Windows
Analysis Report
3GNEyUm2j4.exe
Overview
General Information
Sample name: | 3GNEyUm2j4.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
Original sample name: | 416ed19e022360adc33e72f89538dbff240a37cfc153fa6499ec4316b63546a1 |
Analysis ID: | 1447774 |
MD5: | 2689116ca367a1eb71a4b6b1b84a990b |
SHA1: | 05d12a0a9de6220703bc7d2ec68c6bf869d5bf91 |
SHA256: | 416ed19e022360adc33e72f89538dbff240a37cfc153fa6499ec4316b63546a1 |
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
3GNEyUm2j4.exe (PID: 1696 cmdline:
"C:\Users\ user\Deskt op\3GNEyUm 2j4.exe" MD5: 2689116CA367A1EB71A4B6B1B84A990B)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00007FF7F0CCC1EC |
Source: | Code function: | 0_2_00007FF7F0CAAB40 |
Source: | Code function: | 0_2_00007FF7F0CAACA0 |
Source: | Code function: | 0_2_00007FF7F0CAAB40 |
Source: | Code function: | 0_2_00007FF7F0CBDE10 | |
Source: | Code function: | 0_2_00007FF7F0CBE757 |
Source: | Code function: | 0_2_00007FF7F0C991F0 | |
Source: | Code function: | 0_2_00007FF7F0CCC1EC | |
Source: | Code function: | 0_2_00007FF7F0CA9210 | |
Source: | Code function: | 0_2_00007FF7F0C841A0 | |
Source: | Code function: | 0_2_00007FF7F0CE99CC | |
Source: | Code function: | 0_2_00007FF7F0CA21C0 | |
Source: | Code function: | 0_2_00007FF7F0CA7170 | |
Source: | Code function: | 0_2_00007FF7F0CCA170 | |
Source: | Code function: | 0_2_00007FF7F0C81960 | |
Source: | Code function: | 0_2_00007FF7F0C89180 | |
Source: | Code function: | 0_2_00007FF7F0CAE920 | |
Source: | Code function: | 0_2_00007FF7F0C84120 | |
Source: | Code function: | 0_2_00007FF7F0CE393C | |
Source: | Code function: | 0_2_00007FF7F0CAFB10 | |
Source: | Code function: | 0_2_00007FF7F0CED308 | |
Source: | Code function: | 0_2_00007FF7F0C9130E | |
Source: | Code function: | 0_2_00007FF7F0C9EAD0 | |
Source: | Code function: | 0_2_00007FF7F0CDBAC4 | |
Source: | Code function: | 0_2_00007FF7F0CB3270 | |
Source: | Code function: | 0_2_00007FF7F0CCA260 | |
Source: | Code function: | 0_2_00007FF7F0CF4260 | |
Source: | Code function: | 0_2_00007FF7F0CAD290 | |
Source: | Code function: | 0_2_00007FF7F0CC4A20 | |
Source: | Code function: | 0_2_00007FF7F0CA8A40 | |
Source: | Code function: | 0_2_00007FF7F0CA7B90 | |
Source: | Code function: | 0_2_00007FF7F0CBC390 | |
Source: | Code function: | 0_2_00007FF7F0C84B40 | |
Source: | Code function: | 0_2_00007FF7F0CDE4EC | |
Source: | Code function: | 0_2_00007FF7F0CDFCF8 | |
Source: | Code function: | 0_2_00007FF7F0CC8CA0 | |
Source: | Code function: | 0_2_00007FF7F0C8245E | |
Source: | Code function: | 0_2_00007FF7F0CB2480 | |
Source: | Code function: | 0_2_00007FF7F0C99610 | |
Source: | Code function: | 0_2_00007FF7F0CBDE10 | |
Source: | Code function: | 0_2_00007FF7F0CDADD0 | |
Source: | Code function: | 0_2_00007FF7F0C9B5C0 | |
Source: | Code function: | 0_2_00007FF7F0CBC580 | |
Source: | Code function: | 0_2_00007FF7F0CC2520 | |
Source: | Code function: | 0_2_00007FF7F0CB2D20 | |
Source: | Code function: | 0_2_00007FF7F0CBAD40 | |
Source: | Code function: | 0_2_00007FF7F0CB9D40 | |
Source: | Code function: | 0_2_00007FF7F0CC76E0 | |
Source: | Code function: | 0_2_00007FF7F0CB1F10 | |
Source: | Code function: | 0_2_00007FF7F0C986B0 | |
Source: | Code function: | 0_2_00007FF7F0C90EB0 | |
Source: | Code function: | 0_2_00007FF7F0CC6EB0 | |
Source: | Code function: | 0_2_00007FF7F0C8AED0 | |
Source: | Code function: | 0_2_00007FF7F0CDDED0 | |
Source: | Code function: | 0_2_00007FF7F0CA3690 | |
Source: | Code function: | 0_2_00007FF7F0CA2E30 | |
Source: | Code function: | 0_2_00007FF7F0CBCFF0 | |
Source: | Code function: | 0_2_00007FF7F0CC8010 | |
Source: | Code function: | 0_2_00007FF7F0CB4810 | |
Source: | Code function: | 0_2_00007FF7F0CE4804 | |
Source: | Code function: | 0_2_00007FF7F0CB7FB0 | |
Source: | Code function: | 0_2_00007FF7F0CCAFB0 | |
Source: | Code function: | 0_2_00007FF7F0CD17B0 | |
Source: | Code function: | 0_2_00007FF7F0CB2FD0 | |
Source: | Code function: | 0_2_00007FF7F0CBD7C0 | |
Source: | Code function: | 0_2_00007FF7F0CDBFBC | |
Source: | Code function: | 0_2_00007FF7F0CBE757 | |
Source: | Code function: | 0_2_00007FF7F0C84F80 | |
Source: | Code function: | 0_2_00007FF7F0CC1F30 | |
Source: | Code function: | 0_2_00007FF7F0C9D080 | |
Source: | Code function: | 0_2_00007FF7F0C8E030 | |
Source: | Code function: | 0_2_00007FF7F0CB1830 |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF7F0CCAFB0 |
Source: | Static PE information: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FF7F0CCC1EC |
Source: | Code function: | 0_2_00007FF7F0CCE424 |
Source: | Code function: | 0_2_00007FF7F0CCAFB0 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FF7F0CCD9A0 | |
Source: | Code function: | 0_2_00007FF7F0CCE424 | |
Source: | Code function: | 0_2_00007FF7F0CCE608 | |
Source: | Code function: | 0_2_00007FF7F0CD40B4 |
Source: | Code function: | 0_2_00007FF7F0CF22AC | |
Source: | Code function: | 0_2_00007FF7F0CF1BC4 | |
Source: | Code function: | 0_2_00007FF7F0CE8B90 | |
Source: | Code function: | 0_2_00007FF7F0CF1C94 | |
Source: | Code function: | 0_2_00007FF7F0CCBEF0 | |
Source: | Code function: | 0_2_00007FF7F0CE87A0 | |
Source: | Code function: | 0_2_00007FF7F0CF20D0 | |
Source: | Code function: | 0_2_00007FF7F0CF1878 |
Source: | Code function: | 0_2_00007FF7F0CDF450 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Input Capture | 1 System Time Discovery | Remote Services | 1 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 12 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs | |||
9% | Virustotal | Browse |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1447774 |
Start date and time: | 2024-05-27 02:02:56 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 3GNEyUm2j4.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
Original Sample Name: | 416ed19e022360adc33e72f89538dbff240a37cfc153fa6499ec4316b63546a1 |
Detection: | MAL |
Classification: | mal48.winEXE@1/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target 3GNEyUm2j4.exe, PID 1696 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
File type: | |
Entropy (8bit): | 6.542025477611427 |
TrID: |
|
File name: | 3GNEyUm2j4.exe |
File size: | 665'600 bytes |
MD5: | 2689116ca367a1eb71a4b6b1b84a990b |
SHA1: | 05d12a0a9de6220703bc7d2ec68c6bf869d5bf91 |
SHA256: | 416ed19e022360adc33e72f89538dbff240a37cfc153fa6499ec4316b63546a1 |
SHA512: | 5e4e5d43baab4b4093bb135885e4feb40e830fe5fe7a79a4e9a01be8a3a2d9ec174fb31ccefad79673a59d57baf356e936d30a1f1bdf568784f4797e0ea54a7d |
SSDEEP: | 12288:wHK0zojp/Q/ndQJzlceT2LrVW5mPQF4YZhbDo26E864L:wHKlJQFQJz7CLrfQF4YzDj86 |
TLSH: | 86E49E87B2A404FDE077903A8897661BF775381607204BDF23E446662FA77E06E7E361 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.'...t...t...tVe.u...tVe.u?..tVe.u...t:k.u...t:k.u...t:k.u...tRj.u...tVe.u...t...th..tRj.u...tRj.t...tRj.u...tRich...t....... |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x14004e0cc |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x63FBA3DE [Sun Feb 26 18:24:30 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 601c335fb4df627f2476046a8944a0ae |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F7E8143EE64h |
dec eax |
add esp, 28h |
jmp 00007F7E8143E73Fh |
int3 |
int3 |
dec eax |
sub esp, 28h |
dec ebp |
mov eax, dword ptr [ecx+38h] |
dec eax |
mov ecx, edx |
dec ecx |
mov edx, ecx |
call 00007F7E8143E8D2h |
mov eax, 00000001h |
dec eax |
add esp, 28h |
ret |
int3 |
int3 |
int3 |
inc eax |
push ebx |
inc ebp |
mov ebx, dword ptr [eax] |
dec eax |
mov ebx, edx |
inc ecx |
and ebx, FFFFFFF8h |
dec esp |
mov ecx, ecx |
inc ecx |
test byte ptr [eax], 00000004h |
dec esp |
mov edx, ecx |
je 00007F7E8143E8D5h |
inc ecx |
mov eax, dword ptr [eax+08h] |
dec ebp |
arpl word ptr [eax+04h], dx |
neg eax |
dec esp |
add edx, ecx |
dec eax |
arpl ax, cx |
dec esp |
and edx, ecx |
dec ecx |
arpl bx, ax |
dec edx |
mov edx, dword ptr [eax+edx] |
dec eax |
mov eax, dword ptr [ebx+10h] |
mov ecx, dword ptr [eax+08h] |
dec eax |
mov eax, dword ptr [ebx+08h] |
test byte ptr [ecx+eax+03h], 0000000Fh |
je 00007F7E8143E8CDh |
movzx eax, byte ptr [ecx+eax+03h] |
and eax, FFFFFFF0h |
dec esp |
add ecx, eax |
dec esp |
xor ecx, edx |
dec ecx |
mov ecx, ecx |
pop ebx |
jmp 00007F7E8143DE2Ah |
int3 |
dec eax |
mov dword ptr [esp+10h], ebx |
dec eax |
mov dword ptr [esp+18h], esi |
push edi |
dec eax |
sub esp, 10h |
xor eax, eax |
xor ecx, ecx |
cpuid |
inc esp |
mov eax, ecx |
inc ebp |
xor ebx, ebx |
inc esp |
mov edx, edx |
inc ecx |
xor eax, 6C65746Eh |
inc ecx |
xor edx, 49656E69h |
inc esp |
mov ecx, ebx |
mov esi, eax |
xor ecx, ecx |
inc ecx |
lea eax, dword ptr [ebx+01h] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x9a744 | 0xc8 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa7000 | 0x1e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xa0000 | 0x5820 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa8000 | 0xb3c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x91010 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x91080 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x90ed0 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7b000 | 0x550 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x79928 | 0x79a00 | 88d5be280cc5205487993cf68cbd3dff | False | 0.5448455967368961 | data | 6.540004335519969 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7b000 | 0x20b76 | 0x20c00 | 03fe22a762871de2306786f7f810b5a1 | False | 0.49982108778625955 | data | 5.76658499624341 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9c000 | 0x35b4 | 0x1400 | d86fdc78b16ffa1b3552f75b18896448 | False | 0.1734375 | DOS executable (block device driver) | 2.9784599249819825 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0xa0000 | 0x5820 | 0x5a00 | 387b07162cfc0cde5459fbd156019f25 | False | 0.4748263888888889 | PEX Binary Archive | 5.79752190489588 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0xa6000 | 0x15c | 0x200 | e354c048797acfbe5f3068b395922efe | False | 0.392578125 | data | 3.3045335526458866 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xa7000 | 0x1e0 | 0x200 | 7549a2a71f9861120168bc80ee285d91 | False | 0.52734375 | data | 4.7082365148683625 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa8000 | 0xb3c | 0xc00 | 2cdaa12a6a4c21661ec97e74bbaaee4e | False | 0.4449869791666667 | data | 5.296186538350536 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0xa7060 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
KERNEL32.dll | QueryPerformanceCounter, GetModuleHandleW, WriteConsoleW, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, HeapReAlloc, DeleteFileW, ReadConsoleW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, GlobalFree, FreeLibrary, HeapAlloc, HeapFree, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, SetFilePointerEx, GetFileSizeEx, GetFileType, WriteFile, GetProcAddress, QueryPerformanceFrequency, LoadLibraryA, GlobalAlloc, MultiByteToWideChar, GetStdHandle, GetModuleFileNameW, ExitProcess, ReadFile, GetModuleHandleExW, FreeLibraryAndExitThread, ExitThread, CreateThread, RtlUnwind, LoadLibraryExW, TlsFree, TlsSetValue, GlobalUnlock, WideCharToMultiByte, GlobalLock, GetCurrentProcess, TlsGetValue, TlsAlloc, SetLastError, RaiseException, RtlPcToFileHeader, RtlUnwindEx, InitializeSListHead, GetCurrentProcessId, GetStartupInfoW, IsDebuggerPresent, CreateEventW, InitializeCriticalSectionAndSpinCount, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, LocalFree, FormatMessageA, GetLocaleInfoEx, CreateFileW, FindClose, FindFirstFileW, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, AreFileApisANSI, CloseHandle, GetLastError, GetFileInformationByHandleEx, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, GetSystemTimeAsFileTime, GetStringTypeW, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetEndOfFile |
USER32.dll | SetClipboardData, GetClipboardData, EmptyClipboard, CloseClipboard, OpenClipboard, GetCursorPos, SetCursorPos, ReleaseCapture, IsWindowUnicode, GetClientRect, SetCursor, SetCapture, LoadCursorW, GetForegroundWindow, TrackMouseEvent, ClientToScreen, GetCapture, ScreenToClient, GetKeyState, UpdateWindow, PostQuitMessage, TranslateMessage, PeekMessageW, DispatchMessageW, ShowWindow, RegisterClassExW, UnregisterClassW, CreateWindowExW, DefWindowProcW, DestroyWindow |
COMDLG32.dll | GetOpenFileNameA |
Zydis.dll | ZydisFormatterInit, ZydisCalcAbsoluteAddress, ZydisGetInstructionSegments, ZydisDecoderDecodeBuffer, ZydisDecoderInit |
dbghelp.dll | SymEnumSymbols, SymCleanup, SymLoadModuleEx, SymGetTypeInfo, SymInitialize |
IMM32.dll | ImmSetCandidateWindow, ImmSetCompositionWindow, ImmReleaseContext, ImmGetContext |
D3DCOMPILER_47.dll | D3DCompile |
d3d11.dll | D3D11CreateDeviceAndSwapChain |
asmjit.dll | ?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAII@Z, ?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@0@Z, ?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@@Z, ?reset@CodeHolder@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z, ?codeSize@CodeHolder@_abi_1_10@asmjit@@QEBA_KXZ, ??0CodeHolder@_abi_1_10@asmjit@@QEAA@PEBUTemporary@Support@12@@Z, ??1CodeHolder@_abi_1_10@asmjit@@QEAA@XZ, ?init@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVEnvironment@23@_K@Z, ?attach@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z, ??1JitRuntime@_abi_1_10@asmjit@@UEAA@XZ, ??0Assembler@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z, ??1Assembler@x86@_abi_1_10@asmjit@@UEAA@XZ, ??0JitRuntime@_abi_1_10@asmjit@@QEAA@PEBUCreateParams@JitAllocator@12@@Z |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Target ID: | 0 |
Start time: | 20:03:42 |
Start date: | 26/05/2024 |
Path: | C:\Users\user\Desktop\3GNEyUm2j4.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f0c80000 |
File size: | 665'600 bytes |
MD5 hash: | 2689116CA367A1EB71A4B6B1B84A990B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Function 00007FF7F0C8AED0 Relevance: 81.4, APIs: 39, Strings: 7, Instructions: 950COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CCA170 Relevance: 63.7, APIs: 31, Strings: 5, Instructions: 681memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CCAFB0 Relevance: 58.3, APIs: 20, Strings: 13, Instructions: 506registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C81960 Relevance: 50.1, APIs: 25, Strings: 3, Instructions: 1061COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CCA260 Relevance: 49.6, APIs: 23, Strings: 5, Instructions: 582COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CDBFBC Relevance: 47.4, APIs: 24, Strings: 2, Instructions: 1877COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C9130E Relevance: 41.3, APIs: 1, Strings: 22, Instructions: 1050COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C8245E Relevance: 35.9, APIs: 19, Strings: 1, Instructions: 933COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C90EB0 Relevance: 32.2, APIs: 1, Strings: 17, Instructions: 660COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C84F80 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 388COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CBCFF0 Relevance: 19.5, APIs: 2, Strings: 9, Instructions: 273COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CBDE10 Relevance: 16.7, APIs: 11, Instructions: 194keyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C84120 Relevance: 16.4, APIs: 6, Strings: 3, Instructions: 696COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CD17B0 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 464COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CBE757 Relevance: 15.2, APIs: 10, Instructions: 236keyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CAACA0 Relevance: 15.0, APIs: 10, Instructions: 50clipboardmemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CAAB40 Relevance: 12.1, APIs: 8, Instructions: 95clipboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C841A0 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 496COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CF1878 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CDDED0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CB7FB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 180COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C8E030 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CCBEF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CF4260 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 182COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CE8B90 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CB4810 Relevance: .9, Instructions: 880COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CAE920 Relevance: .8, Instructions: 828COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CBC580 Relevance: .6, Instructions: 607COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CA9210 Relevance: .5, Instructions: 523COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CC76E0 Relevance: .5, Instructions: 490COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CBD7C0 Relevance: .4, Instructions: 431COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CB3270 Relevance: .4, Instructions: 430COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CA21C0 Relevance: .4, Instructions: 408COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CC6EB0 Relevance: .3, Instructions: 312COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CE4804 Relevance: .3, Instructions: 309COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CB1830 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CDBAC4 Relevance: .3, Instructions: 283COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C991F0 Relevance: .3, Instructions: 282COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CA8A40 Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CB2480 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CB1F10 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CAFB10 Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CDFCF8 Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CB2FD0 Relevance: .2, Instructions: 197COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CB2D20 Relevance: .2, Instructions: 195COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CAD290 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CE393C Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CBC390 Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CBAD40 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C84B40 Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CDE4EC Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C986B0 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CCE608 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CCDD7C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C8D900 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 347COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CF48F8 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 276fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C8A780 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 368COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C867D0 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 302COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CCD648 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CE5AC4 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CE881C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C855E0 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 442COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C8E2B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 229COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CC9F70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 134COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CD3B7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CAAD70 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CF60AC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C8D490 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CEB6E4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CD1EC8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C87E10 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C908B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CD2674 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C84CE0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CF7448 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CF69B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CF3DF4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CE7AC8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0C8D7A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7F0CCF8DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|