fed6 | Device independent bitmap graphic, 270 x 161 x 24, image size 130734, resolution 2834 x 2834 px/m | 0.0772018902840014 | ||
RT_BITMAP | 0x57f30 | 0x7ec1c | Device independent bitmap graphic, 395 x 437 x 24, image size 0, resolution 2835 x 2835 px/m | 0.27483647793896715 | ||
RT_ICON | 0xd6b4c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.21265560165975103 | ||
RT_DIALOG | 0xd90f4 | 0x2ac | data | 0.5014619883040936 | ||
RT_DIALOG | 0xd93a0 | 0xd8 | dBase III DBT, next free block index 4294901761 | 0.5879629629629629 | ||
RT_DIALOG | 0xd9478 | 0xbc | data | 0.7606382978723404 | ||
RT_STRING | 0xd9534 | 0x204 | data | 0.4903100775193798 | ||
RT_STRING | 0xd9738 | 0x290 | data | 0.44359756097560976 | ||
RT_STRING | 0xd99c8 | 0x2fc | data | 0.38089005235602097 | ||
RT_STRING | 0xd9cc4 | 0xc4 | data | 0.4387755102040816 | ||
RT_RCDATA | 0xd9d88 | 0x1d0 | data | 0.6745689655172413 | ||
RT_RCDATA | 0xd9f58 | 0x490 | data | 0.10702054794520548 | ||
RT_RCDATA | 0xda3e8 | 0x100 | data | 0.46484375 | ||
RT_RCDATA | 0xda4e8 | 0x220 | data | 0.34191176470588236 | ||
RT_RCDATA | 0xda708 | 0xa0 | data | 0.575 | ||
RT_RCDATA | 0xda7a8 | 0xc0 | data | 0.84375 | ||
RT_RCDATA | 0xda868 | 0x750 | data | 0.18856837606837606 | ||
RT_RCDATA | 0xdafb8 | 0x7927 | data | 0.4366274383362889 | ||
RT_RCDATA | 0xe28e0 | 0x2605 | data | 0.657864995376554 | ||
RT_RCDATA | 0xe4ee8 | 0x30 | data | 0.3333333333333333 | ||
RT_RCDATA | 0xe4f18 | 0x8 | ISO-8859 text, with no line terminators | 1.5 | ||
RT_RCDATA | 0xe4f20 | 0x20 | data | 0.65625 | ||
RT_RCDATA | 0xe4f40 | 0xa0 | data | 0.10625 | ||
RT_GROUP_CURSOR | 0xe4fe0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_ICON | 0xe4ff4 | 0x14 | data | 1.15 |
DLL | Import |
---|---|
user32.dll | ShowWindow, SetWindowTextA, SetWindowRgn, SetWindowPos, TrackPopupMenu, SetTimer, SetFocus, SetDlgItemTextA, SetClassLongA, UpdateWindow, SetWindowLongA, SetCapture, SendMessageA, ReleaseCapture, RegisterClassExA, RedrawWindow, PtInRect, OffsetRect, MessageBoxA, LoadStringA, LoadIconA, LoadCursorA, LoadBitmapA, IsDlgButtonChecked, InvalidateRect, IntersectRect, GetWindowRect, GetWindowLongA, GetSystemMetrics, CloseClipboard, EmptyClipboard, OpenClipboard, SetClipboardData, GetClientRect, MoveWindow, GetSysColor, GetParent, GetKeyState, GetDlgItemTextA, GetDlgItem, GetDlgCtrlID, GetDC, GetCursorPos, GetCapture, GetActiveWindow, EndDialog, EnableWindow, DrawTextA, DialogBoxParamA, DefWindowProcA, CreateWindowExA, CreatePopupMenu, CheckDlgButton, CallWindowProcA, AppendMenuA |
kernel32.dll | FindFirstFileA, GetStdHandle, WriteFile, FlushFileBuffers, CompareStringA, CreateDirectoryA, GlobalAlloc, GlobalLock, GlobalUnlock, FindClose, lstrlenW, lstrlenA, lstrcpyA, lstrcmpiA, lstrcmpA, lstrcatA, WideCharToMultiByte, WaitForSingleObject, VirtualFree, VirtualAlloc, UnmapViewOfFile, CloseHandle, CopyFileA, CreateFileA, CreateFileMappingA, CreateProcessA, CreateThread, DeleteFileA, ExpandEnvironmentStringsA, FindResourceA, FreeLibrary, GetCommandLineA, GetCurrentDirectoryA, GetFileAttributesA, GetFileSize, GetFileTime, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetSystemInfo, GetTempPathA, GetVersionExA, LoadLibraryA, LoadResource, MapViewOfFile, MoveFileA, MultiByteToWideChar, RtlMoveMemory, RtlZeroMemory, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFilePointer, SetFileTime, SizeofResource, Sleep |
shell32.dll | ShellExecuteA, ShellExecuteExA |
gdi32.dll | BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, CreateFontIndirectA, CreateSolidBrush, ExtCreateRegion, GetStockObject, GetTextExtentPointA, AddFontResourceA, TextOutA, SetTextColor, SetBkMode, SetBkColor, SelectObject, RoundRect, RemoveFontResourceA |
advapi32.dll | RegSetValueExA, RegDeleteValueA, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey |
comdlg32.dll | GetOpenFileNameA, GetSaveFileNameA |
Name | Ordinal | Address |
---|---|---|
AddMsg | 1 | 0x100022c0 |
CloseFileMapping | 2 | 0x100028d8 |
CloseFileMapping_readonly | 3 | 0x100029c2 |
GetPatcherWindowHandle | 4 | 0x1000210f |
GetPluginDataMemory | 5 | 0x10002120 |
GetRegDword | 6 | 0x10006fa0 |
GetRegString | 7 | 0x10006f00 |
LoadFileMapping | 8 | 0x10002463 |
Reg_Delete_Value | 9 | 0x1000a6f0 |
SearchAndReplace | 10 | 0x10006740 |
SetRegDword | 11 | 0x1000a740 |
SetRegString | 12 | 0x1000a7a0 |
load_patcher | 13 | 0x10002109 |
write_disk_file | 14 | 0x10006d4c |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:40:15 |
Start date: | 18/03/2024 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xae0000 |
File size: | 126'464 bytes |
MD5 hash: | 51E6071F9CBA48E79F10C84515AAE618 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:40:15 |
Start date: | 18/03/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 15:40:15 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:40:15 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 15:40:15 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 15:40:16 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 15:40:16 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 15:40:18 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 15:40:21 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 15:40:24 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 15:40:24 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 14 |
Start time: | 15:40:24 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 15:40:24 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 16 |
Start time: | 15:40:24 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 17 |
Start time: | 15:40:24 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 18 |
Start time: | 15:40:24 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 19 |
Start time: | 15:40:24 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 22 |
Start time: | 15:40:25 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 23 |
Start time: | 15:40:25 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 24 |
Start time: | 15:40:25 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 25 |
Start time: | 15:40:25 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 26 |
Start time: | 15:40:25 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 27 |
Start time: | 15:40:25 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 61'440 bytes |
MD5 hash: | 889B99C52A60DD49227C5E485A016679 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 30 |
Start time: | 15:40:25 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 31 |
Start time: | 15:40:25 |
Start date: | 18/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 3.1% |
Total number of Nodes: | 1274 |
Total number of Limit Nodes: | 1 |
Graph
Function 6CD722C0 Relevance: 4.5, APIs: 3, Instructions: 29windowCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD76D14 Relevance: 3.0, APIs: 2, Instructions: 19fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD75AFE Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 36libraryloaderstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD74616 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD771E0 Relevance: 13.5, APIs: 9, Instructions: 45clipboardstringmemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD7149B Relevance: 4.5, APIs: 3, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD76CE0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD777A9 Relevance: .7, Instructions: 699COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD79762 Relevance: .7, Instructions: 651COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD79FA0 Relevance: .5, Instructions: 510COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD768D3 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD767DE Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD767F8 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD75B9C Relevance: 80.8, APIs: 42, Strings: 4, Instructions: 342stringprocessfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD72DC9 Relevance: 77.3, APIs: 34, Strings: 10, Instructions: 323windowstringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD72463 Relevance: 66.8, APIs: 33, Strings: 5, Instructions: 301stringfilewindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD71BCC Relevance: 49.2, APIs: 26, Strings: 2, Instructions: 175windowsleeplibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD7498E Relevance: 47.6, APIs: 25, Strings: 2, Instructions: 380memoryfilestringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD74126 Relevance: 47.4, APIs: 8, Strings: 19, Instructions: 133libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD716E0 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 147windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD75516 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 113stringmemoryfileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD728D8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 59filetimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD74EE6 Relevance: 21.2, APIs: 14, Instructions: 203fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD762CD Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD738CC Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 136stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD74338 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD718B0 Relevance: 18.1, APIs: 12, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD76089 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 90stringlibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD73B6F Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75sleeplibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD761BC Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49stringfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD73C60 Relevance: 13.6, APIs: 9, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD71FE3 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73librarystringloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD72313 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30stringfileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD72411 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28filestringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD73AF9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD74791 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD72CEE Relevance: 9.1, APIs: 6, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD757A2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD729EF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD740CF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 12libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD740FA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 12libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD75266 Relevance: 7.6, APIs: 5, Instructions: 138stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD76444 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD77260 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD71657 Relevance: 7.6, Strings: 6, Instructions: 55COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD72368 Relevance: 7.5, APIs: 5, Instructions: 47fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD73D1A Relevance: 7.5, APIs: 5, Instructions: 46windowmemorystringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD72AFB Relevance: 7.5, APIs: 5, Instructions: 28COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD76577 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD74735 Relevance: 6.1, APIs: 4, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD72CE7 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD76D4C Relevance: 6.0, APIs: 4, Instructions: 31fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD770B0 Relevance: 6.0, APIs: 4, Instructions: 30stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD7633F Relevance: 6.0, APIs: 4, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6CD72A7D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 8.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 90 |
Total number of Limit Nodes: | 6 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100013F3 Relevance: 3.0, APIs: 2, Instructions: 29sleepCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001134 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001414 Relevance: 1.3, APIs: 1, Instructions: 7sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001380 Relevance: 9.0, APIs: 6, Instructions: 44memorysynchronizationCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |