Windows
Analysis Report
8yprhxqBVs.exe
Overview
General Information
Sample name: | 8yprhxqBVs.exerenamed because original name is a hash value |
Original sample name: | 7acc6aaa73ad3bb7b36771f3c9311a0c.exe |
Analysis ID: | 1464584 |
MD5: | 7acc6aaa73ad3bb7b36771f3c9311a0c |
SHA1: | da764b355b5f6c54f55ce7f1087de4b0de462478 |
SHA256: | 93255a8d0cd55878926f556e68a34cdc802c5316bd469f035a1a3481299ac133 |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
8yprhxqBVs.exe (PID: 7412 cmdline:
"C:\Users\ user\Deskt op\8yprhxq BVs.exe" MD5: 7ACC6AAA73AD3BB7B36771F3C9311A0C)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["deadtrainingactioniw.xyzn", "qualificationjdwko.xyz", "grandcommonyktsju.xyz", "wordingnatturedowo.xyz", "crisisrottenyjs.xyz", "sweetcalcutangkdow.xyz", "cooperatvassquaidmew.xyzn", "exuberanttjdkwo.xyz"], "Build id": "bOKHNM--"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp: | 06/29/24-06:37:59.658353 |
SID: | 2054129 |
Source Port: | 54788 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 06/29/24-06:37:59.622454 |
SID: | 2054123 |
Source Port: | 52161 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 06/29/24-06:37:59.738932 |
SID: | 2054117 |
Source Port: | 56912 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 06/29/24-06:37:59.687585 |
SID: | 2054125 |
Source Port: | 52303 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 06/29/24-06:37:59.724299 |
SID: | 2054119 |
Source Port: | 64410 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 06/29/24-06:37:59.673048 |
SID: | 2054127 |
Source Port: | 55158 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 06/29/24-06:37:59.635221 |
SID: | 2054131 |
Source Port: | 55481 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 06/29/24-06:37:59.702795 |
SID: | 2054121 |
Source Port: | 53151 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00EB4700 | |
Source: | Code function: | 0_2_00EA8066 | |
Source: | Code function: | 0_2_00EA8066 | |
Source: | Code function: | 0_2_00EA8075 | |
Source: | Code function: | 0_2_00EA8075 | |
Source: | Code function: | 0_2_00EA8021 | |
Source: | Code function: | 0_2_00EA8021 | |
Source: | Code function: | 0_2_00E9E033 | |
Source: | Code function: | 0_2_00E8F000 | |
Source: | Code function: | 0_2_00E971AC | |
Source: | Code function: | 0_2_00E9E1AF | |
Source: | Code function: | 0_2_00E871A2 | |
Source: | Code function: | 0_2_00EA1170 | |
Source: | Code function: | 0_2_00EA4149 | |
Source: | Code function: | 0_2_00EA4149 | |
Source: | Code function: | 0_2_00E924A8 | |
Source: | Code function: | 0_2_00EB94A9 | |
Source: | Code function: | 0_2_00E92487 | |
Source: | Code function: | 0_2_00EA6490 | |
Source: | Code function: | 0_2_00EA6490 | |
Source: | Code function: | 0_2_00EA6490 | |
Source: | Code function: | 0_2_00EA6490 | |
Source: | Code function: | 0_2_00EB8494 | |
Source: | Code function: | 0_2_00E83430 | |
Source: | Code function: | 0_2_00E89400 | |
Source: | Code function: | 0_2_00EA0410 | |
Source: | Code function: | 0_2_00E8E5C7 | |
Source: | Code function: | 0_2_00E9F580 | |
Source: | Code function: | 0_2_00EA5580 | |
Source: | Code function: | 0_2_00E95510 | |
Source: | Code function: | 0_2_00EB76C4 | |
Source: | Code function: | 0_2_00EB8600 | |
Source: | Code function: | 0_2_00EA5580 | |
Source: | Code function: | 0_2_00E9D7DE | |
Source: | Code function: | 0_2_00EA67AF | |
Source: | Code function: | 0_2_00EA77A1 | |
Source: | Code function: | 0_2_00E81787 | |
Source: | Code function: | 0_2_00EA7731 | |
Source: | Code function: | 0_2_00E93737 | |
Source: | Code function: | 0_2_00EA48DF | |
Source: | Code function: | 0_2_00E978AF | |
Source: | Code function: | 0_2_00E9D84F | |
Source: | Code function: | 0_2_00EA684D | |
Source: | Code function: | 0_2_00E9394D | |
Source: | Code function: | 0_2_00E89AD0 | |
Source: | Code function: | 0_2_00E89AD0 | |
Source: | Code function: | 0_2_00E8CCB0 | |
Source: | Code function: | 0_2_00E97864 | |
Source: | Code function: | 0_2_00E93C08 | |
Source: | Code function: | 0_2_00EB5D98 | |
Source: | Code function: | 0_2_00EA7D6E | |
Source: | Code function: | 0_2_00E93D70 | |
Source: | Code function: | 0_2_00E96D24 | |
Source: | Code function: | 0_2_00EA6EBE | |
Source: | Code function: | 0_2_00EA6EB7 | |
Source: | Code function: | 0_2_00E91FEF | |
Source: | Code function: | 0_2_00EA7F8F | |
Source: | Code function: | 0_2_00EA7F8F | |
Source: | Code function: | 0_2_00EAFF40 | |
Source: | Code function: | 0_2_00EA1F23 | |
Source: | Code function: | 0_2_00E95F09 | |
Source: | Code function: | 0_2_00E9DF00 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00EADC70 |
Source: | Code function: | 0_2_00EADC70 |
Source: | Code function: | 0_2_00E860AC | |
Source: | Code function: | 0_2_00EB5070 | |
Source: | Code function: | 0_2_00EA8075 | |
Source: | Code function: | 0_2_00EA8021 | |
Source: | Code function: | 0_2_00EA1170 | |
Source: | Code function: | 0_2_00E88210 | |
Source: | Code function: | 0_2_00E8436F | |
Source: | Code function: | 0_2_00EBA410 | |
Source: | Code function: | 0_2_00EA35F7 | |
Source: | Code function: | 0_2_00E865C0 | |
Source: | Code function: | 0_2_00EBA730 | |
Source: | Code function: | 0_2_00E9C870 | |
Source: | Code function: | 0_2_00EA5830 | |
Source: | Code function: | 0_2_00E89AD0 | |
Source: | Code function: | 0_2_00E85BF8 | |
Source: | Code function: | 0_2_00EB1DC0 | |
Source: | Code function: | 0_2_00E85D9D | |
Source: | Code function: | 0_2_00E84D60 | |
Source: | Code function: | 0_2_00E9FECD | |
Source: | Code function: | 0_2_00E8EE60 | |
Source: | Code function: | 0_2_00EA7F8F |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00E88033 |
Malware Analysis System Evasion |
---|
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00EB6B90 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 PowerShell | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 2 Clipboard Data | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 11 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 11 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
58% | ReversingLabs | Win32.Spyware.Lummastealer | ||
28% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
5% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
4% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
4% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
qualificationjdwko.xyz | unknown | unknown | true |
| unknown |
crisisrottenyjs.xyz | unknown | unknown | true |
| unknown |
deadtrainingactioniw.xyz | unknown | unknown | true |
| unknown |
grandcommonyktsju.xyz | unknown | unknown | true |
| unknown |
cooperatvassquaidmew.xyz | unknown | unknown | true |
| unknown |
sweetcalcutangkdow.xyz | unknown | unknown | true |
| unknown |
wordingnatturedowo.xyz | unknown | unknown | true |
| unknown |
exuberanttjdkwo.xyz | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1464584 |
Start date and time: | 2024-06-29 06:37:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 8yprhxqBVs.exerenamed because original name is a hash value |
Original Sample Name: | 7acc6aaa73ad3bb7b36771f3c9311a0c.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@1/0@8/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Time | Type | Description |
---|---|---|
00:37:59 | API Interceptor |
File type: | |
Entropy (8bit): | 7.889633564730536 |
TrID: |
|
File name: | 8yprhxqBVs.exe |
File size: | 6'253'568 bytes |
MD5: | 7acc6aaa73ad3bb7b36771f3c9311a0c |
SHA1: | da764b355b5f6c54f55ce7f1087de4b0de462478 |
SHA256: | 93255a8d0cd55878926f556e68a34cdc802c5316bd469f035a1a3481299ac133 |
SHA512: | 7b968b9e8bb606e27123c7b3db0453d19c008934abe7b703f042913fd939b9bd5b998efb14b5ee400ab50d9dc253e70f5ff2d120ccd0fcab7dd8c3b10a9412df |
SSDEEP: | 98304:btnghTODQMh/GM2q7cHv7llLoL9oZE1wFLB3O0Qmp8t8PQkBRd++Gcoww0:bTDQMdGM2qYHRoaZlygLbf |
TLSH: | C15623892E9F10E7C9C218709717BBE733B764E209D68D35AAC1B4C9B0B2EB7305B155 |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....{f..............................S...........@.......................... ......G.`...@.................................\...... |
Icon Hash: | 697031130b964e0d |
Entrypoint: | 0x9314d9 |
Entrypoint Section: | .vmp |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x667BA692 [Wed Jun 26 05:26:42 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | d14e6dd016a88df925ed3c16879f3d29 |
Instruction |
---|
call 00007FD7C8E94A7Ch |
dec esi |
lea edx, dword ptr [eax+edx-2C226511h] |
inc ecx |
mov edi, F920DD8Ah |
inc edx |
mov ecx, dword ptr [eax+edx-2C22650Dh] |
dec eax |
lea edx, dword ptr [eax+eax*8+7216F0A4h] |
inc cx |
btr edi, edx |
xor ecx, edi |
ror ecx, 1 |
dec esp |
lea ebp, dword ptr [edx+edx-1E4304F9h] |
inc ecx |
mov ebx, 6EA37FAFh |
lea ecx, dword ptr [ecx+eax-555F2437h] |
dec eax |
cdq |
inc esp |
movsx esi, dl |
inc ecx |
shr ch, FFFFFFC6h |
bswap ecx |
dec eax |
mov dword ptr [esp+eax-2C22650Dh], 00958108h |
neg ecx |
inc ecx |
sub eax, ebp |
inc ecx |
or ebx, 1F85A928h |
inc ecx |
inc esp |
add byte ptr [esp+edx+06h], bl |
dec eax |
idiv dword ptr [esp+eax-4BCC6E0Dh] |
dec eax |
mov dword ptr [esp+eax*2], edi |
inc bp |
or ebx, esi |
xor dword ptr [esp+eax*2], ecx |
pop edi |
dec ebp |
lea esp, dword ptr [esi-4966A75Eh] |
dec eax |
arpl cx, cx |
sal edx, FFFFFF8Fh |
cdq |
setb dl |
dec esp |
adc ecx, ecx |
dec eax |
mov ebp, dword ptr [ebx+eax*2] |
cwde |
inc sp |
imul esi, edx |
inc sp |
mov ebp, dword ptr [ebx+eax+08h] |
neg al |
jnc 00007FD7C8A3D296h |
dec ecx |
not esp |
dec esp |
lea ebx, dword ptr [5923B8A6h+ecx*8] |
dec eax |
add eax, dword ptr [esp+esi*2] |
inc esi |
or byte ptr [esp+edi-7D366693h], bl |
dec ecx |
xor edi, esp |
ror esi, 00000000h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x81e45c | 0x8c | .vmp |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x920000 | 0x618dc | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x91f000 | 0x68c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x330000 | 0xb4 | .vmp |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x39d44 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x3b000 | 0x2a8b | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3e000 | 0x113f0 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.vmp | 0x50000 | 0x2dfedc | 0x0 | d41d8cd98f00b204e9800998ecf8427e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.vmp | 0x330000 | 0x23c | 0x400 | 9c767db86a723e15ba871d21c882be0d | False | 0.1708984375 | data | 1.152124137303384 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.vmp | 0x331000 | 0x5ed330 | 0x5ed400 | 796886b4f0f5fbf6d5ff5b6b6a9b07dc | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.reloc | 0x91f000 | 0x68c | 0x800 | b871f3d59f43409cbe2ae9f5e06c6632 | False | 0.42333984375 | data | 3.6442815333402208 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x920000 | 0x618dc | 0x8800 | 04c8a09bd5c47a2afa563c7f9f63d0b9 | False | 0.17839499080882354 | data | 2.9917502072872417 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
UNICODEDATA | 0x9286ac | 0x2fed | data | French | France | 0.03823529411764706 |
UNICODEDATA | 0x92b69c | 0x2989 | empty | French | France | 0 |
UNICODEDATA | 0x92e028 | 0x462 | empty | French | France | 0 |
UNICODEDATA | 0x92e48c | 0xf04 | empty | French | France | 0 |
UNICODEDATA | 0x92f390 | 0x22fa | empty | French | France | 0 |
UNICODEDATA | 0x93168c | 0xc36 | empty | French | France | 0 |
RT_CURSOR | 0x9322c4 | 0x134 | empty | Russian | Russia | 0 |
RT_CURSOR | 0x9323f8 | 0x134 | empty | Arabic | Saudi Arabia | 0 |
RT_CURSOR | 0x93252c | 0x134 | empty | Russian | Russia | 0 |
RT_CURSOR | 0x932660 | 0x134 | empty | 0 | ||
RT_CURSOR | 0x932794 | 0x134 | empty | 0 | ||
RT_CURSOR | 0x9328c8 | 0x2ec | empty | 0 | ||
RT_CURSOR | 0x932bb4 | 0x2ec | empty | 0 | ||
RT_CURSOR | 0x932ea0 | 0x2ec | empty | 0 | ||
RT_CURSOR | 0x93318c | 0x2ec | empty | 0 | ||
RT_CURSOR | 0x933478 | 0x2ec | empty | 0 | ||
RT_CURSOR | 0x933764 | 0x2ec | empty | 0 | ||
RT_CURSOR | 0x933a50 | 0x2ec | empty | 0 | ||
RT_CURSOR | 0x933d3c | 0x2ec | empty | 0 | ||
RT_CURSOR | 0x934028 | 0x2ec | empty | 0 | ||
RT_CURSOR | 0x934314 | 0x2ec | empty | 0 | ||
RT_CURSOR | 0x934600 | 0x134 | empty | 0 | ||
RT_CURSOR | 0x934734 | 0x134 | empty | 0 | ||
RT_CURSOR | 0x934868 | 0x134 | empty | 0 | ||
RT_CURSOR | 0x93499c | 0x134 | empty | 0 | ||
RT_CURSOR | 0x934ad0 | 0x134 | empty | 0 | ||
RT_CURSOR | 0x934c04 | 0x134 | empty | 0 | ||
RT_CURSOR | 0x934d38 | 0x134 | empty | 0 | ||
RT_BITMAP | 0x934e6c | 0x1d0 | empty | 0 | ||
RT_BITMAP | 0x93503c | 0x1e4 | empty | 0 | ||
RT_BITMAP | 0x935220 | 0x1d0 | empty | 0 | ||
RT_BITMAP | 0x9353f0 | 0x1d0 | empty | 0 | ||
RT_BITMAP | 0x9355c0 | 0x1d0 | empty | 0 | ||
RT_BITMAP | 0x935790 | 0x1d0 | empty | 0 | ||
RT_BITMAP | 0x935960 | 0x1d0 | empty | 0 | ||
RT_BITMAP | 0x935b30 | 0x1d0 | empty | 0 | ||
RT_BITMAP | 0x935d00 | 0x1d0 | empty | 0 | ||
RT_BITMAP | 0x935ed0 | 0x1d0 | empty | 0 | ||
RT_BITMAP | 0x9360a0 | 0x5c | empty | 0 | ||
RT_BITMAP | 0x9360fc | 0x5c | empty | 0 | ||
RT_BITMAP | 0x936158 | 0x5c | empty | 0 | ||
RT_BITMAP | 0x9361b4 | 0x5c | empty | 0 | ||
RT_BITMAP | 0x936210 | 0x94 | empty | Russian | Russia | 0 |
RT_BITMAP | 0x9362a4 | 0x5c | empty | 0 | ||
RT_BITMAP | 0x936300 | 0x5c | empty | 0 | ||
RT_BITMAP | 0x93635c | 0x5c | empty | 0 | ||
RT_BITMAP | 0x9363b8 | 0x5c | empty | 0 | ||
RT_BITMAP | 0x936414 | 0x5c | empty | 0 | ||
RT_BITMAP | 0x936470 | 0x5c | empty | 0 | ||
RT_BITMAP | 0x9364cc | 0x138 | empty | 0 | ||
RT_BITMAP | 0x936604 | 0x138 | empty | 0 | ||
RT_BITMAP | 0x93673c | 0x138 | empty | 0 | ||
RT_BITMAP | 0x936874 | 0x138 | empty | 0 | ||
RT_BITMAP | 0x9369ac | 0x138 | empty | 0 | ||
RT_BITMAP | 0x936ae4 | 0x138 | empty | 0 | ||
RT_BITMAP | 0x936c1c | 0x104 | empty | 0 | ||
RT_BITMAP | 0x936d20 | 0x138 | empty | 0 | ||
RT_BITMAP | 0x936e58 | 0x104 | empty | 0 | ||
RT_BITMAP | 0x936f5c | 0x138 | empty | 0 | ||
RT_BITMAP | 0x937094 | 0xb0 | empty | Russian | Russia | 0 |
RT_BITMAP | 0x937144 | 0xb0 | empty | Russian | Russia | 0 |
RT_BITMAP | 0x9371f4 | 0xe8 | empty | 0 | ||
RT_BITMAP | 0x9372dc | 0xce8 | empty | 0 | ||
RT_BITMAP | 0x937fc4 | 0xce8 | empty | 0 | ||
RT_BITMAP | 0x938cac | 0xce8 | empty | 0 | ||
RT_BITMAP | 0x939994 | 0x268 | empty | 0 | ||
RT_BITMAP | 0x939bfc | 0x268 | empty | 0 | ||
RT_BITMAP | 0x939e64 | 0x268 | empty | 0 | ||
RT_BITMAP | 0x93a0cc | 0xce8 | empty | 0 | ||
RT_BITMAP | 0x93adb4 | 0xce8 | empty | 0 | ||
RT_BITMAP | 0x93ba9c | 0xd28 | empty | 0 | ||
RT_BITMAP | 0x93c7c4 | 0x4b2a | empty | 0 | ||
RT_BITMAP | 0x9412f0 | 0x126 | empty | 0 | ||
RT_BITMAP | 0x941418 | 0x126 | empty | 0 | ||
RT_ICON | 0x923e00 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | Russian | Russia | 0.25902527075812276 |
RT_ICON | 0x9246a8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | Russian | Russia | 0.25767148014440433 |
RT_ICON | 0x924f50 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | Russian | Russia | 0.24954873646209386 |
RT_ICON | 0x9257f8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | Russian | Russia | 0.2477436823104693 |
RT_ICON | 0x9260a0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | Russian | Russia | 0.2477436823104693 |
RT_ICON | 0x926948 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | Russian | Russia | 0.2463898916967509 |
RT_ICON | 0x9271f0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | Russian | Russia | 0.259927797833935 |
RT_ICON | 0x927a98 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | Russian | Russia | 0.2612815884476534 |
RT_DIALOG | 0x941540 | 0x52 | empty | 0 | ||
RT_STRING | 0x941594 | 0x260 | empty | 0 | ||
RT_STRING | 0x9417f4 | 0x210 | empty | 0 | ||
RT_STRING | 0x941a04 | 0x30c | empty | 0 | ||
RT_STRING | 0x941d10 | 0x324 | empty | 0 | ||
RT_STRING | 0x942034 | 0x444 | empty | 0 | ||
RT_STRING | 0x942478 | 0x3d0 | empty | 0 | ||
RT_STRING | 0x942848 | 0x3ec | empty | 0 | ||
RT_STRING | 0x942c34 | 0x290 | empty | 0 | ||
RT_STRING | 0x942ec4 | 0x2d0 | empty | 0 | ||
RT_STRING | 0x943194 | 0x498 | empty | 0 | ||
RT_STRING | 0x94362c | 0x2b8 | empty | 0 | ||
RT_STRING | 0x9438e4 | 0x2d0 | empty | 0 | ||
RT_STRING | 0x943bb4 | 0x36c | empty | 0 | ||
RT_STRING | 0x943f20 | 0x5b0 | empty | 0 | ||
RT_STRING | 0x9444d0 | 0x35c | empty | 0 | ||
RT_STRING | 0x94482c | 0x4fc | empty | 0 | ||
RT_STRING | 0x944d28 | 0x1220 | empty | 0 | ||
RT_STRING | 0x945f48 | 0x90c | empty | 0 | ||
RT_STRING | 0x946854 | 0x994 | empty | 0 | ||
RT_STRING | 0x9471e8 | 0x93c | empty | 0 | ||
RT_STRING | 0x947b24 | 0x65c | empty | 0 | ||
RT_STRING | 0x948180 | 0x210 | empty | 0 | ||
RT_STRING | 0x948390 | 0x49c | empty | 0 | ||
RT_STRING | 0x94882c | 0x418 | empty | 0 | ||
RT_STRING | 0x948c44 | 0x3cc | empty | 0 | ||
RT_STRING | 0x949010 | 0x430 | empty | 0 | ||
RT_STRING | 0x949440 | 0x418 | empty | 0 | ||
RT_STRING | 0x949858 | 0x378 | empty | 0 | ||
RT_STRING | 0x949bd0 | 0x3b4 | empty | 0 | ||
RT_STRING | 0x949f84 | 0x2e8 | empty | 0 | ||
RT_STRING | 0x94a26c | 0x448 | empty | 0 | ||
RT_STRING | 0x94a6b4 | 0x390 | empty | 0 | ||
RT_STRING | 0x94aa44 | 0x4c8 | empty | 0 | ||
RT_STRING | 0x94af0c | 0x808 | empty | 0 | ||
RT_STRING | 0x94b714 | 0x570 | empty | 0 | ||
RT_STRING | 0x94bc84 | 0x6f8 | empty | 0 | ||
RT_STRING | 0x94c37c | 0x824 | empty | 0 | ||
RT_STRING | 0x94cba0 | 0x6a0 | empty | 0 | ||
RT_STRING | 0x94d240 | 0x87c | empty | 0 | ||
RT_STRING | 0x94dabc | 0x94c | empty | 0 | ||
RT_STRING | 0x94e408 | 0x414 | empty | 0 | ||
RT_STRING | 0x94e81c | 0x27c | empty | 0 | ||
RT_STRING | 0x94ea98 | 0x20c | empty | 0 | ||
RT_STRING | 0x94eca4 | 0x3ec | empty | 0 | ||
RT_STRING | 0x94f090 | 0x3dc | empty | 0 | ||
RT_STRING | 0x94f46c | 0x4ec | empty | 0 | ||
RT_STRING | 0x94f958 | 0x66c | empty | 0 | ||
RT_STRING | 0x94ffc4 | 0x70c | empty | 0 | ||
RT_STRING | 0x9506d0 | 0x398 | empty | 0 | ||
RT_STRING | 0x950a68 | 0x218 | empty | 0 | ||
RT_STRING | 0x950c80 | 0x25c | empty | 0 | ||
RT_STRING | 0x950edc | 0x474 | empty | 0 | ||
RT_STRING | 0x951350 | 0x4b8 | empty | 0 | ||
RT_STRING | 0x951808 | 0x2fc | empty | 0 | ||
RT_STRING | 0x951b04 | 0x1ec | empty | 0 | ||
RT_STRING | 0x951cf0 | 0x13c | empty | 0 | ||
RT_STRING | 0x951e2c | 0x46c | empty | 0 | ||
RT_STRING | 0x952298 | 0xccc | empty | 0 | ||
RT_STRING | 0x952f64 | 0x470 | empty | 0 | ||
RT_STRING | 0x9533d4 | 0xc0 | empty | 0 | ||
RT_STRING | 0x953494 | 0x104 | empty | 0 | ||
RT_STRING | 0x953598 | 0x1a4 | empty | 0 | ||
RT_STRING | 0x95373c | 0x448 | empty | 0 | ||
RT_STRING | 0x953b84 | 0x3c0 | empty | 0 | ||
RT_STRING | 0x953f44 | 0x574 | empty | 0 | ||
RT_STRING | 0x9544b8 | 0x380 | empty | 0 | ||
RT_STRING | 0x954838 | 0x5b8 | empty | 0 | ||
RT_STRING | 0x954df0 | 0x86c | empty | 0 | ||
RT_STRING | 0x95565c | 0xcd0 | empty | 0 | ||
RT_STRING | 0x95632c | 0xb3c | empty | 0 | ||
RT_STRING | 0x956e68 | 0x898 | empty | 0 | ||
RT_STRING | 0x957700 | 0x6bc | empty | 0 | ||
RT_STRING | 0x957dbc | 0x838 | empty | 0 | ||
RT_STRING | 0x9585f4 | 0xbc8 | empty | 0 | ||
RT_STRING | 0x9591bc | 0xd78 | empty | 0 | ||
RT_STRING | 0x959f34 | 0x6cc | empty | 0 | ||
RT_STRING | 0x95a600 | 0x57c | empty | 0 | ||
RT_STRING | 0x95ab7c | 0xc94 | empty | 0 | ||
RT_STRING | 0x95b810 | 0x9f0 | empty | 0 | ||
RT_STRING | 0x95c200 | 0x990 | empty | 0 | ||
RT_STRING | 0x95cb90 | 0x9a4 | empty | 0 | ||
RT_STRING | 0x95d534 | 0x7e4 | empty | 0 | ||
RT_STRING | 0x95dd18 | 0xc64 | empty | 0 | ||
RT_STRING | 0x95e97c | 0x9bc | empty | 0 | ||
RT_STRING | 0x95f338 | 0xa34 | empty | 0 | ||
RT_STRING | 0x95fd6c | 0xe44 | empty | 0 | ||
RT_STRING | 0x960bb0 | 0x8b4 | empty | 0 | ||
RT_STRING | 0x961464 | 0xbc8 | empty | 0 | ||
RT_STRING | 0x96202c | 0x544 | empty | 0 | ||
RT_STRING | 0x962570 | 0x760 | empty | 0 | ||
RT_STRING | 0x962cd0 | 0x5d4 | empty | 0 | ||
RT_STRING | 0x9632a4 | 0x888 | empty | 0 | ||
RT_STRING | 0x963b2c | 0x7d0 | empty | 0 | ||
RT_STRING | 0x9642fc | 0x290 | empty | 0 | ||
RT_STRING | 0x96458c | 0x7dc | empty | 0 | ||
RT_STRING | 0x964d68 | 0x8a4 | empty | 0 | ||
RT_STRING | 0x96560c | 0x7e0 | empty | 0 | ||
RT_STRING | 0x965dec | 0x91c | empty | 0 | ||
RT_STRING | 0x966708 | 0xa28 | empty | 0 | ||
RT_STRING | 0x967130 | 0x5d0 | empty | 0 | ||
RT_STRING | 0x967700 | 0x3e0 | empty | 0 | ||
RT_STRING | 0x967ae0 | 0x3a4 | empty | 0 | ||
RT_STRING | 0x967e84 | 0x404 | empty | 0 | ||
RT_STRING | 0x968288 | 0x234 | empty | 0 | ||
RT_STRING | 0x9684bc | 0xec | empty | 0 | ||
RT_STRING | 0x9685a8 | 0x1f0 | empty | 0 | ||
RT_STRING | 0x968798 | 0x428 | empty | 0 | ||
RT_STRING | 0x968bc0 | 0x3bc | empty | 0 | ||
RT_STRING | 0x968f7c | 0x2fc | empty | 0 | ||
RT_STRING | 0x969278 | 0x358 | empty | 0 | ||
RT_RCDATA | 0x9695d0 | 0x10 | empty | 0 | ||
RT_RCDATA | 0x9695e0 | 0x15ac | empty | 0 | ||
RT_RCDATA | 0x96ab8c | 0x19ca | empty | 0 | ||
RT_RCDATA | 0x96c558 | 0x79f | empty | 0 | ||
RT_RCDATA | 0x96ccf8 | 0x2bd7 | empty | 0 | ||
RT_RCDATA | 0x96f8d0 | 0x3ad | empty | 0 | ||
RT_RCDATA | 0x96fc80 | 0xda2 | empty | 0 | ||
RT_RCDATA | 0x970a24 | 0x3d9 | empty | 0 | ||
RT_RCDATA | 0x970e00 | 0x30d | empty | 0 | ||
RT_RCDATA | 0x971110 | 0xab5 | empty | 0 | ||
RT_RCDATA | 0x971bc8 | 0x5ab | empty | 0 | ||
RT_RCDATA | 0x972174 | 0xc11 | empty | 0 | ||
RT_RCDATA | 0x972d88 | 0xb34 | empty | 0 | ||
RT_RCDATA | 0x9738bc | 0x562 | empty | 0 | ||
RT_RCDATA | 0x973e20 | 0x3b8 | empty | 0 | ||
RT_RCDATA | 0x9741d8 | 0x3f6 | empty | 0 | ||
RT_RCDATA | 0x9745d0 | 0x85e | empty | 0 | ||
RT_RCDATA | 0x974e30 | 0x84d | empty | 0 | ||
RT_RCDATA | 0x975680 | 0xcce | empty | 0 | ||
RT_RCDATA | 0x976350 | 0x5e2 | empty | 0 | ||
RT_RCDATA | 0x976934 | 0x25c | empty | 0 | ||
RT_RCDATA | 0x976b90 | 0x4d5 | empty | 0 | ||
RT_RCDATA | 0x977068 | 0x3cc | empty | 0 | ||
RT_RCDATA | 0x977434 | 0xe74 | empty | 0 | ||
RT_RCDATA | 0x9782a8 | 0x2912 | empty | 0 | ||
RT_RCDATA | 0x97abbc | 0x14db | empty | 0 | ||
RT_RCDATA | 0x97c098 | 0x1245 | empty | 0 | ||
RT_RCDATA | 0x97d2e0 | 0xbfe | empty | 0 | ||
RT_RCDATA | 0x97dee0 | 0xa55 | empty | 0 | ||
RT_RCDATA | 0x97e938 | 0x3b1 | empty | 0 | ||
RT_RCDATA | 0x97ecec | 0xa56 | empty | 0 | ||
RT_RCDATA | 0x97f744 | 0xa53 | empty | 0 | ||
RT_RCDATA | 0x980198 | 0x783 | empty | 0 | ||
RT_RCDATA | 0x98091c | 0x14a | empty | 0 | ||
RT_RCDATA | 0x980a68 | 0x461 | empty | 0 | ||
RT_RCDATA | 0x980ecc | 0x494 | empty | 0 | ||
RT_RCDATA | 0x981360 | 0x3c4 | empty | 0 | ||
RT_GROUP_CURSOR | 0x981724 | 0x14 | empty | Russian | Russia | 0 |
RT_GROUP_CURSOR | 0x981738 | 0x14 | empty | Arabic | Saudi Arabia | 0 |
RT_GROUP_CURSOR | 0x98174c | 0x14 | empty | Russian | Russia | 0 |
RT_GROUP_CURSOR | 0x981760 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x981774 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x981788 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x98179c | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x9817b0 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x9817c4 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x9817d8 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x9817ec | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x981800 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x981814 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x981828 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x98183c | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x981850 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x981864 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x981878 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x98188c | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x9818a0 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x9818b4 | 0x14 | empty | 0 | ||
RT_GROUP_CURSOR | 0x9818c8 | 0x14 | empty | 0 | ||
RT_GROUP_ICON | 0x928340 | 0x14 | data | Russian | Russia | 1.25 |
RT_GROUP_ICON | 0x928354 | 0x14 | data | Russian | Russia | 1.25 |
RT_GROUP_ICON | 0x928368 | 0x14 | data | Russian | Russia | 1.25 |
RT_GROUP_ICON | 0x92837c | 0x14 | data | Russian | Russia | 1.25 |
RT_GROUP_ICON | 0x928390 | 0x14 | data | Russian | Russia | 1.25 |
RT_GROUP_ICON | 0x9283a4 | 0x14 | data | Russian | Russia | 1.25 |
RT_GROUP_ICON | 0x9283b8 | 0x14 | data | Russian | Russia | 1.2 |
RT_GROUP_ICON | 0x9283cc | 0x14 | data | Russian | Russia | 1.25 |
RT_MANIFEST | 0x9283e0 | 0x2ca | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5028011204481793 |
DLL | Import |
---|---|
KERNEL32.dll | ExitProcess, GetCurrentProcessId, GetCurrentThreadId, GetLogicalDrives, GetSystemDirectoryW, GlobalLock, GlobalUnlock |
ole32.dll | CoCreateInstance, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize |
OLEAUT32.dll | SysAllocString, SysFreeString, SysStringLen, VariantClear, VariantInit |
USER32.dll | CloseClipboard, GetClipboardData, GetDC, GetSystemMetrics, GetWindowLongW, OpenClipboard, ReleaseDC |
GDI32.dll | BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, DeleteObject, GetCurrentObject, GetDIBits, GetObjectW, SelectObject |
KERNEL32.dll | HeapAlloc, HeapFree, ExitProcess, GetModuleHandleA, LoadLibraryA, GetProcAddress |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
French | France | |
Russian | Russia | |
Arabic | Saudi Arabia | |
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
06/29/24-06:37:59.658353 | UDP | 2054129 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (cooperatvassquaidmew .xyz) | 54788 | 53 | 192.168.2.4 | 1.1.1.1 |
06/29/24-06:37:59.622454 | UDP | 2054123 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (wordingnatturedowo .xyz) | 52161 | 53 | 192.168.2.4 | 1.1.1.1 |
06/29/24-06:37:59.738932 | UDP | 2054117 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (deadtrainingactioniw .xyz) | 56912 | 53 | 192.168.2.4 | 1.1.1.1 |
06/29/24-06:37:59.687585 | UDP | 2054125 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (crisisrottenyjs .xyz) | 52303 | 53 | 192.168.2.4 | 1.1.1.1 |
06/29/24-06:37:59.724299 | UDP | 2054119 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (qualificationjdwko .xyz) | 64410 | 53 | 192.168.2.4 | 1.1.1.1 |
06/29/24-06:37:59.673048 | UDP | 2054127 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (sweetcalcutangkdow .xyz) | 55158 | 53 | 192.168.2.4 | 1.1.1.1 |
06/29/24-06:37:59.635221 | UDP | 2054131 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (exuberanttjdkwo .xyz) | 55481 | 53 | 192.168.2.4 | 1.1.1.1 |
06/29/24-06:37:59.702795 | UDP | 2054121 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (grandcommonyktsju .xyz) | 53151 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 29, 2024 06:37:59.622453928 CEST | 52161 | 53 | 192.168.2.4 | 1.1.1.1 |
Jun 29, 2024 06:37:59.631309986 CEST | 53 | 52161 | 1.1.1.1 | 192.168.2.4 |
Jun 29, 2024 06:37:59.635221004 CEST | 55481 | 53 | 192.168.2.4 | 1.1.1.1 |
Jun 29, 2024 06:37:59.655337095 CEST | 53 | 55481 | 1.1.1.1 | 192.168.2.4 |
Jun 29, 2024 06:37:59.658353090 CEST | 54788 | 53 | 192.168.2.4 | 1.1.1.1 |
Jun 29, 2024 06:37:59.670190096 CEST | 53 | 54788 | 1.1.1.1 | 192.168.2.4 |
Jun 29, 2024 06:37:59.673048019 CEST | 55158 | 53 | 192.168.2.4 | 1.1.1.1 |
Jun 29, 2024 06:37:59.684755087 CEST | 53 | 55158 | 1.1.1.1 | 192.168.2.4 |
Jun 29, 2024 06:37:59.687585115 CEST | 52303 | 53 | 192.168.2.4 | 1.1.1.1 |
Jun 29, 2024 06:37:59.700440884 CEST | 53 | 52303 | 1.1.1.1 | 192.168.2.4 |
Jun 29, 2024 06:37:59.702795029 CEST | 53151 | 53 | 192.168.2.4 | 1.1.1.1 |
Jun 29, 2024 06:37:59.722750902 CEST | 53 | 53151 | 1.1.1.1 | 192.168.2.4 |
Jun 29, 2024 06:37:59.724298954 CEST | 64410 | 53 | 192.168.2.4 | 1.1.1.1 |
Jun 29, 2024 06:37:59.736095905 CEST | 53 | 64410 | 1.1.1.1 | 192.168.2.4 |
Jun 29, 2024 06:37:59.738931894 CEST | 56912 | 53 | 192.168.2.4 | 1.1.1.1 |
Jun 29, 2024 06:37:59.753070116 CEST | 53 | 56912 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jun 29, 2024 06:37:59.622453928 CEST | 192.168.2.4 | 1.1.1.1 | 0xe006 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.635221004 CEST | 192.168.2.4 | 1.1.1.1 | 0x6efe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.658353090 CEST | 192.168.2.4 | 1.1.1.1 | 0xd9e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.673048019 CEST | 192.168.2.4 | 1.1.1.1 | 0x9f9b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.687585115 CEST | 192.168.2.4 | 1.1.1.1 | 0x783e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.702795029 CEST | 192.168.2.4 | 1.1.1.1 | 0x5647 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.724298954 CEST | 192.168.2.4 | 1.1.1.1 | 0xa6c8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.738931894 CEST | 192.168.2.4 | 1.1.1.1 | 0x3b8c | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jun 29, 2024 06:37:59.631309986 CEST | 1.1.1.1 | 192.168.2.4 | 0xe006 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.655337095 CEST | 1.1.1.1 | 192.168.2.4 | 0x6efe | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.670190096 CEST | 1.1.1.1 | 192.168.2.4 | 0xd9e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.684755087 CEST | 1.1.1.1 | 192.168.2.4 | 0x9f9b | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.700440884 CEST | 1.1.1.1 | 192.168.2.4 | 0x783e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.722750902 CEST | 1.1.1.1 | 192.168.2.4 | 0x5647 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.736095905 CEST | 1.1.1.1 | 192.168.2.4 | 0xa6c8 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Jun 29, 2024 06:37:59.753070116 CEST | 1.1.1.1 | 192.168.2.4 | 0x3b8c | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
Target ID: | 0 |
Start time: | 00:37:58 |
Start date: | 29/06/2024 |
Path: | C:\Users\user\Desktop\8yprhxqBVs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe80000 |
File size: | 6'253'568 bytes |
MD5 hash: | 7ACC6AAA73AD3BB7B36771F3C9311A0C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 2.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 21.7% |
Total number of Nodes: | 46 |
Total number of Limit Nodes: | 2 |
Graph
Function 00EB4700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EB6B90 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EB4660 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EB6A30 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E971AC Relevance: 16.5, Strings: 13, Instructions: 284COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E8F000 Relevance: 9.0, Strings: 7, Instructions: 289COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E89AD0 Relevance: 5.5, Strings: 4, Instructions: 473COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E93D70 Relevance: 5.3, Strings: 4, Instructions: 330COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E9FECD Relevance: 4.1, Strings: 3, Instructions: 301COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E89400 Relevance: 4.0, Strings: 3, Instructions: 225COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E9DF00 Relevance: 3.8, Strings: 3, Instructions: 77COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA35F7 Relevance: 3.2, Strings: 2, Instructions: 665COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA5830 Relevance: 3.0, Strings: 2, Instructions: 509COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E84D60 Relevance: 2.9, Strings: 2, Instructions: 425COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA1170 Relevance: 2.9, Strings: 2, Instructions: 423COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E85BF8 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E85D9D Relevance: 2.8, Strings: 2, Instructions: 265COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E860AC Relevance: 2.7, Strings: 2, Instructions: 215COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA4149 Relevance: 1.9, Strings: 1, Instructions: 635COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA6EB7 Relevance: 1.7, Strings: 1, Instructions: 442COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA7F8F Relevance: 1.7, Strings: 1, Instructions: 428COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA6EBE Relevance: 1.7, Strings: 1, Instructions: 411COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA8021 Relevance: 1.6, Strings: 1, Instructions: 393COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA8075 Relevance: 1.6, Strings: 1, Instructions: 391COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E92487 Relevance: 1.6, Strings: 1, Instructions: 380COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA8066 Relevance: 1.6, Strings: 1, Instructions: 368COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E924A8 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E8436F Relevance: 1.6, Strings: 1, Instructions: 333COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA0410 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA6490 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA67AF Relevance: 1.5, Strings: 1, Instructions: 209COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA684D Relevance: 1.4, Strings: 1, Instructions: 200COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA7D6E Relevance: 1.4, Strings: 1, Instructions: 162COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA1F23 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E9E033 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E91FEF Relevance: 1.3, Strings: 1, Instructions: 16COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E88210 Relevance: .8, Instructions: 774COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EB5070 Relevance: .7, Instructions: 674COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E978AF Relevance: .6, Instructions: 611COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E865C0 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E96D24 Relevance: .4, Instructions: 353COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E97864 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EBA410 Relevance: .3, Instructions: 302COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EBA730 Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E9C870 Relevance: .3, Instructions: 293COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA48DF Relevance: .2, Instructions: 236COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E93737 Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EB1DC0 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E9394D Relevance: .2, Instructions: 177COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E83430 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E95510 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E8EE60 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E95F09 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA7731 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E9F580 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E93C08 Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EB8494 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EB8600 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E871A2 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA77A1 Relevance: .1, Instructions: 68COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EAFF40 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EA5580 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E8CCB0 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EB94A9 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EB76C4 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E8E5C7 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EB5D98 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E9E1AF Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E9D7DE Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E9D84F Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00E81787 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00EADE90 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|