Edit tour
Windows
Analysis Report
uCLkYbZQoA.exe
Overview
General Information
| Sample name: | uCLkYbZQoA.exerenamed because original name is a hash value |
| Original sample name: | 36cba9f836266dd47c2629af72d7fa24.exe |
| Analysis ID: | 1447638 |
| MD5: | 36cba9f836266dd47c2629af72d7fa24 |
| SHA1: | 277628e74f7f1dc7aa16412d5c476f62bab39e89 |
| SHA256: | 3ce9fcec1c68c11c4502acdd2c0f0e18c5b5593cb0dbe8ca2fd7ac42189617cc |
| Tags: | exe |
| Infos: | |
 | |
Detection
| Score: | 72 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential key logger detected (key state polling based)
Program does not show much activity (idle)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
uCLkYbZQoA.exe (PID: 7268 cmdline: "C:\Users\ user\Deskt op\uCLkYbZ QoA.exe" MD5: 36CBA9F836266DD47C2629AF72D7FA24)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_004234C0 | |
| Source: | Code function: | 0_2_0042B8A0 | |
| Source: | Code function: | 0_2_004B60FD | |
| Source: | Code function: | 0_2_00419130 | |
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Code function: | 0_2_00436A20 | |
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_0043FAE0 | |
| Source: | Code function: | 0_2_0043FAE0 | |
| Source: | Code function: | 0_2_0043FC40 | |
| Source: | Code function: | 0_2_004782B0 | |
| Source: | Code function: | 0_2_004BA7D4 | |
| Source: | Code function: | 0_2_0042BA50 | |
| Source: | Code function: | 0_2_00421760 | |
| Source: | Code function: | 0_2_004B7F51 | |
| Source: | Code function: | 0_2_0045E149 | |
| Source: | Code function: | 0_2_0042C110 | |
| Source: | Code function: | 0_2_00452120 | |
| Source: | Code function: | 0_2_004481C0 | |
| Source: | Code function: | 0_2_0045024D | |
| Source: | Code function: | 0_2_0044A2C0 | |
| Source: | Code function: | 0_2_00460290 | |
| Source: | Code function: | 0_2_0045E606 | |
| Source: | Code function: | 0_2_0043A740 | |
| Source: | Code function: | 0_2_0045A780 | |
| Source: | Code function: | 0_2_004507B2 | |
| Source: | Code function: | 0_2_0046E8E0 | |
| Source: | Code function: | 0_2_0045E8F1 | |
| Source: | Code function: | 0_2_0046A9D0 | |
| Source: | Code function: | 0_2_00470A30 | |
| Source: | Code function: | 0_2_0045EAA4 | |
| Source: | Code function: | 0_2_0046CBF0 | |
| Source: | Code function: | 0_2_0045ACC0 | |
| Source: | Code function: | 0_2_00464D4E | |
| Source: | Code function: | 0_2_00450D10 | |
| Source: | Code function: | 0_2_0045ED1E | |
| Source: | Code function: | 0_2_00456DB0 | |
| Source: | Code function: | 0_2_0046EE60 | |
| Source: | Code function: | 0_2_00424FC0 | |
| Source: | Code function: | 0_2_00464F9E | |
| Source: | Code function: | 0_2_004570C0 | |
| Source: | Code function: | 0_2_0045F150 | |
| Source: | Code function: | 0_2_004AD276 | |
| Source: | Code function: | 0_2_0045D3F0 | |
| Source: | Code function: | 0_2_0046B470 | |
| Source: | Code function: | 0_2_004574F0 | |
| Source: | Code function: | 0_2_0045F620 | |
| Source: | Code function: | 0_2_004B163D | |
| Source: | Code function: | 0_2_0044D7F0 | |
| Source: | Code function: | 0_2_0045F850 | |
| Source: | Code function: | 0_2_00423AD0 | |
| Source: | Code function: | 0_2_0044DB20 | |
| Source: | Code function: | 0_2_0045DC30 | |
| Source: | Code function: | 0_2_0045BF70 | |
| Source: | Code function: | 0_2_0042DF30 | |
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00470ED0 | |
| Source: | Code function: | 0_2_0040F400 | |
| Source: | Code function: | 0_2_004B6785 | |
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Code function: | 0_2_00422D50 | |
| Source: | Code function: | 0_2_004A505E | |
| Source: | Code function: | 0_2_004A7C56 | |
| Source: | Code function: | 0_2_00421760 | |
| Source: | Code function: | 0_2_00426B30 | |
| Source: | Code function: | 0_2_0042AF20 | |
| Source: | Code function: | 0_2_004A356F | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_004234C0 | |
| Source: | Code function: | 0_2_0042B8A0 | |
| Source: | Code function: | 0_2_004B60FD | |
| Source: | Code function: | 0_2_00419130 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00422D50 | |
| Source: | Code function: | 0_2_00449020 | |
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_004A65E0 | |
| Source: | Code function: | 0_2_004B005F | |
| Source: | Code function: | 0_2_004B7F51 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | 1 Input Capture | 2 System Time Discovery | Remote Services | 1 Screen Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | 1 Input Capture | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Archive Collected Data | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 2 Process Discovery | Distributed Component Object Model | 3 Clipboard Data | 11 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 3 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 58% | ReversingLabs | Win32.Trojan.Zusy | ||
| 65% | Virustotal | Browse | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 10% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 12% | Virustotal | Browse | ||
| 3% | Virustotal | Browse | ||
| 10% | Virustotal | Browse | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 10% | Virustotal | Browse | ||
| 15% | Virustotal | Browse | ||
| 10% | Virustotal | Browse | ||
| 16% | Virustotal | Browse |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 47.110.247.171 | unknown | China | 37963 | CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | false |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1447638 |
| Start date and time: | 2024-05-26 08:39:08 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 39s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | uCLkYbZQoA.exerenamed because original name is a hash value |
| Original Sample Name: | 36cba9f836266dd47c2629af72d7fa24.exe |
| Detection: | MAL |
| Classification: | mal72.winEXE@1/0@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.31.169.57
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com, ctldl.windowsupdate.com, arc.trafficmanager.net, 6.d.a.8.b.e.f.b.0.0.0.0.0.0.0.0.4.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, arc.msn.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
- HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
| Time | Type | Description |
|---|---|---|
| 02:39:59 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 47.110.247.171 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Metasploit | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.425515175081969 |
| TrID: |
|
| File name: | uCLkYbZQoA.exe |
| File size: | 1'056'768 bytes |
| MD5: | 36cba9f836266dd47c2629af72d7fa24 |
| SHA1: | 277628e74f7f1dc7aa16412d5c476f62bab39e89 |
| SHA256: | 3ce9fcec1c68c11c4502acdd2c0f0e18c5b5593cb0dbe8ca2fd7ac42189617cc |
| SHA512: | 02801256dd4341ee4f8ec46a363ad5271bab9db110253a1ac79dc1612b860703ab669e03b653f9f935d56c19b7c35eaa3d118e52f17ebfbdc10e115040a6b776 |
| SSDEEP: | 24576:F0MgCdHTUzZJdlevZPamfhE/Um7D1fUggepjfJ+gaELmecS:F0MgCdHTkJAUmfhtIaEJB |
| TLSH: | 1425AF01B68282F5E64A197004F66737EB3A96870B12CFD7E7A4DD385C33691E13B25E |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,...M._.M._.M._.R._.M._.R._.M._3Q._.M._.Q._.M._.R._.M._.R._.M._.M._.O._3E._.M._.k._nM._.k._.M._XR._.M._XR._.M._.M._.M._wK._.M. |
 | |
| Icon Hash: | 043b697071334422 |
| Entrypoint: | 0x4a3970 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | |
| Time Stamp: | 0x665212BC [Sat May 25 16:33:00 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | de6a340ccaab4aa62f1436825c99450b |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| push FFFFFFFFh |
| push 004D5548h |
| push 004A69F4h |
| mov eax, dword ptr fs:[00000000h] |
| push eax |
| mov dword ptr fs:[00000000h], esp |
| sub esp, 58h |
| push ebx |
| push esi |
| push edi |
| mov dword ptr [ebp-18h], esp |
| call dword ptr [004C51A0h] |
| xor edx, edx |
| mov dl, ah |
| mov dword ptr [00533E14h], edx |
| mov ecx, eax |
| and ecx, 000000FFh |
| mov dword ptr [00533E10h], ecx |
| shl ecx, 08h |
| add ecx, edx |
| mov dword ptr [00533E0Ch], ecx |
| shr eax, 10h |
| mov dword ptr [00533E08h], eax |
| push 00000001h |
| call 00007F729D30592Fh |
| pop ecx |
| test eax, eax |
| jne 00007F729D3001DAh |
| push 0000001Ch |
| call 00007F729D300298h |
| pop ecx |
| call 00007F729D30563Ah |
| test eax, eax |
| jne 00007F729D3001DAh |
| push 00000010h |
| call 00007F729D300287h |
| pop ecx |
| xor esi, esi |
| mov dword ptr [ebp-04h], esi |
| call 00007F729D305468h |
| call dword ptr [004C5364h] |
| mov dword ptr [00539064h], eax |
| call 00007F729D305326h |
| mov dword ptr [00533D80h], eax |
| call 00007F729D3050CFh |
| call 00007F729D305011h |
| call 00007F729D303676h |
| mov dword ptr [ebp-30h], esi |
| lea eax, dword ptr [ebp-5Ch] |
| push eax |
| call dword ptr [004C51E8h] |
| call 00007F729D304FA2h |
| mov dword ptr [ebp-64h], eax |
| test byte ptr [ebp-30h], 00000001h |
| je 00007F729D3001D8h |
| movzx eax, word ptr [ebp+00h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xdded8 | 0x118 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x13a000 | 0x61bc | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xc5000 | 0x7b4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xc3ee2 | 0xc4000 | e6514cb2f624df5f913e520897e6c164 | False | 0.5231883769132653 | data | 6.578377247668283 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0xc5000 | 0x1b552 | 0x1c000 | 91aac68872a5e18200263327d9bf6034 | False | 0.3055943080357143 | data | 4.641371332156871 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xe1000 | 0x5806a | 0x1a000 | 848ca09a905e3ac9849f53de0979ca13 | False | 0.326904296875 | data | 5.367706592968136 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x13a000 | 0x61bc | 0x7000 | ba0877a18db5765095f0668697aa3e05 | False | 0.26810128348214285 | data | 5.164274086382286 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x13abf4 | 0xb | ASCII text, with no line terminators | Chinese | China | 1.7272727272727273 |
| TEXTINCLUDE | 0x13ac00 | 0x16 | data | Chinese | China | 1.3636363636363635 |
| TEXTINCLUDE | 0x13ac18 | 0x151 | C source, ASCII text, with CRLF line terminators | Chinese | China | 0.6201780415430267 |
| RT_CURSOR | 0x13ad6c | 0x134 | data | Chinese | China | 0.5811688311688312 |
| RT_CURSOR | 0x13aea0 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.37662337662337664 |
| RT_CURSOR | 0x13afd4 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.4805194805194805 |
| RT_CURSOR | 0x13b108 | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | Chinese | China | 0.7 |
| RT_BITMAP | 0x13b1bc | 0x16c | Device independent bitmap graphic, 39 x 13 x 4, image size 260 | Chinese | China | 0.3598901098901099 |
| RT_BITMAP | 0x13b328 | 0x248 | Device independent bitmap graphic, 64 x 15 x 4, image size 480 | Chinese | China | 0.3407534246575342 |
| RT_BITMAP | 0x13b570 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | Chinese | China | 0.4444444444444444 |
| RT_BITMAP | 0x13b6b4 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.26453488372093026 |
| RT_BITMAP | 0x13b80c | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.2616279069767442 |
| RT_BITMAP | 0x13b964 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.2441860465116279 |
| RT_BITMAP | 0x13babc | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.24709302325581395 |
| RT_BITMAP | 0x13bc14 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.2238372093023256 |
| RT_BITMAP | 0x13bd6c | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240 | Chinese | China | 0.19476744186046513 |
| RT_BITMAP | 0x13bec4 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240 | Chinese | China | 0.20930232558139536 |
| RT_BITMAP | 0x13c01c | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240 | Chinese | China | 0.18895348837209303 |
| RT_BITMAP | 0x13c174 | 0x5e4 | Device independent bitmap graphic, 70 x 39 x 4, image size 1404 | Chinese | China | 0.34615384615384615 |
| RT_BITMAP | 0x13c758 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | Chinese | China | 0.44565217391304346 |
| RT_BITMAP | 0x13c810 | 0x16c | Device independent bitmap graphic, 39 x 13 x 4, image size 260 | Chinese | China | 0.28296703296703296 |
| RT_BITMAP | 0x13c97c | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | Chinese | China | 0.37962962962962965 |
| RT_ICON | 0x13cac0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Chinese | China | 0.26344086021505375 |
| RT_ICON | 0x13cda8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Chinese | China | 0.41216216216216217 |
| RT_ICON | 0x13ced0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | 0.18738273921200752 | ||
| RT_MENU | 0x13df78 | 0xc | data | Chinese | China | 1.5 |
| RT_MENU | 0x13df84 | 0x284 | data | Chinese | China | 0.5 |
| RT_DIALOG | 0x13e208 | 0x98 | data | Chinese | China | 0.7171052631578947 |
| RT_DIALOG | 0x13e2a0 | 0x17a | data | Chinese | China | 0.5185185185185185 |
| RT_DIALOG | 0x13e41c | 0xfa | data | Chinese | China | 0.696 |
| RT_DIALOG | 0x13e518 | 0xea | data | Chinese | China | 0.6239316239316239 |
| RT_DIALOG | 0x13e604 | 0x8ae | data | Chinese | China | 0.39603960396039606 |
| RT_DIALOG | 0x13eeb4 | 0xb2 | data | Chinese | China | 0.7359550561797753 |
| RT_DIALOG | 0x13ef68 | 0xcc | data | Chinese | China | 0.7647058823529411 |
| RT_DIALOG | 0x13f034 | 0xb2 | data | Chinese | China | 0.6629213483146067 |
| RT_DIALOG | 0x13f0e8 | 0xe2 | data | Chinese | China | 0.6637168141592921 |
| RT_DIALOG | 0x13f1cc | 0x18c | data | Chinese | China | 0.5227272727272727 |
| RT_STRING | 0x13f358 | 0x50 | data | Chinese | China | 0.85 |
| RT_STRING | 0x13f3a8 | 0x2c | data | Chinese | China | 0.5909090909090909 |
| RT_STRING | 0x13f3d4 | 0x78 | data | Chinese | China | 0.925 |
| RT_STRING | 0x13f44c | 0x1c4 | data | Chinese | China | 0.8141592920353983 |
| RT_STRING | 0x13f610 | 0x12a | data | Chinese | China | 0.5201342281879194 |
| RT_STRING | 0x13f73c | 0x146 | data | Chinese | China | 0.6288343558282209 |
| RT_STRING | 0x13f884 | 0x40 | data | Chinese | China | 0.65625 |
| RT_STRING | 0x13f8c4 | 0x64 | data | Chinese | China | 0.73 |
| RT_STRING | 0x13f928 | 0x1d8 | data | Chinese | China | 0.6758474576271186 |
| RT_STRING | 0x13fb00 | 0x114 | data | Chinese | China | 0.6376811594202898 |
| RT_STRING | 0x13fc14 | 0x24 | data | Chinese | China | 0.4444444444444444 |
| RT_GROUP_CURSOR | 0x13fc38 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.25 |
| RT_GROUP_CURSOR | 0x13fc4c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.25 |
| RT_GROUP_CURSOR | 0x13fc60 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | Chinese | China | 1.0294117647058822 |
| RT_GROUP_ICON | 0x13fc84 | 0x14 | data | 1.2 | ||
| RT_GROUP_ICON | 0x13fc98 | 0x14 | data | Chinese | China | 1.2 |
| RT_GROUP_ICON | 0x13fcac | 0x14 | data | Chinese | China | 1.25 |
| RT_VERSION | 0x13fcc0 | 0x240 | data | Chinese | China | 0.5642361111111112 |
| RT_MANIFEST | 0x13ff00 | 0x2b9 | XML 1.0 document, ASCII text, with very long lines (697), with no line terminators | 0.5279770444763271 |
| DLL | Import |
|---|---|
| WINMM.dll | midiStreamOut, midiOutPrepareHeader, waveOutWrite, waveOutPause, waveOutReset, waveOutClose, waveOutGetNumDevs, waveOutOpen, midiOutUnprepareHeader, midiStreamOpen, midiStreamProperty, midiStreamStop, midiOutReset, midiStreamClose, midiStreamRestart, waveOutUnprepareHeader, waveOutRestart, waveOutPrepareHeader |
| WS2_32.dll | socket, bind, htons, WSAAsyncSelect, closesocket, send, WSACleanup, WSAStartup, gethostbyname, inet_ntoa, inet_addr, gethostname, ntohl, recvfrom, ioctlsocket, connect, recv, listen, getpeername, accept, getsockname, __WSAFDIsSet, select, ntohs, WSAGetLastError |
| KERNEL32.dll | SetLastError, GetTimeZoneInformation, GetVersion, TerminateThread, lstrcmpiA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, FormatMessageA, CreateMutexA, ReleaseMutex, SuspendThread, UnhandledExceptionFilter, GetACP, HeapSize, ExitThread, RaiseException, GetLocalTime, GetSystemTime, RtlUnwind, GetStartupInfoA, GetOEMCP, GetCPInfo, GetProcessVersion, SetErrorMode, GlobalFlags, GetCurrentThread, GetFileTime, TlsGetValue, LocalReAlloc, TlsSetValue, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, lstrcmpA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, DuplicateHandle, lstrcpynA, FileTimeToLocalFileTime, FileTimeToSystemTime, InterlockedDecrement, InterlockedIncrement, TerminateProcess, GetCurrentProcess, GetFileSize, SetFilePointer, CreateToolhelp32Snapshot, Process32First, Process32Next, CreateSemaphoreA, ResumeThread, ReleaseSemaphore, EnterCriticalSection, LeaveCriticalSection, GetProfileStringA, WriteFile, WaitForMultipleObjects, CreateFileA, SetEvent, FindResourceA, LoadResource, LockResource, ReadFile, lstrlenW, GetModuleFileNameA, WideCharToMultiByte, MultiByteToWideChar, GetCurrentThreadId, ExitProcess, GlobalSize, GlobalFree, DeleteCriticalSection, InitializeCriticalSection, lstrcatA, lstrlenA, WinExec, lstrcpyA, FindNextFileA, GlobalReAlloc, HeapFree, InterlockedExchange, HeapReAlloc, GetProcessHeap, HeapAlloc, GetUserDefaultLCID, GetFullPathNameA, FreeLibrary, LoadLibraryA, GetLastError, GetVersionExA, WritePrivateProfileStringA, GetPrivateProfileStringA, CreateThread, CreateEventA, Sleep, GlobalAlloc, GlobalLock, GlobalUnlock, FindFirstFileA, FindClose, GetFileAttributesA, DeleteFileA, SetCurrentDirectoryA, GetVolumeInformationA, GetModuleHandleA, GetProcAddress, MulDiv, GetCommandLineA, GetTickCount, CreateProcessA, WaitForSingleObject, CloseHandle, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, SetEnvironmentVariableA, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, CompareStringA, CompareStringW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, LocalFree |
| USER32.dll | PostQuitMessage, IsZoomed, GetClassInfoA, DefWindowProcA, GetSystemMenu, DeleteMenu, GetMenu, SetMenu, PeekMessageA, IsIconic, SetFocus, GetActiveWindow, GetWindow, DestroyAcceleratorTable, CopyAcceleratorTableA, GetKeyState, TranslateAcceleratorA, IsWindowEnabled, ShowWindow, SystemParametersInfoA, LoadImageA, LoadStringA, GetMenuCheckMarkDimensions, GetMenuState, SetMenuItemBitmaps, CheckMenuItem, MoveWindow, ModifyMenuA, AppendMenuA, CreatePopupMenu, DrawIconEx, CreateIconFromResource, CreateIconFromResourceEx, RegisterClipboardFormatA, SetRectEmpty, DispatchMessageA, WindowFromPoint, DrawFocusRect, DrawEdge, DrawFrameControl, TranslateMessage, LoadIconA, UnregisterClassA, GetDesktopWindow, SetWindowRgn, GetMessagePos, ScreenToClient, ChildWindowFromPointEx, CopyRect, LoadBitmapA, WinHelpA, KillTimer, SetTimer, ReleaseCapture, GetCapture, SetCapture, GetScrollRange, SetScrollRange, SetScrollPos, SetRect, InflateRect, IntersectRect, SetWindowTextA, IsDialogMessageA, EnumDisplaySettingsA, DestroyIcon, PtInRect, OffsetRect, IsWindowVisible, EnableWindow, RedrawWindow, GetWindowLongA, SetWindowLongA, GetSysColor, SetActiveWindow, SetCursorPos, LoadCursorA, SetCursor, GetDC, FillRect, IsRectEmpty, ReleaseDC, IsChild, DestroyMenu, SetForegroundWindow, GetWindowRect, EqualRect, UpdateWindow, ValidateRect, InvalidateRect, GetClientRect, GetFocus, GetParent, GetTopWindow, PostMessageA, IsWindow, SetParent, DestroyCursor, SendMessageA, SetWindowPos, MessageBoxA, GetCursorPos, GetSystemMetrics, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, wsprintfA, WaitForInputIdle, ClientToScreen, GetClassNameA, GetDlgItem, GetWindowTextA, DrawTextA, SetWindowsHookExA, UnhookWindowsHookEx, EnumThreadWindows, GetWindowTextLengthA, EnumChildWindows, CallNextHookEx, CallWindowProcA, GetWindowDC, GetSysColorBrush, FrameRect, EnableMenuItem, GetSubMenu, GetDlgCtrlID, CreateAcceleratorTableA, ScrollWindowEx, CreateMenu, GetMessageA, CharUpperA, BeginPaint, EndPaint, TabbedTextOutA, GrayStringA, DestroyWindow, CreateDialogIndirectParamA, EndDialog, GetNextDlgTabItem, GetWindowPlacement, RegisterWindowMessageA, GetForegroundWindow, GetLastActivePopup, GetMessageTime, RemovePropA, GetPropA, SetPropA, GetClassLongA, CreateWindowExA, GetMenuItemID, GetMenuItemCount, RegisterClassA, GetScrollPos, AdjustWindowRectEx, MapWindowPoints, SendDlgItemMessageA |
| GDI32.dll | ExtSelectClipRgn, ExcludeClipRect, GetClipBox, ScaleWindowExtEx, SetWindowExtEx, SetWindowOrgEx, ScaleViewportExtEx, Ellipse, Rectangle, LPtoDP, DPtoLP, GetCurrentObject, RoundRect, Arc, GetTextExtentPoint32A, GetDeviceCaps, BeginPath, GetWindowOrgEx, GetWindowExtEx, GetDIBits, RealizePalette, SelectPalette, StretchBlt, CreatePalette, GetSystemPaletteEntries, CreateDIBitmap, DeleteObject, SelectClipRgn, CreatePolygonRgn, GetClipRgn, SetStretchBltMode, SetPixel, CreateRectRgnIndirect, SetBkColor, SetBkMode, LineTo, MoveToEx, SetTextColor, CreateEllipticRgnIndirect, GetTextMetricsA, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetROP2, SetPolyFillMode, RestoreDC, SaveDC, GetViewportExtEx, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, CreateCompatibleDC, GetPixel, BitBlt, StartPage, StartDocA, DeleteDC, EndDoc, EndPage, GetObjectA, GetStockObject, CreateFontIndirectA, CreateSolidBrush, FillRgn, CreateRectRgn, CombineRgn, PatBlt, CreatePen, SelectObject, CreateBitmap, CreateDCA, CreateCompatibleBitmap, GetPolyFillMode, GetStretchBltMode, GetROP2, GetBkColor, EndPath, GetTextColor, CreateRoundRectRgn, CreateEllipticRgn, GetViewportOrgEx, GetBkMode, PathToRegion |
| MSIMG32.dll | GradientFill |
| WINSPOOL.DRV | OpenPrinterA, DocumentPropertiesA, ClosePrinter |
| ADVAPI32.dll | RegOpenKeyExA, RegSetValueExA, RegQueryValueA, RegCreateKeyExA, RegCloseKey |
| SHELL32.dll | Shell_NotifyIconA, ShellExecuteA |
| ole32.dll | CLSIDFromProgID, OleRun, CoCreateInstance, CLSIDFromString, OleUninitialize, OleInitialize |
| OLEAUT32.dll | UnRegisterTypeLib, LoadTypeLib, LHashValOfNameSys, RegisterTypeLib, SafeArrayPutElement, SafeArrayCreate, SafeArrayDestroy, SysAllocString, VariantInit, VariantCopyInd, SafeArrayGetElement, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, VariantChangeType, VariantClear, VariantCopy |
| COMCTL32.dll | ImageList_GetIcon, ImageList_GetImageCount, ImageList_SetBkColor, _TrackMouseEvent, ImageList_Destroy, ImageList_Read, ImageList_Duplicate |
| comdlg32.dll | ChooseColorA, GetFileTitleA, GetSaveFileNameA, GetOpenFileNameA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Chinese | China |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 26, 2024 08:39:55.654582024 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:39:55.659555912 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:39:55.659648895 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:39:55.659770966 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:39:55.659806013 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:39:55.701304913 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:39:55.701319933 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:00.639497995 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:00.695543051 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:40:01.182554007 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:40:01.182554960 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:40:01.190354109 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:01.196198940 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:01.993457079 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:01.995601892 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:01.995800018 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:40:02.000853062 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:02.054856062 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:40:02.241645098 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:02.243351936 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:02.243464947 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:40:02.248493910 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:02.251183033 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:02.251250029 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:40:02.255156040 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:02.304968119 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:40:02.496406078 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:02.498560905 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:02.498801947 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:40:02.503348112 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:02.503364086 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:40:02.503424883 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:41:02.630690098 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| May 26, 2024 08:41:02.636858940 CEST | 80 | 49732 | 47.110.247.171 | 192.168.2.4 |
| May 26, 2024 08:41:02.636998892 CEST | 49732 | 80 | 192.168.2.4 | 47.110.247.171 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 26, 2024 08:40:44.938066959 CEST | 53 | 54219 | 162.159.36.2 | 192.168.2.4 |
| May 26, 2024 08:40:45.536604881 CEST | 53 | 58325 | 1.1.1.1 | 192.168.2.4 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49732 | 47.110.247.171 | 80 | 7268 | C:\Users\user\Desktop\uCLkYbZQoA.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| May 26, 2024 08:39:55.659770966 CEST | 359 | OUT | |
| May 26, 2024 08:39:55.659806013 CEST | 26 | OUT | |
| May 26, 2024 08:40:00.639497995 CEST | 373 | IN | |
| May 26, 2024 08:40:01.182554007 CEST | 359 | OUT | |
| May 26, 2024 08:40:01.182554960 CEST | 12 | OUT | |
| May 26, 2024 08:40:01.993457079 CEST | 1236 | IN | |
| May 26, 2024 08:40:01.995601892 CEST | 1236 | IN | |
| May 26, 2024 08:40:02.000853062 CEST | 448 | IN | |
| May 26, 2024 08:40:02.241645098 CEST | 1236 | IN | |
| May 26, 2024 08:40:02.243351936 CEST | 1236 | IN | |
| May 26, 2024 08:40:02.248493910 CEST | 1236 | IN | |
| May 26, 2024 08:40:02.251183033 CEST | 1236 | IN | |
| May 26, 2024 08:40:02.255156040 CEST | 896 | IN | |
| May 26, 2024 08:40:02.496406078 CEST | 1236 | IN |
| Target ID: | 0 |
| Start time: | 02:39:54 |
| Start date: | 26/05/2024 |
| Path: | C:\Users\user\Desktop\uCLkYbZQoA.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'056'768 bytes |
| MD5 hash: | 36CBA9F836266DD47C2629AF72D7FA24 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 3.8% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 17.4% |
| Total number of Nodes: | 1436 |
| Total number of Limit Nodes: | 78 |
Graph
Function 00421760 Relevance: 53.5, APIs: 29, Strings: 1, Instructions: 979windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00422D50 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 287libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00449020 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 370commemorythreadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040F400 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158comregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004234C0 Relevance: 6.1, APIs: 4, Instructions: 94fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00470ED0 Relevance: 6.1, APIs: 4, Instructions: 72processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B7F51 Relevance: 3.4, APIs: 2, Instructions: 422COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042B8A0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047A520 Relevance: 93.4, APIs: 52, Strings: 1, Instructions: 621windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B7382 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 170stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B8FAE Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00412260 Relevance: 19.9, APIs: 13, Instructions: 372COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00477A80 Relevance: 19.7, APIs: 13, Instructions: 230COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00477520 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 182stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BEE45 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00411DA0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 267windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00426670 Relevance: 13.8, APIs: 9, Instructions: 289COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00477480 Relevance: 12.0, APIs: 8, Instructions: 46threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004C0008 Relevance: 9.1, APIs: 6, Instructions: 61stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041A890 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 226windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00417640 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 207windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00426550 Relevance: 6.1, APIs: 4, Instructions: 94windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004763B0 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BA427 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27threadCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00433680 Relevance: 4.7, APIs: 3, Instructions: 203windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004226D0 Relevance: 4.6, APIs: 3, Instructions: 110windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B6CE9 Relevance: 4.5, APIs: 3, Instructions: 34COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423E70 Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B6D8F Relevance: 3.0, APIs: 2, Instructions: 44COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004758B0 Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00476B40 Relevance: 3.0, APIs: 2, Instructions: 41threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A9128 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B7943 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B7578 Relevance: 3.0, APIs: 2, Instructions: 25threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040DEC0 Relevance: 1.6, APIs: 1, Instructions: 127windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041AE20 Relevance: 1.6, APIs: 1, Instructions: 125windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040FDF1 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A5375 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042C7D0 Relevance: 1.6, APIs: 1, Instructions: 77windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E0B4 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B6EDF Relevance: 1.6, APIs: 1, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B7606 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BB120 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B6E08 Relevance: 1.5, APIs: 1, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B7156 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BAE88 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042B750 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042B850 Relevance: 1.5, APIs: 1, Instructions: 18memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00477A00 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B3BE0 Relevance: 1.5, APIs: 1, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BAF91 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B99AD Relevance: 1.5, APIs: 1, Instructions: 12COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B9A7F Relevance: 1.5, APIs: 1, Instructions: 12COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00471800 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043A740 Relevance: 89.0, APIs: 47, Strings: 3, Instructions: 1494windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044D7F0 Relevance: 32.8, Strings: 26, Instructions: 305COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042AF20 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 93libraryloaderwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00423AD0 Relevance: 18.3, APIs: 12, Instructions: 273windowthreadnetworkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00426B30 Relevance: 15.4, APIs: 10, Instructions: 430COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B6785 Relevance: 13.6, APIs: 9, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419130 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114filewindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004782B0 Relevance: 10.6, APIs: 7, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045024D Relevance: 10.5, Strings: 8, Instructions: 498COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00452120 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A356F Relevance: 6.0, APIs: 4, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045A780 Relevance: 5.5, Strings: 4, Instructions: 485COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004507B2 Relevance: 5.2, Strings: 4, Instructions: 245COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B005F Relevance: 4.7, APIs: 3, Instructions: 207timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A65E0 Relevance: 4.6, APIs: 3, Instructions: 75timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00436A20 Relevance: 3.1, APIs: 2, Instructions: 62COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00450D10 Relevance: 2.9, Strings: 2, Instructions: 445COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044DB20 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004481C0 Relevance: 2.5, APIs: 1, Instructions: 1006COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00470A30 Relevance: 1.6, Strings: 1, Instructions: 334COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0044A2C0 Relevance: .9, Instructions: 903COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00464D4E Relevance: .5, Instructions: 514COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00464F9E Relevance: .5, Instructions: 514COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046CBF0 Relevance: .5, Instructions: 503COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B163D Relevance: .4, Instructions: 417COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045F150 Relevance: .4, Instructions: 386COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045F850 Relevance: .4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046E8E0 Relevance: .4, Instructions: 379COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004570C0 Relevance: .4, Instructions: 373COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045DC30 Relevance: .4, Instructions: 364COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045E149 Relevance: .4, Instructions: 354COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045ACC0 Relevance: .4, Instructions: 352COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042C110 Relevance: .3, Instructions: 336COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045ED1E Relevance: .3, Instructions: 306COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046EE60 Relevance: .3, Instructions: 295COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004AD276 Relevance: .3, Instructions: 259COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046B470 Relevance: .2, Instructions: 229COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045F620 Relevance: .2, Instructions: 209COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045EAA4 Relevance: .2, Instructions: 187COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046A9D0 Relevance: .2, Instructions: 178COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045D3F0 Relevance: .2, Instructions: 178COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045E8F1 Relevance: .1, Instructions: 144COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045E606 Relevance: .1, Instructions: 143COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00460290 Relevance: .1, Instructions: 138COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004574F0 Relevance: .1, Instructions: 127COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00456DB0 Relevance: .1, Instructions: 109COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00479B50 Relevance: 98.4, APIs: 55, Strings: 1, Instructions: 403windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455540 Relevance: 46.0, APIs: 25, Strings: 1, Instructions: 452windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414AC0 Relevance: 40.9, APIs: 27, Instructions: 443COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00432580 Relevance: 35.4, APIs: 17, Strings: 3, Instructions: 366windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004165A0 Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 384windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00449CF0 Relevance: 31.7, APIs: 21, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004301F0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 183windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00449910 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 331threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043F1E0 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 320windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A3441 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 68libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B37BC Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 119registryclipboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00430530 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 265windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00474010 Relevance: 20.0, APIs: 13, Instructions: 460COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041D0E0 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 316windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004236C0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 310libraryregistryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419B30 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 130stringprocessCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455020 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047A0D0 Relevance: 16.6, APIs: 11, Instructions: 121COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042C8C0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B0B30 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 50libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040E590 Relevance: 15.3, APIs: 10, Instructions: 324COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040EDF0 Relevance: 15.3, APIs: 10, Instructions: 301COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042F310 Relevance: 15.3, APIs: 10, Instructions: 288COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042DBE0 Relevance: 15.2, APIs: 10, Instructions: 179COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004451A0 Relevance: 15.1, APIs: 10, Instructions: 86COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A91BE Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B9484 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041AB20 Relevance: 13.8, APIs: 9, Instructions: 278COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042D980 Relevance: 13.6, APIs: 9, Instructions: 118COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042B020 Relevance: 13.6, APIs: 9, Instructions: 85windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00436C50 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A35DA Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00452A20 Relevance: 12.2, APIs: 8, Instructions: 162COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A8B57 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047AB90 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444640 Relevance: 12.1, APIs: 8, Instructions: 77COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419A10 Relevance: 12.1, APIs: 8, Instructions: 55COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B06CB Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 241fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041CAD0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 159windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BDDC2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040C7C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97processsynchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BDB13 Relevance: 10.6, APIs: 7, Instructions: 94windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00478410 Relevance: 10.6, APIs: 7, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040EAA0 Relevance: 9.3, APIs: 6, Instructions: 265memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00429760 Relevance: 9.2, APIs: 6, Instructions: 176windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00445900 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043C200 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00431810 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BEFB4 Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00472B10 Relevance: 9.1, APIs: 6, Instructions: 80windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BD2BB Relevance: 9.1, APIs: 6, Instructions: 67COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043EED0 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004194D0 Relevance: 9.1, APIs: 6, Instructions: 54windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00478380 Relevance: 9.1, APIs: 6, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BCCC0 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BCBDA Relevance: 9.0, APIs: 6, Instructions: 46COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419D00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 169windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00471540 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B77D2 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BFA7E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BD143 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BF706 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00428000 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043106E Relevance: 7.9, APIs: 5, Instructions: 426COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043CA90 Relevance: 7.7, APIs: 5, Instructions: 229COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00475BA0 Relevance: 7.7, APIs: 5, Instructions: 211COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042ABE0 Relevance: 7.7, APIs: 5, Instructions: 196windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004120E0 Relevance: 7.6, APIs: 5, Instructions: 134windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00475730 Relevance: 7.6, APIs: 5, Instructions: 127windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00428D00 Relevance: 7.6, APIs: 5, Instructions: 104windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00424EC0 Relevance: 7.6, APIs: 5, Instructions: 92windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042AA70 Relevance: 7.6, APIs: 5, Instructions: 90COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B346F Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004134F0 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040F7F0 Relevance: 7.6, APIs: 5, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00475920 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00419450 Relevance: 7.6, APIs: 5, Instructions: 56windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A8EAC Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00471180 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 182windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00430950 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00445AD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00471C90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BCB65 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A66BC Relevance: 6.5, APIs: 5, Instructions: 278COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004AD56C Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040F839 Relevance: 6.3, APIs: 4, Instructions: 251COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00435B20 Relevance: 6.2, APIs: 4, Instructions: 246COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00432E20 Relevance: 6.2, APIs: 4, Instructions: 181COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004AF020 Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00433C30 Relevance: 6.2, APIs: 4, Instructions: 169windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00447BB0 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00412F50 Relevance: 6.1, APIs: 4, Instructions: 144windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004AEE30 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00416E40 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043F920 Relevance: 6.1, APIs: 4, Instructions: 108windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00453CE0 Relevance: 6.1, APIs: 4, Instructions: 100windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00473070 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041CFD0 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A3970 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454590 Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041D8F0 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00414010 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004759E0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00476310 Relevance: 6.1, APIs: 4, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00411650 Relevance: 6.1, APIs: 4, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00472BE0 Relevance: 6.1, APIs: 4, Instructions: 62windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0041F820 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444BA0 Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B5D5C Relevance: 6.1, APIs: 4, Instructions: 52COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B4445 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00477960 Relevance: 6.0, APIs: 4, Instructions: 50memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B8711 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B878A Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B298B Relevance: 6.0, APIs: 4, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B8E79 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BC007 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00475AC0 Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00444520 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BCC4F Relevance: 6.0, APIs: 4, Instructions: 29stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00418500 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B20DD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00471710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00471900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004752F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00471C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BF0BA Relevance: 5.1, APIs: 4, Instructions: 62COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004AD0CA Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BFE97 Relevance: 5.0, APIs: 4, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004AB7BB Relevance: 5.0, APIs: 4, Instructions: 12COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|