Windows
Analysis Report
YY#U6302#U53f7#U534f#U8bae.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- YY#U6302#U53f7#U534f#U8bae.exe (PID: 908 cmdline:
"C:\Users\ user\Deskt op\YY#U630 2#U53f7#U5 34f#U8bae. exe" MD5: 765CF453D0CEA3719B619E4C55881093)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_6CEFC5C0 | |
Source: | Code function: | 0_2_6CEFC790 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Static PE information: |
Source: | Code function: | 0_2_00401770 | |
Source: | Code function: | 0_2_6CF03D60 | |
Source: | Code function: | 0_2_6CF03060 | |
Source: | Code function: | 0_2_6CF25CA0 | |
Source: | Code function: | 0_2_6CF56C8E | |
Source: | Code function: | 0_2_6CF08C70 | |
Source: | Code function: | 0_2_6CF27D80 | |
Source: | Code function: | 0_2_6CF58D78 | |
Source: | Code function: | 0_2_6CF04EB0 | |
Source: | Code function: | 0_2_6CF32EA0 | |
Source: | Code function: | 0_2_6CF29E30 | |
Source: | Code function: | 0_2_6CF30E30 | |
Source: | Code function: | 0_2_6CF22F50 | |
Source: | Code function: | 0_2_6CF0AF40 | |
Source: | Code function: | 0_2_6CF28F20 | |
Source: | Code function: | 0_2_6CF35F20 | |
Source: | Code function: | 0_2_6CF1C860 | |
Source: | Code function: | 0_2_6CF42814 | |
Source: | Code function: | 0_2_6CEF19F0 | |
Source: | Code function: | 0_2_6CF24940 | |
Source: | Code function: | 0_2_6CF32930 | |
Source: | Code function: | 0_2_6CF0BAE0 | |
Source: | Code function: | 0_2_6CF17A1E | |
Source: | Code function: | 0_2_6CF1ABC0 | |
Source: | Code function: | 0_2_6CEFDB50 | |
Source: | Code function: | 0_2_6CF33B00 | |
Source: | Code function: | 0_2_6CF2B4E0 | |
Source: | Code function: | 0_2_6CF424B5 | |
Source: | Code function: | 0_2_6CF20400 | |
Source: | Code function: | 0_2_6CEF4590 | |
Source: | Code function: | 0_2_6CF1F560 | |
Source: | Code function: | 0_2_6CF5D549 | |
Source: | Code function: | 0_2_6CF0C6E0 | |
Source: | Code function: | 0_2_6CEF76D0 | |
Source: | Code function: | 0_2_6CF496A7 | |
Source: | Code function: | 0_2_6CF2A680 | |
Source: | Code function: | 0_2_6CEF3640 | |
Source: | Code function: | 0_2_6CF22610 | |
Source: | Code function: | 0_2_6CF067A0 | |
Source: | Code function: | 0_2_6CF5C790 | |
Source: | Code function: | 0_2_6CEFC790 | |
Source: | Code function: | 0_2_6CF04770 | |
Source: | Code function: | 0_2_6CF13770 | |
Source: | Code function: | 0_2_6CF4B710 | |
Source: | Code function: | 0_2_6CF251C0 | |
Source: | Code function: | 0_2_6CF17180 | |
Source: | Code function: | 0_2_6CEF5190 |
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_6CEFAD60 |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_6CF03D60 |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00406DA0 | |
Source: | Code function: | 0_2_004065AD | |
Source: | Code function: | 0_2_6CF5BFD4 |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 0_2_6CEFAD60 |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Code function: | 0_2_6CEFC5C0 | |
Source: | Code function: | 0_2_6CEFC790 |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_6CF03060 |
Source: | Code function: | 0_2_6CEFAD60 |
Source: | Code function: | 0_2_6CF03D60 |
Source: | Code function: | 0_2_6CF56124 |
Source: | Code function: | 0_2_6CF3B805 | |
Source: | Code function: | 0_2_6CF44984 | |
Source: | Code function: | 0_2_6CF3C469 |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_6CF3C285 |
Source: | Code function: | 0_2_6CF3C58C |
Source: | Code function: | 0_2_6CF5445D |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 31 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 3 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
NaN% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
NaN% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
NaN% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
NaN% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
NaN% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
NaN% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
NaN% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
NaN% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
NaN% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
NaN% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
NaN% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
NaN% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
NaN% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1457838 |
Start date and time: | 2024-06-15 20:02:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | YY#U6302#U53f7#U534f#U8bae.exerenamed because original name is a hash value |
Original Sample Name: | YY.exe |
Detection: | MAL |
Classification: | mal60.winEXE@1/1@0/0 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Process: | C:\Users\user\Desktop\YY#U6302#U53f7#U534f#U8bae.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 741376 |
Entropy (8bit): | 6.917105002705599 |
Encrypted: | false |
SSDEEP: | 12288:wKBQAJdbyF+XZrjvhIeWgtN5XcTXrTmY5GTTTTTTTTTy8L1d8GsgFMwq:wKBZbpXZrjhI8N5sT7TzGTTTTTTTTTy9 |
MD5: | A96FBD5E66B31F3D816AD80F623E9BD9 |
SHA1: | 4EDA42260BD3EB930CD4EAFD7D15C6AF367BCF18 |
SHA-256: | 2E67BA278646FDE95BB614DCBCC7DA1C6BF7976C918B2C6AD3D78640000326F3 |
SHA-512: | 43921107313775EA14B1BD33CF758C13798F4FA1C1074771C1C96B1B43B98F3416D249ED8AB3171383772D0054829C3754A91B5E94135F1DF6D67A76F599C80E |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.921437760987104 |
TrID: |
|
File name: | YY#U6302#U53f7#U534f#U8bae.exe |
File size: | 4'972'544 bytes |
MD5: | 765cf453d0cea3719b619e4c55881093 |
SHA1: | 060ae0476bbd908d08537c8b6bb24d2ec83d524c |
SHA256: | 3d76cc27be3265077a5c15f2c76848b73148df035b7d3a3d2b9ad77232587cfd |
SHA512: | 2132af60567aaf5c89001c36edd0764ef5e336dd2260d20287953ce2dac4b80c7817d0c0fe410a0d092900181c3d360999f7f2c06b5eba51a2e54821175cec18 |
SSDEEP: | 98304:ygvElT54uia2kf5SCyJsAh6wbwPy7kl/CNBIs0lApvWJ:yFT54rHi4H+Ah/bOUkVQY2oJ |
TLSH: | 893633D84EF59834C2A6033CE43172374EBFF657D628936E265CE6AEAC4D1819341A37 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#.vOB.%OB.%OB.% ].%FB.% ].%IB.%.^.%bB.%4^.%JB.%.].%cB.%.J.%MB.%OB.%.@.%-].%RB.%yd.%.B.%yd.%7B.%.].%.B.%.].%RB.%OB.%.B.%.D.%NB. |
Icon Hash: | 099c9113582f8b55 |
Entrypoint: | 0xb93dda |
Entrypoint Section: | .vmp1 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x66653771 [Sun Jun 9 05:02:41 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | fe512f2e549df2214891378c91f66a42 |
Instruction |
---|
push 0E4B68F2h |
call 00007F34FD55337Dh |
add byte ptr [eax], al |
push esp |
insb |
jnc 00007F34FD09BFE8h |
jc 00007F34FD09C007h |
add byte ptr [eax], al |
add byte ptr [edi+65h], al |
je 00007F34FD09BFF5h |
jns 00007F34FD09C015h |
je 00007F34FD09C007h |
insd |
push esp |
imul ebp, dword ptr [ebp+65h], 24648D00h |
sbb al, E8h |
popfd |
add dword ptr [eax], eax |
add byte ptr [ebx-18h], dl |
lock add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [ebx+65h], dl |
je 00007F34FD09BFF9h |
imul ebp, dword ptr [esi+64h], 7845776Fh |
je 00007F34FD09BFE7h |
js 00007F34FD09BFA2h |
add byte ptr [eax], al |
inc edi |
je 00007F34FD09BFF9h |
outsd |
insb |
jne 00007F34FD09C00Fh |
dec ecx |
outsb |
outsw |
jc 00007F34FD09C00Fh |
popad |
je 00007F34FD09C00Bh |
outsd |
outsb |
inc ecx |
add byte ptr [eax], al |
add byte ptr [ebx+72h], al |
popad |
je 00007F34FD09C007h |
push esp |
push 64616572h |
add al, ch |
pop esi |
or al, byte ptr [eax] |
add byte ptr [eax], al |
add byte ptr [ebx+72h], al |
popad |
je 00007F34FD09C007h |
inc esp |
imul esi, dword ptr [edx+65h], 726F7463h |
jns 00007F34FD09BFE3h |
add byte ptr [eax], al |
add byte ptr [edi+69h], dl |
inc ebx |
push 6F547261h |
dec ebp |
jne 00007F34FD09C00Eh |
je 00007F34FD09C00Bh |
inc edx |
jns 00007F34FD09C016h |
add byte ptr [eax], al |
add byte ptr [edi+61h], dl |
imul esi, dword ptr [esi+eax*2+6Fh], 6C754D72h |
je 00007F34FD09C00Bh |
jo 00007F34FD09C00Eh |
dec edi |
bound ebp, dword ptr [edx+65h] |
arpl word ptr [ebx+esi*2+00h], si |
add byte ptr [eax], al |
inc ecx |
jo 00007F34FD09C012h |
outsb |
dec ebp |
outsb |
jne 00007F34FD09BFE3h |
add byte ptr [eax], al |
add byte ptr [ebx+72h], al |
popad |
je 00007F34FD09C007h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x79627c | 0x168 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x788000 | 0x6190 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xc4c000 | 0x4c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xb9735b | 0x850 | .vmp1 |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x19e742 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x1a0000 | 0x577b12 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x718000 | 0x6f3ca | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x788000 | 0x6190 | 0x3000 | a1864bf4c4f443ebfc78e5e2fff8348b | False | 0.394287109375 | data | 4.088331277576032 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.vmp0 | 0x78f000 | 0x3024 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.vmp1 | 0x793000 | 0x4b8233 | 0x4b9000 | 5d3194b71c1a11ae1687b1d9c64ef151 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0xc4c000 | 0x4c | 0x1000 | 31b33e1e166e82486ce7540bf78125ec | False | 0.0224609375 | data | 0.11968309355305998 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x78a5b8 | 0xb | data | Chinese | China | 1.0 |
TEXTINCLUDE | 0x78a5c4 | 0x16 | data | Chinese | China | 0.5 |
TEXTINCLUDE | 0x78a5dc | 0x151 | data | Chinese | China | 0.03857566765578635 |
RT_CURSOR | 0x78a730 | 0x134 | data | Chinese | China | 0.04220779220779221 |
RT_CURSOR | 0x78a864 | 0x134 | data | Chinese | China | 0.04220779220779221 |
RT_CURSOR | 0x78a998 | 0x134 | data | Chinese | China | 0.04220779220779221 |
RT_CURSOR | 0x78aacc | 0xb4 | data | Chinese | China | 0.06666666666666667 |
RT_BITMAP | 0x78ab80 | 0x16c | data | Chinese | China | 0.03571428571428571 |
RT_BITMAP | 0x78acec | 0x248 | data | Chinese | China | 0.025684931506849314 |
RT_BITMAP | 0x78af34 | 0x144 | data | Chinese | China | 0.058823529411764705 |
RT_BITMAP | 0x78b078 | 0x158 | empty | Chinese | China | 0 |
RT_BITMAP | 0x78b1d0 | 0x158 | empty | Chinese | China | 0 |
RT_BITMAP | 0x78b328 | 0x158 | empty | Chinese | China | 0 |
RT_BITMAP | 0x78b480 | 0x158 | empty | Chinese | China | 0 |
RT_BITMAP | 0x78b5d8 | 0x158 | empty | Chinese | China | 0 |
RT_BITMAP | 0x78b730 | 0x158 | empty | Chinese | China | 0 |
RT_BITMAP | 0x78b888 | 0x158 | empty | Chinese | China | 0 |
RT_BITMAP | 0x78b9e0 | 0x158 | empty | Chinese | China | 0 |
RT_BITMAP | 0x78bb38 | 0x5e4 | empty | Chinese | China | 0 |
RT_BITMAP | 0x78c11c | 0xb8 | empty | Chinese | China | 0 |
RT_BITMAP | 0x78c1d4 | 0x16c | empty | Chinese | China | 0 |
RT_BITMAP | 0x78c340 | 0x144 | empty | Chinese | China | 0 |
RT_ICON | 0x788bf4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Chinese | China | 0.26344086021505375 |
RT_ICON | 0x788edc | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Chinese | China | 0.41216216216216217 |
RT_ICON | 0x789004 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0, resolution 2834 x 2834 px/m | 0.6824577861163227 | ||
RT_MENU | 0x78c484 | 0xc | empty | Chinese | China | 0 |
RT_MENU | 0x78c490 | 0x284 | empty | Chinese | China | 0 |
RT_DIALOG | 0x78c714 | 0x98 | empty | Chinese | China | 0 |
RT_DIALOG | 0x78c7ac | 0x17a | empty | Chinese | China | 0 |
RT_DIALOG | 0x78c928 | 0xfa | empty | Chinese | China | 0 |
RT_DIALOG | 0x78ca24 | 0xea | empty | Chinese | China | 0 |
RT_DIALOG | 0x78cb10 | 0x8ae | empty | Chinese | China | 0 |
RT_DIALOG | 0x78d3c0 | 0xb2 | empty | Chinese | China | 0 |
RT_DIALOG | 0x78d474 | 0xcc | empty | Chinese | China | 0 |
RT_DIALOG | 0x78d540 | 0xb2 | empty | Chinese | China | 0 |
RT_DIALOG | 0x78d5f4 | 0xe2 | empty | Chinese | China | 0 |
RT_DIALOG | 0x78d6d8 | 0x18c | empty | Chinese | China | 0 |
RT_STRING | 0x78d864 | 0x50 | empty | Chinese | China | 0 |
RT_STRING | 0x78d8b4 | 0x2c | empty | Chinese | China | 0 |
RT_STRING | 0x78d8e0 | 0x78 | empty | Chinese | China | 0 |
RT_STRING | 0x78d958 | 0x1c4 | empty | Chinese | China | 0 |
RT_STRING | 0x78db1c | 0x12a | empty | Chinese | China | 0 |
RT_STRING | 0x78dc48 | 0x146 | empty | Chinese | China | 0 |
RT_STRING | 0x78dd90 | 0x40 | empty | Chinese | China | 0 |
RT_STRING | 0x78ddd0 | 0x64 | empty | Chinese | China | 0 |
RT_STRING | 0x78de34 | 0x1d8 | empty | Chinese | China | 0 |
RT_STRING | 0x78e00c | 0x114 | empty | Chinese | China | 0 |
RT_STRING | 0x78e120 | 0x24 | empty | Chinese | China | 0 |
RT_GROUP_CURSOR | 0x78e144 | 0x14 | empty | Chinese | China | 0 |
RT_GROUP_CURSOR | 0x78e158 | 0x14 | empty | Chinese | China | 0 |
RT_GROUP_CURSOR | 0x78e16c | 0x22 | empty | Chinese | China | 0 |
RT_GROUP_ICON | 0x78a0ac | 0x14 | data | 1.2 | ||
RT_GROUP_ICON | 0x78a0c0 | 0x14 | data | Chinese | China | 1.2 |
RT_GROUP_ICON | 0x78a0d4 | 0x14 | data | Chinese | China | 1.25 |
RT_VERSION | 0x78a0e8 | 0x214 | data | Chinese | China | 0.5375939849624061 |
RT_MANIFEST | 0x78a2fc | 0x2b9 | XML 1.0 document, ASCII text, with very long lines (697), with no line terminators | 0.5279770444763271 |
DLL | Import |
---|---|
RASAPI32.dll | RasHangUpA, RasGetConnectStatusA |
WINMM.dll | midiStreamRestart, midiStreamClose, midiOutReset, midiStreamStop, midiStreamOut, midiOutPrepareHeader, waveOutRestart, waveOutUnprepareHeader, waveOutPrepareHeader, waveOutWrite, waveOutPause, waveOutReset, midiStreamProperty, midiStreamOpen, midiOutUnprepareHeader, waveOutOpen, waveOutClose, waveOutGetNumDevs |
WS2_32.dll | WSAAsyncSelect, closesocket, send, select, WSACleanup, WSAStartup, gethostbyname, inet_ntoa, inet_addr, gethostname, htons, socket, sendto, recvfrom, ioctlsocket, connect, listen, getpeername, accept, __WSAFDIsSet, ntohs, htonl, bind, ntohl, WSAGetLastError, getsockname, recv |
KERNEL32.dll | UnmapViewOfFile, CreateFileMappingA, MapViewOfFile, OpenFileMappingA, GetCurrentProcessId, GetSystemDirectoryA, GetWindowsDirectoryA, GetCurrentProcess, TerminateThread, GetModuleHandleW, VirtualQuery, LoadLibraryW, GetVersionExW, DeleteFileW, TerminateProcess, GetFileSize, SetFilePointer, CreateFileW, GetTempPathW, FileTimeToSystemTime, GetTimeZoneInformation, SetLastError, GetVersion, LocalFree, FormatMessageA, CreateMutexA, ReleaseMutex, SuspendThread, GetACP, CreateSemaphoreA, ResumeThread, InterlockedExchange, ReleaseSemaphore, IsBadCodePtr, IsBadReadPtr, CompareStringW, CompareStringA, GetStringTypeW, GetStringTypeA, SetUnhandledExceptionFilter, IsBadWritePtr, VirtualAlloc, LCMapStringW, LCMapStringA, SetEnvironmentVariableA, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetFileType, SetStdHandle, HeapSize, ExitThread, GetLocalTime, GetSystemTime, RaiseException, RtlUnwind, GetStartupInfoA, GetOEMCP, GetCPInfo, GetProcessVersion, SetErrorMode, GlobalFlags, GetCurrentThread, GetFileTime, TlsGetValue, LocalReAlloc, TlsSetValue, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, lstrcmpA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpiA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, DuplicateHandle, lstrcpynA, FileTimeToLocalFileTime, InterlockedDecrement, InterlockedIncrement, EnterCriticalSection, LeaveCriticalSection, GetProfileStringA, WriteFile, WaitForMultipleObjects, CloseHandle, WaitForSingleObject, CreateProcessA, GetTickCount, GetCommandLineA, MulDiv, GetProcAddress, GetModuleHandleA, GetVolumeInformationA, SetCurrentDirectoryA, GetCurrentDirectoryA, CreateDirectoryA, CopyFileA, DeleteFileA, GetFileAttributesA, SetFileAttributesA, FindClose, FindFirstFileA, GetTempPathA, CreateFileA, SetEvent, FindResourceA, LoadResource, LockResource, ReadFile, lstrlenW, RemoveDirectoryA, GetModuleFileNameA, GetCurrentThreadId, ExitProcess, GlobalSize, GlobalFree, DeleteCriticalSection, InitializeCriticalSection, lstrcatA, lstrlenA, WinExec, lstrcpyA, FindNextFileA, GlobalReAlloc, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetUserDefaultLCID, MultiByteToWideChar, WideCharToMultiByte, GetFullPathNameA, FreeLibrary, LoadLibraryA, GetLastError, GetVersionExA, WritePrivateProfileStringA, GetPrivateProfileStringA, CreateThread, CreateEventA, Sleep, GlobalAlloc, GlobalLock, GlobalUnlock |
USER32.dll | GetClassNameA, GetDesktopWindow, GetDlgItem, SetWindowTextA, MessageBoxW, GetSysColorBrush, wsprintfA, WaitForInputIdle, FindWindowExA, GetWindowTextA, ReleaseDC, LoadStringA, GetMenuCheckMarkDimensions, GetMenuState, SetMenuItemBitmaps, CheckMenuItem, MoveWindow, GetForegroundWindow, DefWindowProcW, GetPropA, RegisterClassA, CreateWindowExA, SetPropA, LoadIconA, TranslateMessage, DrawFrameControl, DrawEdge, DrawFocusRect, WindowFromPoint, GetMessageA, DispatchMessageA, SetRectEmpty, RegisterClipboardFormatA, CreateIconFromResourceEx, CreateIconFromResource, DrawIconEx, CreatePopupMenu, AppendMenuA, ModifyMenuA, CreateMenu, CreateAcceleratorTableA, GetDlgCtrlID, GetSubMenu, EnableMenuItem, ClientToScreen, EnumDisplaySettingsA, LoadImageA, SystemParametersInfoA, ShowWindow, IsWindowEnabled, TranslateAcceleratorA, IsDialogMessageA, ScrollWindowEx, SendDlgItemMessageA, MapWindowPoints, AdjustWindowRectEx, GetScrollPos, GetMenuItemCount, GetMenuItemID, SetWindowsHookExA, CallNextHookEx, GetClassLongA, UnhookWindowsHookEx, CallWindowProcA, RemovePropA, GetMessageTime, GetLastActivePopup, RegisterWindowMessageA, GetWindowPlacement, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamA, DestroyWindow, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, CharUpperA, GetWindowTextLengthA, GetKeyState, CopyAcceleratorTableA, PostQuitMessage, IsZoomed, GetClassInfoA, DefWindowProcA, GetSystemMenu, DeleteMenu, GetMenu, SetMenu, PeekMessageA, IsIconic, SetFocus, GetActiveWindow, GetWindow, DestroyAcceleratorTable, SetWindowRgn, GetMessagePos, ScreenToClient, ChildWindowFromPointEx, CopyRect, LoadBitmapA, WinHelpA, KillTimer, SetTimer, ReleaseCapture, GetCapture, SetCapture, GetScrollRange, SetScrollRange, SetScrollPos, SetRect, InflateRect, IntersectRect, DestroyIcon, PtInRect, OffsetRect, IsWindowVisible, EnableWindow, RedrawWindow, GetWindowLongA, SetWindowLongA, GetSysColor, SetActiveWindow, SetCursorPos, LoadCursorA, SetCursor, GetDC, FillRect, IsRectEmpty, UnregisterClassA, IsChild, TrackPopupMenu, DestroyMenu, SetForegroundWindow, GetWindowRect, EqualRect, UpdateWindow, ValidateRect, InvalidateRect, GetClientRect, GetFocus, GetParent, GetTopWindow, PostMessageA, IsWindow, SetParent, DestroyCursor, SendMessageA, SetWindowPos, MessageBoxA, GetCursorPos, GetSystemMetrics, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard |
GDI32.dll | ExtSelectClipRgn, LineTo, MoveToEx, ExcludeClipRect, GetClipBox, ScaleWindowExtEx, SetWindowExtEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetTextColor, SetROP2, SetPolyFillMode, SetBkMode, SelectClipRgn, DeleteObject, CreateDIBitmap, GetSystemPaletteEntries, SelectPalette, RealizePalette, GetDIBits, GetWindowExtEx, GetViewportOrgEx, GetWindowOrgEx, BeginPath, EndPath, PathToRegion, CreateEllipticRgn, CreateRoundRectRgn, GetTextColor, GetBkMode, GetBkColor, GetROP2, GetStretchBltMode, GetPolyFillMode, CreateCompatibleBitmap, CreateDCA, CreateBitmap, SelectObject, CreatePen, PatBlt, CombineRgn, CreateRectRgn, FillRgn, CreateSolidBrush, CreateFontIndirectA, GetStockObject, GetObjectA, EndPage, EndDoc, DeleteDC, StartDocA, StartPage, BitBlt, CreateCompatibleDC, Ellipse, Rectangle, LPtoDP, DPtoLP, GetCurrentObject, RoundRect, GetTextExtentPoint32A, GetDeviceCaps, GetViewportExtEx, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextMetricsA, CreatePolygonRgn, GetClipRgn, SetStretchBltMode, CreateRectRgnIndirect, SetBkColor, CreatePalette, StretchBlt, SaveDC, RestoreDC |
WINSPOOL.DRV | OpenPrinterA, DocumentPropertiesA, ClosePrinter |
ADVAPI32.dll | RegSetValueExA, RegOpenKeyExA, RegCloseKey, RegQueryValueA, CryptReleaseContext, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptAcquireContextA, RegCreateKeyExA |
SHELL32.dll | DragQueryFileA, SHGetSpecialFolderPathA, Shell_NotifyIconA, ShellExecuteA |
ole32.dll | OleRun, CoCreateInstance, CLSIDFromString, OleUninitialize, OleInitialize, RegisterDragDrop, RevokeDragDrop, ReleaseStgMedium, CLSIDFromProgID |
OLEAUT32.dll | SafeArrayAccessData, SafeArrayGetElement, VariantCopyInd, VariantInit, SysAllocString, SafeArrayDestroy, SafeArrayCreate, SafeArrayPutElement, RegisterTypeLib, LHashValOfNameSys, LoadTypeLib, SafeArrayUnaccessData, UnRegisterTypeLib, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, VariantChangeType, VariantClear, VariantCopy |
COMCTL32.dll | ImageList_Destroy |
WLDAP32.dll | |
WININET.dll | InternetCanonicalizeUrlA, InternetCrackUrlA, HttpOpenRequestA, HttpSendRequestA, HttpQueryInfoA, InternetReadFile, InternetConnectA, InternetSetOptionA, InternetCloseHandle, InternetOpenA |
comdlg32.dll | ChooseColorA, ChooseFontA, GetFileTitleA, GetSaveFileNameA, GetOpenFileNameA |
KERNEL32.dll | VirtualProtect, GetModuleFileNameA, ExitProcess |
USER32.dll | MessageBoxA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | China |
Target ID: | 0 |
Start time: | 14:02:56 |
Start date: | 15/06/2024 |
Path: | C:\Users\user\Desktop\YY#U6302#U53f7#U534f#U8bae.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 4'972'544 bytes |
MD5 hash: | 765CF453D0CEA3719B619E4C55881093 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 41.2% |
Total number of Nodes: | 279 |
Total number of Limit Nodes: | 21 |
Graph
Function 6CF03D60 Relevance: 44.1, APIs: 17, Strings: 8, Instructions: 340filelibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEFAD60 Relevance: 9.1, APIs: 6, Instructions: 80processCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3BF07 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF52D9C Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF33B00 Relevance: 36.5, APIs: 18, Strings: 2, Instructions: 1527windowstringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF27D80 Relevance: 26.8, APIs: 13, Strings: 2, Instructions: 521windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEFC790 Relevance: 20.2, APIs: 7, Strings: 4, Instructions: 955filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF067A0 Relevance: 18.5, APIs: 12, Instructions: 518COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF35F20 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 452windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF29E30 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF24940 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF28F20 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 318windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF13770 Relevance: 7.9, APIs: 5, Instructions: 361windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEF76D0 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 551windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF4B710 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF2B4E0 Relevance: 6.3, APIs: 4, Instructions: 335windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF0BAE0 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 519windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEFC5C0 Relevance: 4.6, APIs: 3, Instructions: 84fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF22610 Relevance: 3.6, APIs: 2, Instructions: 568windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1ABC0 Relevance: 3.3, Strings: 2, Instructions: 822COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF17A1E Relevance: 3.2, APIs: 2, Instructions: 215COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF04770 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEF19F0 Relevance: 2.7, APIs: 2, Instructions: 215COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEFDB50 Relevance: 2.7, APIs: 2, Instructions: 212COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF5445D Relevance: 1.9, APIs: 1, Instructions: 410timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF08C70 Relevance: 1.9, APIs: 1, Instructions: 352COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3C285 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEF5190 Relevance: 1.6, Strings: 1, Instructions: 381COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF424B5 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1C860 Relevance: 1.6, Strings: 1, Instructions: 331COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF56124 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF5C790 Relevance: .7, Instructions: 651COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF5D549 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF0C6E0 Relevance: .5, Instructions: 546COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEF4590 Relevance: .4, Instructions: 405COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF42814 Relevance: .4, Instructions: 385COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF22F50 Relevance: .4, Instructions: 366COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF17180 Relevance: .3, Instructions: 291COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1F560 Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEF3640 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF32930 Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF496A7 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401770 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF081A0 Relevance: 60.0, APIs: 32, Strings: 2, Instructions: 452windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF29980 Relevance: 38.9, APIs: 19, Strings: 3, Instructions: 365windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1A110 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 278windowregistryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF321F0 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 317windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3BCD2 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF308C0 Relevance: 18.2, APIs: 12, Instructions: 202COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF44236 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF28580 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 270windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF246C0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 195windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF05900 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 146windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF14590 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 205windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF27500 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 205windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF2D7C0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 205windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF38780 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 205windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF05FA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1F800 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF19FD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 101windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF38A40 Relevance: 13.8, APIs: 9, Instructions: 250timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF308A2 Relevance: 13.7, APIs: 9, Instructions: 189COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF36440 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 335windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3DA10 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF2F5F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEFC370 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF24DA0 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF0A7CE Relevance: 12.0, APIs: 8, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF07450 Relevance: 10.9, APIs: 7, Instructions: 358COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF507D3 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF21330 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF11490 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 162threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF52657 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF2F960 Relevance: 9.3, APIs: 6, Instructions: 317COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF28890 Relevance: 9.3, APIs: 6, Instructions: 303windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF45F6B Relevance: 9.3, APIs: 6, Instructions: 265COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF28350 Relevance: 9.2, APIs: 6, Instructions: 194windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF25980 Relevance: 9.1, APIs: 6, Instructions: 133windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF220D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 362windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF04A60 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF211D0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF130F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 148windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF0E0C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF44888 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEF91A0 Relevance: 7.6, APIs: 5, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF2A320 Relevance: 7.6, APIs: 5, Instructions: 136windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF15C40 Relevance: 7.6, APIs: 5, Instructions: 76windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1FFF0 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3BD94 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3B3E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 347windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF39550 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1DB70 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 306windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF2EE90 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEFE4E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 114libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEF8640 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 114libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF10790 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF32C60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61timewindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3E7F2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1BF60 Relevance: 6.3, APIs: 4, Instructions: 270windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1E4A0 Relevance: 6.2, APIs: 4, Instructions: 195COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF12A30 Relevance: 6.2, APIs: 4, Instructions: 182windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF200B0 Relevance: 6.2, APIs: 4, Instructions: 176windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF38620 Relevance: 6.1, APIs: 4, Instructions: 147windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF0E540 Relevance: 6.1, APIs: 4, Instructions: 145windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF53E34 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF2D9F0 Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF0E9E0 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF390E0 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3AAC0 Relevance: 6.1, APIs: 4, Instructions: 100windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEFC4B0 Relevance: 6.1, APIs: 4, Instructions: 94fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF54B41 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF55C03 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF13020 Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF245D0 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF2F500 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF080B0 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF32100 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF06460 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF298C0 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF06650 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF21B8C Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3BE66 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF26E40 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1EE20 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 203windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEFD790 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 195stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF2BB70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131stringwindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF30CB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CEF9300 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118registrywindowthreadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3DDB5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF0ADF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF2B420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF3D452 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CF1E680 Relevance: 5.2, APIs: 4, Instructions: 193COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|