Edit tour
Windows
Analysis Report
microPHAZIR_5.4.0.135-windows-installer.exe
Overview
General Information
| Sample name: | microPHAZIR_5.4.0.135-windows-installer.exe |
| Analysis ID: | 1447782 |
| MD5: | fca4f3c56e1762703d00881bc8c4b6ce |
| SHA1: | 1f123ffd0e807ed6b26838e6baffb06c57c3f582 |
| SHA256: | 12a114e8f0f20fdf0c4924f3539ed6f9a88aad4758b4511662c10e90cbbf37b8 |
| Infos: | |
 | |
Detection
| Score: | 36 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 0% |
Signatures
Antivirus detection for URL or domain
Contains functionality for read data from the clipboard
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
microPHAZIR_5.4.0.135-windows-installer.exe (PID: 7640 cmdline: "C:\Users\ user\Deskt op\microPH AZIR_5.4.0 .135-windo ws-install er.exe" MD5: FCA4F3C56E1762703D00881BC8C4B6CE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | URL Reputation: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_004D8E1C | |
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 0_2_0047433C | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_00394D28 | |
| Source: | Code function: | 0_2_003E4BC4 | |
| Source: | Code function: | 0_2_003A0060 | |
| Source: | Code function: | 0_2_003BC178 | |
| Source: | Code function: | 0_2_0042047C | |
| Source: | Code function: | 0_2_00538784 | |
| Source: | Code function: | 0_2_004C8910 | |
| Source: | Code function: | 0_2_004B4928 | |
| Source: | Code function: | 0_2_004C0A84 | |
| Source: | Code function: | 0_2_004E8BB0 | |
| Source: | Code function: | 0_2_004B8E60 | |
| Source: | Code function: | 0_2_00418E98 | |
| Source: | Code function: | 0_2_004BD178 | |
| Source: | Code function: | 0_2_003E5164 | |
| Source: | Code function: | 0_2_00496CC5 | |
| Source: | Code function: | 0_2_003C5458 | |
| Source: | Code function: | 0_2_00531518 | |
| Source: | Code function: | 0_2_004C163C | |
| Source: | Code function: | 0_2_00485720 | |
| Source: | Code function: | 0_2_0053573C | |
| Source: | Code function: | 0_2_004C973C | |
| Source: | Code function: | 0_2_004F17E4 | |
| Source: | Code function: | 0_2_00449874 | |
| Source: | Code function: | 0_2_00539AC4 | |
| Source: | Code function: | 0_2_00421A98 | |
| Source: | Code function: | 0_2_00409B74 | |
| Source: | Code function: | 0_2_004C9CAC | |
| Source: | Code function: | 0_2_004CDD3C | |
| Source: | Code function: | 0_2_00531DCC | |
| Source: | Code function: | 0_2_00535E48 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_003CDAAC | |
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_003789E4 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0046CC83 | |
| Source: | Code function: | 0_2_0046CDBA | |
| Source: | Code function: | 0_2_00458E02 | |
| Source: | Code function: | 0_2_00458E0F | |
| Source: | Code function: | 0_2_004D77C2 | |
| Source: | Code function: | 0_2_003C83D7 | |
| Source: | Code function: | 0_2_003E4372 | |
| Source: | Code function: | 0_2_004D84C1 | |
| Source: | Code function: | 0_2_00528431 | |
| Source: | Code function: | 0_2_0046C88B | |
| Source: | Code function: | 0_2_003DC854 | |
| Source: | Code function: | 0_2_00474CB5 | |
| Source: | Code function: | 0_2_004DD22C | |
| Source: | Code function: | 0_2_004DD2A8 | |
| Source: | Code function: | 0_2_003DD658 | |
| Source: | Code function: | 0_2_003DD9DD | |
| Source: | Code function: | 0_2_00379B88 | |
| Source: | Code function: | 0_2_003D1C87 | |
| Source: | Code function: | 0_2_00475F76 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 0_2_004D83A8 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00378408 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Code function: | 0_2_004D8E1C | |
| Source: | Code function: | 0_2_0049EC00 | |
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-83179 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_003789E4 | |
| Source: | Code function: | 0_2_00470168 | |
| Source: | Code function: | 0_2_00361000 | |
| Source: | Code function: | 0_2_00394390 | |
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_0046C2C0 | |
| Source: | Code function: | 0_2_003D4198 | |
| Source: | Code function: | 0_2_00474644 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | 11 Input Capture | 11 System Time Discovery | Remote Services | 11 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 2 Obfuscated Files or Information | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 33 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | URL Reputation | malware | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| true |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1447782 |
| Start date and time: | 2024-05-27 02:48:33 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 0s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | microPHAZIR_5.4.0.135-windows-installer.exe |
| Detection: | SUS |
| Classification: | sus36.winEXE@1/29@0/0 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
| Time | Type | Description |
|---|---|---|
| 20:49:27 | API Interceptor |
⊘No context
⊘No context
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1D5F.tmp | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Babadeda | Browse | |||
| Get hash | malicious | Babadeda, Vidar | Browse | |||
| Get hash | malicious | Babadeda, Vidar | Browse | |||
| Get hash | malicious | Babadeda | Browse | |||
| C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1D20.tmp | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 270 |
| Entropy (8bit): | 6.717335914223344 |
| Encrypted: | false |
| SSDEEP: | 6:6v/lhPahm7LyIKTVCMHYiadykFWFETyPbx0/TbGZHtVp:6v/7dyIKT4MHYianWFcyj6Ut7 |
| MD5: | 0C9DE7257B7EE7379BAAAF1BDDD14932 |
| SHA1: | 029542B54CF11999C097A43BE246DA556BD5545E |
| SHA-256: | A84004F3B828D76474FD2099421606FBDAFC3BD368BFA75A418D7371AE9CA054 |
| SHA-512: | F29C23622E7526392297380DEDB0BC2E61246455C51DADABEE077AE18CFEFD194C2FA2A9744E6D0E3136AEB7107DE7037EC0760299C760FE45CC1196480E01FB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 214 |
| Entropy (8bit): | 6.321269906051765 |
| Encrypted: | false |
| SSDEEP: | 6:6v/lhPahmGz2gfZf8x5f9ajjrqmL19d+oMZNbp:6v/7szBQf9ajjrqm59dFMv1 |
| MD5: | 3F405C02903E08A83E14226289E9ABF3 |
| SHA1: | 596F4CB37A4A5D2629693A4F6A4F98555245E124 |
| SHA-256: | B9DF657E61647E06983DB4864213277FAA4BD7E5621755874EB4A7568712232F |
| SHA-512: | 40FDF6B1C740DB35EB47791826221EFDF7D962A23FE751C3F0BD0D023FEFB959449AD46D5B5C3BEC24377CA5ED2939F17264180534ECF92DD3C9166149814019 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 74138 |
| Entropy (8bit): | 7.993130768869208 |
| Encrypted: | true |
| SSDEEP: | 1536:8C3RVnDOnAnnfr/n1asp7TMwbAzPtH2vCLe0LpDmrB/Of:8C3RUn2j/gsp7TMCAzPtH2vCLek3 |
| MD5: | 72209439BF95DBD15E133C0240F6CA87 |
| SHA1: | 3BDE6093B65C70CC755C6F58F3D52DCCC039B5BB |
| SHA-256: | 431146803BE14A86488227A08C457783D9B1649A0D10E9BBEE286EFBBA04889D |
| SHA-512: | B0BBFCC3E7FC4E0B7BECD2728AD93090ACA070D78E3CEAAB09B2A5976DBE76F02CE4A6291E1D8358387BFD06C334A1FC11AEF4306C09796DA37DDC23DD308495 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5247 |
| Entropy (8bit): | 7.938595101530738 |
| Encrypted: | false |
| SSDEEP: | 96:dfye/lhgXs2SsrixKTTryHjXrs3bojZKUXEcENawWF/XOD:d3fks2axKXyXw3boEgS |
| MD5: | 023869ABDE485B660B6C1E7B4FF96644 |
| SHA1: | 36EB18CE45FE4651328405A2156FE92ED3A21C42 |
| SHA-256: | DC15CAD7FBF3667AB33F0B07FC5F08B778009389A0DDBEC4C52B31BB4F3E51E6 |
| SHA-512: | 916C1E10A9B1B38D3C9848428ABB4912398637313B46A53B0A7F13E0065D35C7D145E0A5D26D48F971252E58060EDF23EB315A71B9E9627C1F88FCFE6C5B4CE6 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 847 |
| Entropy (8bit): | 7.644219330444528 |
| Encrypted: | false |
| SSDEEP: | 24:2q9dbueKJexMQaSXTt7xS3cMqke1UOgyQ:2q9dbu+7Z7g3cMnZN |
| MD5: | 73C2B582D5A8861DD8E7DC75CF91AEF9 |
| SHA1: | 203FDCDD747CC187A3D108119F46C5575172B630 |
| SHA-256: | 9CC4F7C9F01BC56BABB9A4AD7C13CC382391B84F1E8454AF32BDC6375B9514AD |
| SHA-512: | 0580C316AA6DD633F66815189C923957B556B04DE50E985D52046C0472432401B0CA338D1059DF5AEC125B8C3C3ACEFD3A9AB8B10EBDF2289189F0F6DC6BD752 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 721 |
| Entropy (8bit): | 7.49760654355309 |
| Encrypted: | false |
| SSDEEP: | 12:6v/7iYHtJ9fB96qMazUQWM6/kYX4MbUN/14b0LOP5iSWHTqaftMQt/vxfo8c:2NPf/qZhM6/rbSS+OxiSWNfTFvc |
| MD5: | CEBC342673CC5E217888E0E2B044C36E |
| SHA1: | A442CD21CF79B81BDA1E34417001AAD3B9962F10 |
| SHA-256: | 4766392D05255CFCCA82D9A6DD5CDDC5ADED6EE0B937C1CF28CB2A48935BFBAC |
| SHA-512: | DC53B86C8BB2597DFD0E5FEFA14B106E5C81F41B25D0AA0F1FD39E4BA59EF9F76356F48750DA5075D9E1C54FDB43DCBDBF61B9C055755ECC9EEC059D6C093B55 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1033 |
| Entropy (8bit): | 7.698477323002819 |
| Encrypted: | false |
| SSDEEP: | 24:2IR9HRj4pSIXuua2K5phWNkKsw06UBnuMehb5pk1c7:2I3uTuuWxWNi1EFl |
| MD5: | FFD20724A28CD8A5A60D4D25CFD02C1B |
| SHA1: | E535223FA5CEB762CB45FD8A0832AAE38537D940 |
| SHA-256: | A329CC9374484B61477797BF6D2435F26EEB1EA372301C893441260E6E0E120F |
| SHA-512: | BE57EBDC948D4416B7A9A2ACB34C162B717329BE4BD8A5E48CDDD95858D524A1F5980C6C059380D099A5136DD100749B46AA663C600A2618EB3C42B9FF4D2DAE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1055 |
| Entropy (8bit): | 7.738070756089916 |
| Encrypted: | false |
| SSDEEP: | 24:2kyK4gNHEo+Ko2xc7UZ6DReOv8wujMsMJyeKn708/yEObG027:2PaHE3B2xcoZeRe+8fjMsIyb7qCj |
| MD5: | 764B5A5CE7ACFA5FC2BFE24FAC69943B |
| SHA1: | E046BE09BBFB2B29F198CEBF782CB92821B95353 |
| SHA-256: | 21A072DDCA6B172848B1707E533625249F6DF53C79F2969D0DA6AB40113D414E |
| SHA-512: | 7D527D419CD400300929060DAE346FAB4AC851B1E5EBECAFA054D4DE1DF7DBCDA12C8577B22FF61749C5D79589275D8FEBC76BD18AF3034A9D7BA78D3587ABD8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\open_directory-16px.png
Download File
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 603 |
| Entropy (8bit): | 7.528183753908817 |
| Encrypted: | false |
| SSDEEP: | 12:6v/7+8Tpys/scSs5XAcB3XTPho1eih40QS4GnihAJCFTV:Z8Tpy+Ss6cB3W1eih4R+gFJ |
| MD5: | CB7FC2C78B9403F999A4A050C2110BED |
| SHA1: | 43CB3469A2B48448DFB56CF08FEA90BDFFD5CA1C |
| SHA-256: | A7FE76AD71E8884D3D5CB37A34EA29030D0890CF2E2FEC84CE46AE5C2884428E |
| SHA-512: | 6CE564D0BEFC5FAE8DBE225D8CC1520920B4C0CF098BA70C86D3A5491E82E5D4547EF247ACB0066142A5C5293F4D9F70A72E5105267157908434E51D3730DED1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\open_directory-16px_disabled.png
Download File
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 626 |
| Entropy (8bit): | 7.4544612269881405 |
| Encrypted: | false |
| SSDEEP: | 12:6v/72L6CGtUk37vZtBNoa5qOwQr2zluYSrOvk4sfQ82EUJuZTu4r7ijPq7:RL6tjf5EQyzndsoEUuZT+O7 |
| MD5: | 1AD7F4E14ED0020A785EC44DB1704026 |
| SHA1: | C82FA818E6F1041BBCBB8C6F938663511DFFA6C6 |
| SHA-256: | 0C527247D1314056B8CA0E984C52E0BABD74F7E05543FCEE8EE0038A778001FF |
| SHA-512: | 86F7C8109F4BBE997113CF5666C13E043C74D4B3214F1702760B9677A3CFCC11471C26F961E32E77956A42D200E6BC86E2054782F34BF8298B96B88F0AD50476 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\open_directory-16px_selected.png
Download File
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 694 |
| Entropy (8bit): | 7.623892941734491 |
| Encrypted: | false |
| SSDEEP: | 12:6v/72L6CGdYgaxy07uGbT7n9jWY2zZjKi/VSqw9N5m1wPTnL6acsjij2LkVAoDwz:RL6dYgaU07uGbH9jt2BPBwruInL6aja8 |
| MD5: | 1890CA99E2D148C17238514110371870 |
| SHA1: | 4F3B1C8EC4B7E33CBC48A7AF4753978E166F2002 |
| SHA-256: | EA12F9DB396D416DB16940A4503C3334DBB04CD7FFD8E7988E1AD811EFE7E279 |
| SHA-512: | 63722E113D84ABD610438C6123AA826D7D9309DF9CFB55C44A8C7C3AAD3E028FFD0826053235EA730EEF0855C3BCA2638CDCD514520F0ECD0329F11FDDED6C30 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\open_project-16px.png
Download File
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 7.063027623097092 |
| Encrypted: | false |
| SSDEEP: | 6:6v/lhPahmEEZThHjmsfEodJSdJ0VGI9swOz1svlXqTsX8OYrBzkUjI6OwxaTp:6v/76ExxjmYS5bzaXqTsI+CI5D |
| MD5: | 1E3B8D8CA1447C069A9501C04B38539F |
| SHA1: | 9930DCA41D2A6D3B28C800A0CF66F6E0DB18DC22 |
| SHA-256: | F57832DB993A00E1583FAE40E1D638FCC44AC6B4CA4627FB27D8246CBF8CC57C |
| SHA-512: | 8B60C40F7915759B1CA47616E42CF01FCE094E42B9FBFDDE1C46D4B81C86D371692CAF461164FA8201FBAB9DB838DEE08E97C139BFD4B26A6D2521A66651DCAE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\open_project-16px_disabled.png
Download File
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 401 |
| Entropy (8bit): | 7.119673694664037 |
| Encrypted: | false |
| SSDEEP: | 12:6v/72L6CG0qjt95LeKtz992EerdUKZp+/Fo:RL6Pj7tX2EeZrZpao |
| MD5: | F98D1562A4D33166A9FF729FCFD0642A |
| SHA1: | 69526287A0F328195D5A0E2F2E8AA0C8BB27B8CC |
| SHA-256: | 9F06FB2D6124DDE3D0F0AB75CEEBCDAECC81F6C55CD9847B4FA10FD1C08547CE |
| SHA-512: | 253837C18A636EE025FA2DA7C0A3DD947A81944EBBDA6A9BBA51EA0B1F462262DE90F5FBD86C8CD48B68C823DFB1C451DA9B87871F8592AB0FBDB3778FC2A5C5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\open_project-16px_selected.png
Download File
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 428 |
| Entropy (8bit): | 7.322197065931019 |
| Encrypted: | false |
| SSDEEP: | 12:6v/72L6CG7akHIfNTku3uyEZADU08g4WerVHmE:RL67ufNYYNDX4WAVGE |
| MD5: | 5D60A0F5A76C53633FC551478CCEB564 |
| SHA1: | 6A9406205C5AF62752E34231BBB2D9D8D20B3A83 |
| SHA-256: | 8B70336D96C7382B272E74A9A0F346DA08D4C05836AC46E314E50145908FE4E5 |
| SHA-512: | 66048CAA004E7F939C23D114E1D202EA4393B2E1CF20BE71CCB464403C4221E7D1A09D46A8A5132EEB24C92CB435861BA1FDDC8FEC6C38E37F5AD0B8B7E874F9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10976 |
| Entropy (8bit): | 7.978159308398723 |
| Encrypted: | false |
| SSDEEP: | 192:MBI2c8R6tM8kuofBvIuRf3lJ4753Esb93j7hQ+mkpkoM9bg4NW:Me2cDDr2vfLJIfb93jlnvWY |
| MD5: | D91275826128D10EAE91FED6CDED3C93 |
| SHA1: | 4F43C37475211F052032DE33705D88369E2C863E |
| SHA-256: | 176406FBF6662CB95C513026331F27E71756913E0D866172D293DF8096EA60BF |
| SHA-512: | 27557A14F528CF7EDDF6348E4115AA933C0C1E7D3EE36DFB8AC4544FFECB3208ED9A02210BA6FFF97E6C57CED5AAFDE86F472EFE419EE4207A1C838D2BD85799 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 654 |
| Entropy (8bit): | 7.364096840660294 |
| Encrypted: | false |
| SSDEEP: | 12:6v/7Ly27alZjGRU2utzGcDu5rLE1GOmXj5DT78xK9YMTfETuyjCswLp/DFDEVfN:egZjGHiD4g4VDT7D5LECyjCjp/RAV |
| MD5: | AB47FF2F11149DC3054E0EEC130DA697 |
| SHA1: | 68E687D321DAF4728353141E3F02A852D75046A0 |
| SHA-256: | D78B891FEA51A5FF9C0852CE082605C94E05A019ACE8056ECAF90C561EC0FAE3 |
| SHA-512: | D9805A27C73719EE11B914F2A6AB2666F70953FD7A6C5AF5690E45D4E7E6DE66192EA22CB92A1C03729D9BACD4E2A320D9CB5A34F5523FA0A9FD2FE28693AF93 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5247 |
| Entropy (8bit): | 7.938595101530738 |
| Encrypted: | false |
| SSDEEP: | 96:dfye/lhgXs2SsrixKTTryHjXrs3bojZKUXEcENawWF/XOD:d3fks2axKXyXw3boEgS |
| MD5: | 023869ABDE485B660B6C1E7B4FF96644 |
| SHA1: | 36EB18CE45FE4651328405A2156FE92ED3A21C42 |
| SHA-256: | DC15CAD7FBF3667AB33F0B07FC5F08B778009389A0DDBEC4C52B31BB4F3E51E6 |
| SHA-512: | 916C1E10A9B1B38D3C9848428ABB4912398637313B46A53B0A7F13E0065D35C7D145E0A5D26D48F971252E58060EDF23EB315A71B9E9627C1F88FCFE6C5B4CE6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8476 |
| Entropy (8bit): | 7.964465594234627 |
| Encrypted: | false |
| SSDEEP: | 192:bErN0MSss9d0t5EUvd5M1X+9TGrApJTv5mt6a:bu09s42bv/YBwZra |
| MD5: | 0A8D4CF54EEF0FB6C4FAAF36DA45550A |
| SHA1: | 0FD063D6AF68810A358E16D88C9428DF2DC070FE |
| SHA-256: | E8C90BFA75F9041BD35A3AC58B1F1394AFC75AF314D0B4F5AE5AD145F3F99DD1 |
| SHA-512: | 008AF1030BFF7789C2B7382C2726564D847DE84DA70E1E171AF2ECF0686933BDE89D24E62404237AC626EA537EE24709EC05DA7E33233A99D35DE290DFED9BBB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44252 |
| Entropy (8bit): | 5.164819922701245 |
| Encrypted: | false |
| SSDEEP: | 768:NkyXtmrxg+/7sL3p6ikKz2CsO3ewOiyJRfg/JQefSk2Hf:VXtqs7pOwFsRo/JQefSkGf |
| MD5: | 680365C3A3EA99A7B10CC9E23CEF1EDD |
| SHA1: | 5DE3F7B829323292E60585E5490E95D9510574D2 |
| SHA-256: | A0E0ED16AE5F37D864BCCD7B61B5795CD26782AB38E3AD963CA30BFBDAC95364 |
| SHA-512: | CF4C18AF2DB49A4B70C7E79F9E0FC2A3B9B796C012C45C7F2B10F73685C8091694B234109F8C75CF5450CBA193802B942638E8ED70357FC1EEB8B35666FA03D6 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295492 |
| Entropy (8bit): | 6.638029569450762 |
| Encrypted: | false |
| SSDEEP: | 6144:yfmgpf/EQmPK6Yrzp2FaujGwkvmriOPNyh:af/ENPK/Fq8vJqNyh |
| MD5: | 122A3741699FB5C0950273245C9DEA15 |
| SHA1: | 811F9149E3310A8E6521DA156F92F3AAAB012145 |
| SHA-256: | F675EBA3B22E0A2238EC4961D99DE3BACCA0AB553AB26EECB49800A12A9371AB |
| SHA-512: | 567C480F70FDC78769AE45BF83B6632F7AB380EBEB00689028D39FF03840C8B778149A3FAFE1DAB2AC77A1FD17A23B09F58774B1C5E791BFD33B99528225ECCC |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 36633 |
| Entropy (8bit): | 5.172153856265245 |
| Encrypted: | false |
| SSDEEP: | 384:i760QouLg/TgeoyZQ82FXRivC4yPTyNeOnEOqjLtKjIUZuVnrufvS0QOwOP2H:pxR1u9CpKVZuFBNOeH |
| MD5: | 08AD4CD2A940379F1DCDBDB9884A1375 |
| SHA1: | C302B7589BA4F05C6429E7F89AD0CB84DD9DFBAC |
| SHA-256: | 78827E2B1EF0AAD4F8B1B42D0964064819AA22BFCD537EBAACB30D817EDC06D8 |
| SHA-512: | F37BD071994C31B361090A149999E8B2D4A7839F19EA63E1D4563AADA1371BE37F2BFCC474E24DE95FF77CA4124A39580C9F711E2FBE54265713AB76F631835A |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 124037 |
| Entropy (8bit): | 5.994714381873262 |
| Encrypted: | false |
| SSDEEP: | 1536:VISmH83Fqr7AZOZZjgKb1j2omuU4WnA8AnNh/dPQlN:2Z83Mr7AZOZ19Sn+h/GlN |
| MD5: | 8A34FA3D595165111A9C79F7C21080B4 |
| SHA1: | D7303C9D6EE9DDEE780AC28E9D83A1EF4F77DB8D |
| SHA-256: | A60879833BFE406793B4E5875B93429B658625630D752169AA93A3C151997428 |
| SHA-512: | 5A1C0A88EC41251F6AB1DB8D1AB1CE86F24BA185987546456C396CF97D5CCFA2F9D7D750783F012B6EB0ADB5CF49F18270FB7585DE88B5B02A25093E61AE28C7 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 545280 |
| Entropy (8bit): | 6.562285454420235 |
| Encrypted: | false |
| SSDEEP: | 12288:Qw1Hlm6R2DcKd8wux3cb6PejVKpcPY03bKMhAy:Qwx06AwKd8wux3cb6PejVKpcPYSXh3 |
| MD5: | A6F7A08B0676F0564A51B5C47973E635 |
| SHA1: | D56F5F9E2580B81717317DA6582DA9D379426D5B |
| SHA-256: | 5DD27E845AF9333AD7B907A37AB3D239B75BE6CCC1F51EF4B21E59B037CE778C |
| SHA-512: | 1101813034DB327AF1C16D069A4DFA91AB97EE8188F9ED1A6DA9D25558866E7E9AF59102E58127E64441D3E4A768B2AD788FD0E5A16DB994A14637BFBADE2954 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 73728 |
| Entropy (8bit): | 5.514830994343325 |
| Encrypted: | false |
| SSDEEP: | 768:bC4uF9R4GHnSiWo3xRFTo5THDMOBPw6s//vABzvBcdWlNK2nPpjCesWjcdgMLsZt:bCHQ5HDMK2ADBcd5esWjcdA1jQ5J |
| MD5: | C04970B55BCF614F24CA75B1DE641AE2 |
| SHA1: | 52B182CAEF513ED1C36F28EB45CEDB257FA8CE40 |
| SHA-256: | 5DDEE4AAB3CF33E505F52199D64809125B26DE04FB9970CA589CD8619C859D80 |
| SHA-512: | A5F2660E336BF74A1936FB2E1C724220D862632907F5FD690B365009AC3E1BF35FA6689071F3DA4049E495F340FF83F8438B79079EF1F248B9DCAEDBDD5D3E40 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 14350 |
| Entropy (8bit): | 5.05865404841638 |
| Encrypted: | false |
| SSDEEP: | 192:shpT8Xnjr0fmsyWM/br9LiM37+EN77RPwvJZNx:shF8f0fmsyrFYEN7pmJ9 |
| MD5: | BD9E34F243594918C5F08EBFF1516819 |
| SHA1: | 8746AC537712548CCEC433A44228346E82F10D12 |
| SHA-256: | 4D37DD420003AFB8B5284AF4E4C613DFD7E6E3E314FFF51E570AFF298A5DEB87 |
| SHA-512: | 98F2B7A6F5D724A6C8746FFA4D5FDD6B939BF67727D4BA331FAAEC327B7B6B466113CEF9AF74F34F065FF3FF758AFE45F04532069B21BBCBEFB9406D18F87D18 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 14848 |
| Entropy (8bit): | 5.308233229877457 |
| Encrypted: | false |
| SSDEEP: | 192:vLBvanDsGzcSu8M6fB+8yTzSJvwZ6Slp2sWOq9+moFelNtflD9Ndk:DBvCDsGzcSDMc+D6FxWR8wF6NP9k |
| MD5: | D74AADD701BFACC474C431ACAB7B9265 |
| SHA1: | 8A2B424D1F949430DDC1FADDEE3E9CCB79C95DE2 |
| SHA-256: | F1029F5CCA3DABFEFFE2C9DB6AD84A9FF0F64F5B2FB85CB6AB348740F756E07D |
| SHA-512: | 0EF85E311FB4843997FD5F87F0A2EEC9715E26EAE76BFB7BB701D8C043720AEAF7F4825D25187BF35E0A9F00DEF15ED071120128805445F1330C07C3E0EA5CED |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 76346 |
| Entropy (8bit): | 5.7696675612871084 |
| Encrypted: | false |
| SSDEEP: | 768:f5eCnPrwdD7+HgVqoQKJ03cu9F/HTTuDNV3ILkjVSWTn1ytIddmV1TQW/2Y:f5eCMFqHgV1J03cu99HGRCS1yt73Qk |
| MD5: | 924B90C3D9E645DFAD53F61EA4E91942 |
| SHA1: | 65D397199FF191E5078095036E49F08376F9AE4E |
| SHA-256: | 41788435F245133EC5511111E2C5D52F7515E359876180067E0B5BA85C729322 |
| SHA-512: | 76833708828C8F3FAD941ABEEA158317AFF98CF0691B5D5DFA4BCA15279CDAD1CC23A771258E4DE41CF12A58F7033A3EE08B0B5EB834D22BE568EA98B183CCD9 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 104775 |
| Entropy (8bit): | 5.920298181303241 |
| Encrypted: | false |
| SSDEEP: | 768:Hk2/NvkWxqoSZdelQBWFunEmdvo0p7ikHHDC8G1nMbmh2wRU3WMxdFtySA7JiexP:HvNsVoBtQv/p7LHDC8G1e3ndFtbANiC |
| MD5: | E1F1AF67E45D6009779A3E73D14BF27F |
| SHA1: | EA28A3B3ABCCB3C6EF03439FD46F5EA2F980F99B |
| SHA-256: | BAAD1FC5D9A16EB5226943C2A8B1571581C45DA7AA00C1D0A5D12F2040CDABD7 |
| SHA-512: | CCB501B69BA65396DC7C1BB5077DCD0FEEA1E297C188E5B82160CAB971242599F8A49357C4309D264E705E95E98709B98D31944C4E95F695035E87BC67896EB7 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 13338112 |
| Entropy (8bit): | 6.6858669080532245 |
| Encrypted: | false |
| SSDEEP: | 196608:1AqDcrkKq7gvvTS2Ax5kwHhJB5tuw/J8aQ8EpfoJsv6tWKFdu9CAfDW:kxXSNBJcaQfmJsv6tWKFdu9CkD |
| MD5: | D8696EDA108B46265A24A12CA0B51FDC |
| SHA1: | AA034ED2D3827596B44E4E60062015B49FB2358E |
| SHA-256: | C76E81E945168C1F3CD5DFFCA4066506764368E273B45560884C82AC4C884975 |
| SHA-512: | 00CE41DBAAB145075E037B6995B58F7D7D7C8E26437AB57EC569B327239C3CBE3BC285FFB6192000134DA6C539E05E8A1F524BBE44E5C170B0EBAA8829B7EAD4 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.954326346083004 |
| TrID: |
|
| File name: | microPHAZIR_5.4.0.135-windows-installer.exe |
| File size: | 29'187'584 bytes |
| MD5: | fca4f3c56e1762703d00881bc8c4b6ce |
| SHA1: | 1f123ffd0e807ed6b26838e6baffb06c57c3f582 |
| SHA256: | 12a114e8f0f20fdf0c4924f3539ed6f9a88aad4758b4511662c10e90cbbf37b8 |
| SHA512: | b45259fc31dd217541a3a779925c4496e88898db0b2805ed64a755b8456c55b7e14338258a78876c37c5334ff08e8ac8aa38ed8e0dd79a09c0ce045cc47277ad |
| SSDEEP: | 786432:jbQHniddMj+s6k4YVFBzlK9f7tb0CXSwY4+9cG:nyiddwBLVFtlUf7tb08+9cG |
| TLSH: | 69572358FF8754F5EE139535865BE23F8B34AA048014FEA6EF093F89FD336622419216 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Hp5_......................,..............0....@..........................0-.....9.....@... .......................(.n.. |
 | |
| Icon Hash: | 4f6545094c65772b |
| Entrypoint: | 0x4012a0 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH |
| Time Stamp: | 0x5F357048 [Thu Aug 13 16:54:32 2020 UTC] |
| TLS Callbacks: | 0x5d48c0, 0x5d4870 |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f3de104ab04ca2d874306d1847be46db |
| Signature Valid: | true |
| Signature Issuer: | CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US |
| Signature Validation Error: | The operation completed successfully |
| Error Number: | 0 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | A6B4712409CF543B078F4EDBE1A66744 |
| Thumbprint SHA-1: | AC4C4C66863A87974FE78DF90EE7D34749C25EF0 |
| Thumbprint SHA-256: | 2853C15B803AE0F4135D09A5F2CE4388D261B579BD4911A1C8AC2D612E8957D6 |
| Serial: | 01B9F11DC6C9034D69F3B45F721269B1 |
| Instruction |
|---|
| sub esp, 1Ch |
| mov dword ptr [esp], 00000002h |
| call dword ptr [0068EE14h] |
| call 00007F7744DC2900h |
| lea esi, dword ptr [esi+00h] |
| lea edi, dword ptr [edi+00000000h] |
| mov eax, dword ptr [0068EE70h] |
| jmp eax |
| mov esi, esi |
| lea edi, dword ptr [edi+00000000h] |
| mov eax, dword ptr [0068EE38h] |
| jmp eax |
| nop |
| nop |
| nop |
| nop |
| nop |
| nop |
| nop |
| nop |
| nop |
| push ebp |
| mov ebp, esp |
| sub esp, 18h |
| mov dword ptr [esp], 005F8000h |
| call 00007F7744F9C3D3h |
| push edx |
| test eax, eax |
| je 00007F7744DC2C17h |
| mov dword ptr [esp+04h], 005F8013h |
| mov dword ptr [esp], eax |
| call 00007F7744F9C3C6h |
| sub esp, 08h |
| test eax, eax |
| je 00007F7744DC2BC3h |
| mov dword ptr [esp+04h], 0068B008h |
| mov dword ptr [esp], 0063B0B8h |
| call eax |
| mov ecx, dword ptr [005F7788h] |
| test ecx, ecx |
| je 00007F7744DC2BE3h |
| mov dword ptr [esp], 005F8029h |
| call 00007F7744F9C390h |
| push edx |
| test eax, eax |
| je 00007F7744DC2BDCh |
| mov dword ptr [esp+04h], 005F8037h |
| mov dword ptr [esp], eax |
| call 00007F7744F9C383h |
| sub esp, 08h |
| test eax, eax |
| je 00007F7744DC2BBBh |
| mov dword ptr [esp], 005F7788h |
| call eax |
| leave |
| ret |
| mov eax, 005D906Ch |
| jmp 00007F7744DC2B59h |
| nop |
| mov eax, 00000000h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x28d000 | 0x6e | .edata |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x28e000 | 0x3c6c | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x294000 | 0x2aa90 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1bd4118 | 0x1ce8 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2bf000 | 0x139c0 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x293000 | 0x18 | .tls |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x28e9bc | 0x8a4 | .idata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x1e1c04 | 0x1e1e00 | 34052a9c5bb9175ba4d312f2b28efcd5 | False | 0.4722554920557717 | data | 6.14816964861621 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x1e3000 | 0x1478c | 0x14800 | fc7245022e469bdc64511cdbfdcb5a47 | False | 0.2959341653963415 | data | 3.619083776715985 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rdata | 0x1f8000 | 0x42b00 | 0x42c00 | e24261d4cffb73a0d3cc3a1b3694488c | False | 0.37740300210674155 | data | 5.837879457090782 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ |
| .eh_fram | 0x23b000 | 0x4f198 | 0x4f200 | 6c615af355bec853d9701ce4a60da66d | False | 0.2749709962480253 | data | 5.064306410204433 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ |
| .bss | 0x28b000 | 0x1bc8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .edata | 0x28d000 | 0x6e | 0x200 | 3e86108dc16870fa1448524fe6777585 | False | 0.19140625 | data | 1.3500502843388464 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ |
| .idata | 0x28e000 | 0x3c6c | 0x3e00 | c9610aa7b4a923ead87944ac3fbc3af6 | False | 0.34255292338709675 | data | 5.567091863212877 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .CRT | 0x292000 | 0x18 | 0x200 | 8f4ee44f67e940e06d9abaa0e9adcde1 | False | 0.04296875 | data | 0.11446338125913882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0x293000 | 0x20 | 0x200 | 8672d88a3cf8bbfee7a7a9e0d9f19175 | False | 0.05078125 | data | 0.2311581448570176 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x294000 | 0x2aa90 | 0x2ac00 | 1ea3a3faa6f46a1bd3e3444c15a54418 | False | 0.2666700932017544 | data | 3.724868771347981 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .reloc | 0x2bf000 | 0x139c0 | 0x13a00 | f10b72bad977d5e6441edee7a7440279 | False | 0.5751268909235668 | data | 6.620440208478497 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x296660 | 0x134 | data | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0x296794 | 0x134 | data | English | United States | 0.3961038961038961 |
| RT_CURSOR | 0x2968c8 | 0x134 | data | English | United States | 0.2694805194805195 |
| RT_CURSOR | 0x2969fc | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | English | United States | 0.24675324675324675 |
| RT_CURSOR | 0x296b30 | 0x134 | data | English | United States | 0.25 |
| RT_CURSOR | 0x296c64 | 0x134 | data | English | United States | 0.2694805194805195 |
| RT_CURSOR | 0x296d98 | 0x134 | data | English | United States | 0.32142857142857145 |
| RT_CURSOR | 0x296ecc | 0x134 | data | English | United States | 0.3246753246753247 |
| RT_CURSOR | 0x297000 | 0x134 | data | English | United States | 0.30844155844155846 |
| RT_CURSOR | 0x297134 | 0x134 | data | English | United States | 0.19480519480519481 |
| RT_CURSOR | 0x297268 | 0x134 | data | English | United States | 0.2694805194805195 |
| RT_CURSOR | 0x29739c | 0x134 | data | English | United States | 0.2857142857142857 |
| RT_CURSOR | 0x2974d0 | 0x134 | data | English | United States | 0.3344155844155844 |
| RT_CURSOR | 0x297604 | 0x134 | data | English | United States | 0.45454545454545453 |
| RT_CURSOR | 0x297738 | 0x134 | data | English | United States | 0.3181818181818182 |
| RT_CURSOR | 0x29786c | 0x134 | data | English | United States | 0.2077922077922078 |
| RT_CURSOR | 0x2979a0 | 0x134 | data | English | United States | 0.39935064935064934 |
| RT_CURSOR | 0x297ad4 | 0x134 | data | English | United States | 0.17857142857142858 |
| RT_CURSOR | 0x297c08 | 0x134 | data | English | United States | 0.37012987012987014 |
| RT_CURSOR | 0x297d3c | 0x134 | data | English | United States | 0.22402597402597402 |
| RT_CURSOR | 0x297e70 | 0x134 | data | English | United States | 0.21428571428571427 |
| RT_CURSOR | 0x297fa4 | 0x134 | data | English | United States | 0.33766233766233766 |
| RT_CURSOR | 0x2980d8 | 0x134 | data | English | United States | 0.37987012987012986 |
| RT_CURSOR | 0x29820c | 0x134 | data | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0x298340 | 0x134 | data | English | United States | 0.3409090909090909 |
| RT_CURSOR | 0x298474 | 0x134 | data | English | United States | 0.4090909090909091 |
| RT_CURSOR | 0x2985a8 | 0x134 | data | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0x2986dc | 0x134 | data | English | United States | 0.3181818181818182 |
| RT_CURSOR | 0x298810 | 0x134 | data | English | United States | 0.4155844155844156 |
| RT_CURSOR | 0x298944 | 0x134 | data | English | United States | 0.38311688311688313 |
| RT_CURSOR | 0x298a78 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.44155844155844154 |
| RT_CURSOR | 0x298bac | 0x134 | data | English | United States | 0.41233766233766234 |
| RT_CURSOR | 0x298ce0 | 0x134 | data | English | United States | 0.21428571428571427 |
| RT_CURSOR | 0x298e14 | 0x134 | data | English | United States | 0.3116883116883117 |
| RT_CURSOR | 0x298f48 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.33766233766233766 |
| RT_CURSOR | 0x29907c | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.3051948051948052 |
| RT_CURSOR | 0x2991b0 | 0x134 | data | English | United States | 0.19480519480519481 |
| RT_CURSOR | 0x2992e4 | 0x134 | data | English | United States | 0.21428571428571427 |
| RT_CURSOR | 0x299418 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.19480519480519481 |
| RT_CURSOR | 0x29954c | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.19155844155844157 |
| RT_CURSOR | 0x299680 | 0x134 | data | English | United States | 0.4383116883116883 |
| RT_CURSOR | 0x2997b4 | 0x134 | data | English | United States | 0.21428571428571427 |
| RT_CURSOR | 0x2998e8 | 0x134 | data | English | United States | 0.33766233766233766 |
| RT_CURSOR | 0x299a1c | 0x134 | data | English | United States | 0.37987012987012986 |
| RT_CURSOR | 0x299b50 | 0x134 | data | English | United States | 0.4318181818181818 |
| RT_CURSOR | 0x299c84 | 0x134 | data | English | United States | 0.18506493506493507 |
| RT_CURSOR | 0x299db8 | 0x134 | data | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0x299eec | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.35064935064935066 |
| RT_CURSOR | 0x29a020 | 0x134 | data | English | United States | 0.2922077922077922 |
| RT_CURSOR | 0x29a154 | 0x134 | data | English | United States | 0.19480519480519481 |
| RT_CURSOR | 0x29a288 | 0x134 | data | English | United States | 0.19805194805194806 |
| RT_CURSOR | 0x29a3bc | 0x134 | data | English | United States | 0.2824675324675325 |
| RT_CURSOR | 0x29a4f0 | 0x134 | data | English | United States | 0.32142857142857145 |
| RT_CURSOR | 0x29a624 | 0x134 | data | English | United States | 0.262987012987013 |
| RT_CURSOR | 0x29a758 | 0x134 | data | English | United States | 0.288961038961039 |
| RT_CURSOR | 0x29a88c | 0x134 | data | English | United States | 0.2435064935064935 |
| RT_CURSOR | 0x29a9c0 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.2435064935064935 |
| RT_CURSOR | 0x29aaf4 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.24675324675324675 |
| RT_CURSOR | 0x29ac28 | 0x134 | data | English | United States | 0.3116883116883117 |
| RT_CURSOR | 0x29ad5c | 0x134 | data | English | United States | 0.36038961038961037 |
| RT_CURSOR | 0x29ae90 | 0x134 | data | English | United States | 0.32792207792207795 |
| RT_CURSOR | 0x29afc4 | 0x134 | data | English | United States | 0.37337662337662336 |
| RT_CURSOR | 0x29b0f8 | 0x134 | data | English | United States | 0.2597402597402597 |
| RT_CURSOR | 0x29b22c | 0x134 | data | English | United States | 0.4512987012987013 |
| RT_CURSOR | 0x29b360 | 0x134 | data | English | United States | 0.36688311688311687 |
| RT_CURSOR | 0x29b494 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.18831168831168832 |
| RT_CURSOR | 0x29b5c8 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38311688311688313 |
| RT_CURSOR | 0x29b6fc | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.3181818181818182 |
| RT_CURSOR | 0x29b830 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.32142857142857145 |
| RT_CURSOR | 0x29b964 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.30194805194805197 |
| RT_CURSOR | 0x29ba98 | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | English | United States | 0.19480519480519481 |
| RT_CURSOR | 0x29bbcc | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | English | United States | 0.3409090909090909 |
| RT_CURSOR | 0x29bd00 | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | English | United States | 0.18831168831168832 |
| RT_CURSOR | 0x29be34 | 0x134 | data | English | United States | 0.3246753246753247 |
| RT_CURSOR | 0x29bf68 | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | English | United States | 0.18831168831168832 |
| RT_CURSOR | 0x29c09c | 0x134 | data | English | United States | 0.288961038961039 |
| RT_CURSOR | 0x29c1d0 | 0x134 | data | English | United States | 0.24025974025974026 |
| RT_CURSOR | 0x29c304 | 0x134 | data | English | United States | 0.12012987012987013 |
| RT_BITMAP | 0x29c438 | 0x340 | Device independent bitmap graphic, 52 x 26 x 4, image size 728 | English | United States | 0.40625 |
| RT_ICON | 0x29c778 | 0x58b0 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9941420014094433 |
| RT_ICON | 0x2a2028 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 0 | English | United States | 0.12464572508266415 |
| RT_ICON | 0x2a6250 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.20062240663900416 |
| RT_ICON | 0x2a87f8 | 0x1eb6 | PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced | English | United States | 0.9994912236072246 |
| RT_ICON | 0x2aa6ae | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.3027673545966229 |
| RT_ICON | 0x2ab756 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | English | United States | 0.364344262295082 |
| RT_ICON | 0x2ac0de | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.38222543352601157 |
| RT_DIALOG | 0x2ac646 | 0x23a | data | English | United States | 0.5421052631578948 |
| RT_GROUP_CURSOR | 0x2ac880 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
| RT_GROUP_CURSOR | 0x2ac894 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac8a8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac8bc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac8d0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac8e4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac8f8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac90c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac920 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac934 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac948 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac95c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac970 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac984 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac998 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac9ac | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac9c0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac9d4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac9e8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ac9fc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2aca10 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2aca24 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2aca38 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2aca4c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2aca60 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2aca74 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2aca88 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2aca9c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acab0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acac4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acad8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
| RT_GROUP_CURSOR | 0x2acaec | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acb00 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acb14 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acb28 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acb3c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acb50 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acb64 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acb78 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acb8c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acba0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acbb4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acbc8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acbdc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acbf0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acc04 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acc18 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acc2c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acc40 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acc54 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acc68 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acc7c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acc90 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acca4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2accb8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acccc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acce0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2accf4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acd08 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acd1c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acd30 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acd44 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acd58 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acd6c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
| RT_GROUP_CURSOR | 0x2acd80 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acd94 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acda8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acdbc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acdd0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acde4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2acdf8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ace0c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ace20 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ace34 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ace48 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ace5c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x2ace70 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
| RT_GROUP_CURSOR | 0x2ace84 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_ICON | 0x2ace98 | 0x68 | data | English | United States | 0.7884615384615384 |
| RT_VERSION | 0x2acf00 | 0x2b0 | data | English | United States | 0.48255813953488375 |
| RT_MANIFEST | 0x2ad1b0 | 0x770 | XML 1.0 document, ASCII text | English | United States | 0.3860294117647059 |
| DLL | Import |
|---|---|
| ADVAPI32.DLL | GetSecurityDescriptorOwner, GetSidIdentifierAuthority, GetUserNameA, GetUserNameW, RegCloseKey, RegOpenKeyExA, RegQueryValueExA |
| COMCTL32.DLL | InitCommonControlsEx |
| COMDLG32.DLL | ChooseColorA, CommDlgExtendedError, GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, GetSaveFileNameW |
| GDI32.dll | Arc, BitBlt, Chord, CombineRgn, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, CreateDIBSection, CreateDIBitmap, CreateFontIndirectA, CreateFontIndirectW, CreatePalette, CreatePatternBrush, CreatePen, CreateRectRgn, CreateRectRgnIndirect, CreateSolidBrush, DPtoLP, DeleteDC, DeleteObject, EnumFontFamiliesA, EnumFontFamiliesW, ExtCreatePen, ExtTextOutA, GetBkMode, GetCharWidthA, GetCharWidthW, GetDIBits, GetDeviceCaps, GetFontData, GetMapMode, GetNearestColor, GetNearestPaletteIndex, GetObjectA, GetPaletteEntries, GetPixel, GetRgnBox, GetStockObject, GetTextCharset, GetTextExtentPoint32A, GetTextExtentPoint32W, GetTextExtentPointA, GetTextFaceA, GetTextFaceW, GetTextMetricsA, OffsetClipRgn, PatBlt, Pie, Polygon, Polyline, RealizePalette, RectInRegion, Rectangle, ResizePalette, SelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetBrushOrgEx, SetMapMode, SetPaletteEntries, SetPolyFillMode, SetROP2, SetRectRgn, SetTextAlign, SetTextColor, StretchDIBits, TextOutA, TextOutW, TranslateCharsetInfo, UpdateColors |
| IMM32.DLL | ImmGetCompositionStringA, ImmGetCompositionStringW, ImmGetContext, ImmReleaseContext, ImmSetCompositionWindow |
| KERNEL32.dll | BuildCommDCBA, BuildCommDCBW, ClearCommError, CloseHandle, CopyFileA, CopyFileW, CreateDirectoryA, CreateDirectoryW, CreateEventA, CreateFileA, CreateFileMappingA, CreateFileW, CreatePipe, CreateProcessA, CreateProcessW, CreateSemaphoreA, CreateThread, DeleteCriticalSection, DeleteFileA, DeleteFileW, DeviceIoControl, DuplicateHandle, EnterCriticalSection, EscapeCommFunction, ExitProcess, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FlushFileBuffers, FormatMessageA, FreeLibrary, GetACP, GetCommModemStatus, GetCommState, GetCommandLineA, GetComputerNameA, GetComputerNameW, GetConsoleCP, GetConsoleMode, GetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetEnvironmentVariableW, GetExitCodeProcess, GetExitCodeThread, GetFileAttributesA, GetFileAttributesW, GetFileInformationByHandle, GetFileType, GetFullPathNameA, GetFullPathNameW, GetLastError, GetLocaleInfoA, GetLogicalDriveStringsA, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetOverlappedResult, GetPrivateProfileStringA, GetProcAddress, GetProcessHeap, GetShortPathNameA, GetShortPathNameW, GetStartupInfoA, GetStdHandle, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempFileNameA, GetTempFileNameW, GetTempPathA, GetTempPathW, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GetVolumeInformationA, GetVolumeInformationW, GetWindowsDirectoryA, GetWindowsDirectoryW, GlobalAlloc, GlobalLock, GlobalUnlock, HeapAlloc, HeapFree, InitializeCriticalSection, InterlockedDecrement, InterlockedIncrement, IsDBCSLeadByte, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadResource, LocalFree, LockResource, MapViewOfFile, MoveFileA, MoveFileW, MulDiv, MultiByteToWideChar, OutputDebugStringA, PeekConsoleInputA, PeekNamedPipe, PurgeComm, QueryPerformanceCounter, QueryPerformanceFrequency, ReadConsoleA, ReadConsoleW, ReadFile, ReleaseSemaphore, RemoveDirectoryA, RemoveDirectoryW, ResetEvent, SearchPathA, SearchPathW, SetCommState, SetCommTimeouts, SetConsoleMode, SetCurrentDirectoryA, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetErrorMode, SetEvent, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetHandleInformation, SetLastError, SetThreadPriority, SetUnhandledExceptionFilter, SetupComm, Sleep, TerminateThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnmapViewOfFile, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WriteConsoleA, WriteConsoleW, WriteFile, lstrcpyA, lstrcpyW, lstrcpynA, lstrlenA, lstrlenW |
| msvcrt.dll | _ftime, _getpid, _hypot, _isatty, _putenv, _strdup, _stricmp, _strnicmp, _timezone, _tzset, _write |
| msvcrt.dll | __getmainargs, __mb_cur_max, __p___argc, __p___argv, __p__environ, __p__fmode, __set_app_type, _beginthreadex, _cexit, _endthreadex, _errno, _fdopen, _get_osfhandle, _iob, _isctype, _onexit, _open, _pctype, _setmode, _stricmp, _strnicmp, _strtoi64, _wcsicmp, _wopen, abort, acos, asin, atan, atan2, atexit, atoi, calloc, ceil, cos, cosh, ctime, exit, exp, fclose, fflush, floor, fmod, fprintf, fputc, fputs, fread, free, frexp, fseek, ftell, fwrite, getenv, gmtime, isalnum, ldexp, localtime, log, log10, malloc, memcmp, memcpy, memmove, memset, mktime, modf, pow, printf, puts, qsort, realloc, setlocale, signal, sin, sinh, sprintf, sqrt, sscanf, strcat, strchr, strcmp, strcpy, strcspn, strerror, strlen, strncmp, strncpy, strpbrk, strrchr, strspn, strstr, strtod, strtol, strtoul, swprintf, tan, tanh, time, tolower, toupper, vfprintf, vsprintf, wcschr, wcscmp, wcscpy, wcslen, wcsncmp, wcsncpy |
| OLE32.dll | CreateBindCtx, CreateFileMoniker, GetRunningObjectTable |
| OLEAUT32.DLL | CreateErrorInfo, SetErrorInfo, SysAllocString, SysFreeString, VariantChangeType, VariantClear, VariantInit |
| SHELL32.DLL | SHBrowseForFolderA, SHBrowseForFolderW, SHGetDesktopFolder, SHGetMalloc, SHGetPathFromIDListA, SHGetPathFromIDListW |
| USER32.dll | AdjustWindowRectEx, BeginPaint, CallNextHookEx, CallWindowProcA, CallWindowProcW, CharLowerA, CharLowerW, ClientToScreen, CloseClipboard, CreateCaret, CreateIconFromResource, CreateIconIndirect, CreateMenu, CreatePopupMenu, CreateWindowExA, CreateWindowExW, DefWindowProcA, DefWindowProcW, DestroyCaret, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageA, DrawEdge, DrawFocusRect, DrawFrameControl, DrawMenuBar, EmptyClipboard, EnableWindow, EndPaint, EnumWindows, FillRect, GetAsyncKeyState, GetCapture, GetClassLongA, GetClientRect, GetClipboardData, GetClipboardOwner, GetCursorPos, GetDC, GetDesktopWindow, GetFocus, GetForegroundWindow, GetKeyState, GetKeyboardLayout, GetMenuCheckMarkDimensions, GetMenuItemCount, GetMessageA, GetMessagePos, GetParent, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextW, InsertMenuA, InsertMenuW, InvalidateRect, IsClipboardFormatAvailable, IsIconic, IsWindow, IsWindowVisible, IsZoomed, KillTimer, LoadBitmapA, LoadCursorA, LoadCursorFromFileA, LoadIconA, MapVirtualKeyA, MessageBeep, MessageBoxA, MessageBoxW, MoveWindow, MsgWaitForMultipleObjectsEx, OpenClipboard, PeekMessageA, PostMessageA, PostQuitMessage, RegisterClassA, RegisterClassExA, RegisterClassW, ReleaseCapture, ReleaseDC, RemoveMenu, ScreenToClient, ScrollWindowEx, SendInput, SendMessageA, SendMessageW, SetActiveWindow, SetCapture, SetCaretPos, SetClassLongA, SetClipboardData, SetCursor, SetCursorPos, SetFocus, SetForegroundWindow, SetMenu, SetParent, SetScrollInfo, SetTimer, SetWindowLongA, SetWindowLongW, SetWindowPos, SetWindowTextA, SetWindowTextW, SetWindowsHookExA, ShowWindow, SystemParametersInfoA, ToAscii, TrackPopupMenu, TranslateMessage, UnhookWindowsHookEx, UnregisterClassA, UpdateWindow, VkKeyScanA, WaitForInputIdle, WindowFromPoint, wsprintfA, wsprintfW |
| WS2_32.dll | WSAAsyncSelect, WSACleanup, WSAGetLastError, WSAStartup, accept, bind, closesocket, connect, gethostbyaddr, gethostbyname, gethostname, getpeername, getservbyname, getsockname, getsockopt, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohs, recv, select, send, setsockopt, socket |
| Name | Ordinal | Address |
|---|---|---|
| TclKit_AppInit | 1 | 0x402e34 |
| TclKit_SetKitPath | 2 | 0x403234 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 20:49:23 |
| Start date: | 26/05/2024 |
| Path: | C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x360000 |
| File size: | 29'187'584 bytes |
| MD5 hash: | FCA4F3C56E1762703D00881BC8C4B6CE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 2.7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 7.6% |
| Total number of Nodes: | 1164 |
| Total number of Limit Nodes: | 122 |
Graph
Function 003789E4 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 133libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00361000 Relevance: 22.6, APIs: 15, Instructions: 143COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004D8E1C Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 477fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00470168 Relevance: 5.3, APIs: 4, Instructions: 284COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0049EC00 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0037A1A8 Relevance: 58.3, APIs: 28, Strings: 5, Instructions: 562windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004D883C Relevance: 36.2, APIs: 24, Instructions: 224COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0037CFDC Relevance: 32.1, APIs: 12, Strings: 6, Instructions: 615windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004326F8 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 114windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E3AB0 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 416windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040985C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 103windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046FBC8 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 246fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004AEF3C Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 141stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046CAD0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 127windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004D73EC Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 304stringfileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004D64C0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 117libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046F4D8 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004DB768 Relevance: 7.6, APIs: 5, Instructions: 106fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0051E244 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 209stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0050C702 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D1D50 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046F698 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046F73C Relevance: 6.0, APIs: 4, Instructions: 36fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003DCC94 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046F1BC Relevance: 4.5, APIs: 3, Instructions: 46COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00458DDC Relevance: 4.5, APIs: 3, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00378D30 Relevance: 3.2, APIs: 2, Instructions: 171COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E6A50 Relevance: 3.1, APIs: 2, Instructions: 90COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004D9E74 Relevance: 3.1, APIs: 2, Instructions: 62COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004D6EC0 Relevance: 3.0, APIs: 2, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003DBF60 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004DAAC4 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046D0B0 Relevance: 2.7, APIs: 2, Instructions: 193COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046D3D0 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0037A118 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003DBEA0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E6BE8 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0049E16C Relevance: 1.4, APIs: 1, Instructions: 170COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046CCA0 Relevance: 1.3, APIs: 1, Instructions: 97sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053BD30 Relevance: 1.3, APIs: 1, Instructions: 94COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00515EC8 Relevance: 1.3, APIs: 1, Instructions: 75COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00515FAC Relevance: 1.3, APIs: 1, Instructions: 57COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053E134 Relevance: 1.3, APIs: 1, Instructions: 32COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004D83A8 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 184libraryloaderstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E5164 Relevance: 27.2, APIs: 14, Strings: 1, Instructions: 969windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00474644 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 174networkwindowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003BC178 Relevance: 19.8, Strings: 15, Instructions: 1057COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003CDAAC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 135windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00394390 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C2C0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 109stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00496CC5 Relevance: 10.1, Strings: 7, Instructions: 1328COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00485720 Relevance: 7.5, Strings: 4, Instructions: 2483COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00538784 Relevance: 6.5, APIs: 4, Instructions: 473COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00421A98 Relevance: 4.3, Strings: 3, Instructions: 529COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B4928 Relevance: 2.9, Strings: 2, Instructions: 381COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042047C Relevance: 2.5, Strings: 1, Instructions: 1250COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004BD178 Relevance: 2.0, Strings: 1, Instructions: 794COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053573C Relevance: 1.8, APIs: 1, Instructions: 335COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004E8BB0 Relevance: 1.5, APIs: 1, Instructions: 283COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004C0A84 Relevance: .8, Instructions: 764COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A0060 Relevance: .7, Instructions: 723COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00531518 Relevance: .6, Instructions: 573COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004C8910 Relevance: .5, Instructions: 526COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004C9CAC Relevance: .4, Instructions: 428COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004C163C Relevance: .4, Instructions: 383COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004C973C Relevance: .4, Instructions: 361COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00539AC4 Relevance: .1, Instructions: 127COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003DD460 Relevance: 72.1, APIs: 39, Strings: 2, Instructions: 347windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004DD82C Relevance: 40.4, APIs: 15, Strings: 8, Instructions: 158threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0047527C Relevance: 38.8, APIs: 15, Strings: 7, Instructions: 328networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00368BD4 Relevance: 38.8, APIs: 5, Strings: 17, Instructions: 319stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003C8068 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 222windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E41AC Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 165windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0048D554 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 281stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E96A4 Relevance: 18.2, APIs: 12, Instructions: 241COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004749E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114threadregistrysynchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00534A50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 83memoryfileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D4708 Relevance: 16.2, APIs: 3, Strings: 6, Instructions: 441stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D4380 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 128windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00455750 Relevance: 15.2, APIs: 1, Strings: 9, Instructions: 171stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004708B0 Relevance: 15.1, APIs: 6, Strings: 4, Instructions: 148memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00365584 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 140stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003899A4 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00458CA4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 85stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003612E0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00364BF4 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 212stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0048C7E4 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 172stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00474C44 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80synchronizationwindowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C731 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54registrythreadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0053982C Relevance: 12.2, APIs: 8, Instructions: 168synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004E157C Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 113stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00439344 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 152stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00475C8C Relevance: 10.6, APIs: 7, Instructions: 91filesynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004758C4 Relevance: 10.6, APIs: 7, Instructions: 82synchronizationpipeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00475060 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C844 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A8394 Relevance: 9.5, APIs: 3, Strings: 3, Instructions: 451stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003DC1CC Relevance: 9.2, APIs: 6, Instructions: 232COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0042D274 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 153stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004444BC Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 105stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004DC830 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 63memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039C0CC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 90stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00395CC8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004885EC Relevance: 7.7, APIs: 5, Instructions: 224COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0048CCA8 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 215stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003AD051 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 186stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003DC4E0 Relevance: 7.7, APIs: 5, Instructions: 158COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005385AC Relevance: 7.6, APIs: 5, Instructions: 149COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004442D8 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 103stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003DCD7C Relevance: 7.6, APIs: 5, Instructions: 71COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00474918 Relevance: 7.6, APIs: 5, Instructions: 51synchronizationwindowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004AD744 Relevance: 7.6, APIs: 5, Instructions: 50stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00454908 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 323stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0036D2C4 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A1CDC Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 203stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0037C7E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 199windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004A1984 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 167stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003791A4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 149stringwindowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039C030 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 90stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00459288 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0036136C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00399522 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 326stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003B9228 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 258stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0049D898 Relevance: 6.2, APIs: 4, Instructions: 247COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0039D174 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 216stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003C594A Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 185stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003682C0 Relevance: 6.2, APIs: 4, Instructions: 178COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D8B10 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 122stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D5140 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00468D28 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0045C6A4 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0046C8D4 Relevance: 6.0, APIs: 4, Instructions: 33windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003C8858 Relevance: 6.0, APIs: 4, Instructions: 30windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003E481C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00534AB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00474D70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|