Windows
Analysis Report
SXQdCnmxiH.exe
Overview
General Information
Sample name: | SXQdCnmxiH.exerenamed because original name is a hash value |
Original sample name: | 1f5592d748bf37eb7b97cf5a07a5ccb0.exe |
Analysis ID: | 1465910 |
MD5: | 1f5592d748bf37eb7b97cf5a07a5ccb0 |
SHA1: | 337029c03bdba78ca2dd23ee587af64e10ab77b4 |
SHA256: | c7eb9942feb36de4a332e007e5161eeee74607257af33ababa044e3333d492fc |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SXQdCnmxiH.exe (PID: 4460 cmdline:
"C:\Users\ user\Deskt op\SXQdCnm xiH.exe" MD5: 1F5592D748BF37EB7B97CF5A07A5CCB0) - conhost.exe (PID: 5520 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Remcos, RemcosRAT | Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity. |
{"Host:Port:Password": "127.0.0.1:2404:1", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-WSY52E", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
| |
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
|
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 0_2_0042B19B |
Source: | Binary or memory string: | memstr_1f568529-9 |
Source: | Static PE information: |
Source: | Code function: | 0_2_004081F9 | |
Source: | Code function: | 0_2_004072E5 | |
Source: | Code function: | 0_2_0041474A | |
Source: | Code function: | 0_2_00407733 | |
Source: | Code function: | 0_2_00440A49 | |
Source: | Code function: | 0_2_00404CF3 | |
Source: | Code function: | 0_2_00405C8E | |
Source: | Code function: | 0_2_00407FDE |
Source: | Code function: | 0_2_0040511A |
Networking |
---|
Source: | URLs: |
Source: | Code function: | 0_2_0040F4A7 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_0040F4A7 |
Source: | Code function: | 0_2_0040F4A7 |
Source: | Code function: | 0_2_0040F4A7 |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | Code function: | 0_2_00414D34 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00414085 | |
Source: | Code function: | 0_2_004140B1 |
Source: | Code function: | 0_2_0040F4A7 |
Source: | Code function: | 0_2_0041601F | |
Source: | Code function: | 0_2_00431217 | |
Source: | Code function: | 0_2_0042E220 | |
Source: | Code function: | 0_2_0042B2A6 | |
Source: | Code function: | 0_2_0044B470 | |
Source: | Code function: | 0_2_004304CE | |
Source: | Code function: | 0_2_004454FB | |
Source: | Code function: | 0_2_0041F488 | |
Source: | Code function: | 0_2_0040F4A7 | |
Source: | Code function: | 0_2_004175D6 | |
Source: | Code function: | 0_2_0043164C | |
Source: | Code function: | 0_2_0043B680 | |
Source: | Code function: | 0_2_004476B8 | |
Source: | Code function: | 0_2_0042D76E | |
Source: | Code function: | 0_2_0043680C | |
Source: | Code function: | 0_2_004309CA | |
Source: | Code function: | 0_2_0040D9A0 | |
Source: | Code function: | 0_2_00436A3B | |
Source: | Code function: | 0_2_0041FB26 | |
Source: | Code function: | 0_2_0041FC69 | |
Source: | Code function: | 0_2_00445C19 | |
Source: | Code function: | 0_2_00430DE2 | |
Source: | Code function: | 0_2_0041EF91 |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_00410D25 |
Source: | Code function: | 0_2_0040A7FF |
Source: | Code function: | 0_2_00413B3A |
Source: | Code function: | 0_2_0041311D |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 | |
Source: | Command line argument: | 0_2_0040A1D6 |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00414EA2 |
Source: | Code function: | 0_2_0044A5E9 | |
Source: | Code function: | 0_2_0042C779 | |
Source: | Code function: | 0_2_0044AE56 |
Source: | Code function: | 0_2_00404A3B |
Source: | Code function: | 0_2_0041311D |
Source: | Code function: | 0_2_00414EA2 |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Code function: | 0_2_0040A6C0 |
Source: | Code function: | 0_2_00412E4B |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Evasive API call chain: | graph_0-41211 |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_004081F9 | |
Source: | Code function: | 0_2_004072E5 | |
Source: | Code function: | 0_2_0041474A | |
Source: | Code function: | 0_2_00407733 | |
Source: | Code function: | 0_2_00440A49 | |
Source: | Code function: | 0_2_00404CF3 | |
Source: | Code function: | 0_2_00405C8E | |
Source: | Code function: | 0_2_00407FDE |
Source: | Code function: | 0_2_0040511A |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_004320EC |
Source: | Code function: | 0_2_00414EA2 |
Source: | Code function: | 0_2_004389B4 |
Source: | Code function: | 0_2_0040CB6C |
Source: | Code function: | 0_2_004320EC | |
Source: | Code function: | 0_2_0042C52B | |
Source: | Code function: | 0_2_0042C6BD | |
Source: | Code function: | 0_2_0042C8EC |
Source: | Code function: | 0_2_004124EF |
Source: | Code function: | 0_2_0042C37B |
Source: | Code function: | 0_2_0044416B | |
Source: | Code function: | 0_2_00444120 | |
Source: | Code function: | 0_2_00444206 | |
Source: | Code function: | 0_2_00444293 | |
Source: | Code function: | 0_2_0043D31C | |
Source: | Code function: | 0_2_004444E3 | |
Source: | Code function: | 0_2_0044460C | |
Source: | Code function: | 0_2_00444713 | |
Source: | Code function: | 0_2_0040A7D3 | |
Source: | Code function: | 0_2_004447E0 | |
Source: | Code function: | 0_2_00443EA8 | |
Source: | Code function: | 0_2_0043CEB5 |
Source: | Code function: | 0_2_00413B81 |
Source: | Code function: | 0_2_00413C9F |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00407EC0 |
Source: | Code function: | 0_2_00407FDE | |
Source: | Code function: | 0_2_00407FDE |
Remote Access Functionality |
---|
Source: | Mutex created: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00403B0B |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | 11 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 12 Command and Scripting Interpreter | 1 Windows Service | 1 Access Token Manipulation | 2 Obfuscated Files or Information | 2 Credentials In Files | 1 Account Discovery | Remote Desktop Protocol | 3 Clipboard Data | 2 Encrypted Channel | Exfiltration Over Bluetooth | 1 Defacement |
Email Addresses | DNS Server | Domain Accounts | 2 Service Execution | Logon Script (Windows) | 1 Windows Service | 1 DLL Side-Loading | Security Account Manager | 1 System Service Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Remote Access Software | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Process Injection | 1 Virtualization/Sandbox Evasion | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 22 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Process Injection | Cached Domain Credentials | 21 Security Software Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 1 Process Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Owner/User Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
84% | ReversingLabs | Win32.Trojan.DumpDacic | ||
80% | Virustotal | Browse | ||
100% | Avira | BDS/Backdoor.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1465910 |
Start date and time: | 2024-07-02 08:35:57 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 18s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SXQdCnmxiH.exerenamed because original name is a hash value |
Original Sample Name: | 1f5592d748bf37eb7b97cf5a07a5ccb0.exe |
Detection: | MAL |
Classification: | mal100.rans.troj.spyw.evad.winEXE@2/1@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
02:37:22 | API Interceptor |
Process: | C:\Users\user\Desktop\SXQdCnmxiH.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8805 |
Entropy (8bit): | 4.691226838884723 |
Encrypted: | false |
SSDEEP: | 48:URmRdEVQKZEdAhWl4FB8m5SKRfh8PIcKeZD8Ijxkf2y0pXk2z/guEqJr5KJxdV2G:UuciXj8kpR+qzKfVQtEO92EjmkQ9T |
MD5: | 22822DB2EFAEC6E3E491987D78534AD8 |
SHA1: | 08B51007E2994A330DF515379313DC364EC8588D |
SHA-256: | F8A517A46B65A557F044F7993FADE014D7C096931331567EF88EE6A73611406E |
SHA-512: | A6CC1A43A3DCF8261FC1719EA99E8421FE53877DCCB6A69E94741EDC3C9C3B0649425CA3373E6906FD676ED1E9D27C080E43B6E33B2BD56D54F644B171D0EE16 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.561942170181937 |
TrID: |
|
File name: | SXQdCnmxiH.exe |
File size: | 440'320 bytes |
MD5: | 1f5592d748bf37eb7b97cf5a07a5ccb0 |
SHA1: | 337029c03bdba78ca2dd23ee587af64e10ab77b4 |
SHA256: | c7eb9942feb36de4a332e007e5161eeee74607257af33ababa044e3333d492fc |
SHA512: | 8798b4957dd4c42498693f275fcf89fb09de6a42378e3e121302b82463d10d8998249841809711a3dce1b933dd4b9d91392c9a5eb4ab8baad09d2be12c5bf0f5 |
SSDEEP: | 6144:pCJBSkHyP4DivRrO+d3cyU6320ho4nbJAj0N91EU7ZUFbz68AO2ZjXH76crD6B3:pCJB/RuFhU6ho0ej0N91HFAAZ77UB3 |
TLSH: | 6F949E12B492C032C17212740E29FB7599BCBC212936597B73EA5E5BBE741C1BB36363 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............,...,...,MEj,...,MEh,X..,MEi,...,...,...,gy\,...,T..-...,T..-...,T..-...,...,...,...,...,N..-...,N.d,...,N..-...,Rich... |
Icon Hash: | 95694d05214c1b33 |
Entrypoint: | 0x42c2ee |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66728C31 [Wed Jun 19 07:43:45 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 8a3b06a792183c402d038c6ccea86944 |
Instruction |
---|
call 00007F45147EBCDDh |
jmp 00007F45147EB6E3h |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F45147C8B5Ah |
mov dword ptr [esi], 0044D608h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0044D610h |
mov dword ptr [ecx], 0044D608h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F45147C8B27h |
mov dword ptr [esi], 0044D624h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0044D62Ch |
mov dword ptr [ecx], 0044D624h |
ret |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
lea ecx, dword ptr [ebp-0Ch] |
call 00007F45147EB82Fh |
push 0046152Ch |
lea eax, dword ptr [ebp-0Ch] |
push eax |
call 00007F45147EE0AFh |
int3 |
push ebp |
mov ebp, esp |
and dword ptr [00464CF4h], 00000000h |
sub esp, 2Ch |
push ebx |
xor ebx, ebx |
inc ebx |
or dword ptr [00464008h], ebx |
push 0000000Ah |
call 00007F4514809A86h |
test eax, eax |
je 00007F45147EB9CDh |
and dword ptr [ebp-14h], 00000000h |
xor eax, eax |
or dword ptr [00464008h], 02h |
xor ecx, ecx |
push esi |
push edi |
mov dword ptr [00004CF4h], ebx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x61ee0 | 0xf0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6c000 | 0x4ae0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x71000 | 0x3240 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x60620 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x606b4 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x60658 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x4d000 | 0x458 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4b65e | 0x4b800 | db294eb3652167aac011a6f88084697a | False | 0.5698403870033113 | data | 6.593617980898634 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x4d000 | 0x16658 | 0x16800 | 44d09f38441ed2ef4311a469320c0844 | False | 0.5041124131944444 | OpenPGP Public Key Version 6 | 5.864615616592108 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x64000 | 0x5804 | 0xe00 | c2f8f7020787d3b2510df7c8e5ebb891 | False | 0.22098214285714285 | DOS executable (block device driver @\273\) | 2.9547475152611895 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x6a000 | 0x9 | 0x200 | 1f354d76203061bfdd5a53dae48d5435 | False | 0.033203125 | data | 0.020393135236084953 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.gfids | 0x6b000 | 0x230 | 0x400 | 800849abfeb58a77f7c196a6ccde4afc | False | 0.333984375 | data | 2.4412722468785604 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x6c000 | 0x4ae0 | 0x4c00 | beabf07408719e39a28b778a9ca40537 | False | 0.27801192434210525 | data | 3.983593042450432 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x71000 | 0x3240 | 0x3400 | e5f4a62ea9b11557f22221f2b6eacc1c | False | 0.7478966346153846 | data | 6.6079153889088955 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x6c18c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.3421985815602837 |
RT_ICON | 0x6c5f4 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.27704918032786885 |
RT_ICON | 0x6cf7c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.23686679174484052 |
RT_ICON | 0x6e024 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.22977178423236513 |
RT_RCDATA | 0x705cc | 0x4d2 | data | 1.0089141004862237 | ||
RT_GROUP_ICON | 0x70aa0 | 0x3e | data | English | United States | 0.8064516129032258 |
DLL | Import |
---|---|
KERNEL32.dll | VirtualFree, VirtualAlloc, LoadLibraryA, GetNativeSystemInfo, HeapAlloc, GetProcAddress, GetProcessHeap, FreeLibrary, IsBadReadPtr, GetCurrentProcess, GetSystemDirectoryA, GlobalAlloc, GlobalLock, GetCurrentProcessId, GetTickCount, GlobalUnlock, LocalAlloc, GetModuleHandleA, GlobalFree, MulDiv, SizeofResource, QueryDosDeviceW, FindFirstVolumeW, GetConsoleScreenBufferInfo, SetConsoleTextAttribute, lstrlenW, GetStdHandle, RemoveDirectoryW, FindResourceA, OpenProcess, lstrcatW, LockResource, LoadResource, LocalFree, GetFileSize, FindVolumeClose, GetVolumePathNamesForVolumeNameW, lstrcpyW, SetConsoleOutputCP, FormatMessageA, FindNextVolumeW, SetLastError, lstrcmpW, GetModuleFileNameA, lstrcpynA, QueryPerformanceFrequency, QueryPerformanceCounter, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, HeapSize, WriteConsoleW, SetStdHandle, SetEnvironmentVariableW, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindFirstFileExA, ReadConsoleW, GetConsoleMode, GetConsoleCP, FlushFileBuffers, GetFileType, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, HeapReAlloc, GetACP, GetModuleHandleExW, MoveFileExW, RtlUnwind, RaiseException, VirtualProtect, Process32FirstW, Process32NextW, CreateToolhelp32Snapshot, GetLocaleInfoA, ExitProcess, CreateMutexA, GetModuleFileNameW, GetLongPathNameW, ExpandEnvironmentStringsA, GetLastError, WaitForSingleObject, FindNextFileA, FindFirstFileA, MoveFileW, SetFilePointerEx, GetLogicalDriveStringsA, DeleteFileW, DeleteFileA, SetFileAttributesW, GetFileAttributesW, CreateFileW, FindClose, lstrlenA, GetDriveTypeA, FindNextFileW, GetFileSizeEx, FindFirstFileW, CreateDirectoryW, CreateProcessA, Sleep, PeekNamedPipe, CreatePipe, TerminateProcess, WriteFile, ReadFile, HeapFree, HeapCreate, CreateEventA, GetLocalTime, CreateThread, CloseHandle, SetEvent, CreateEventW, AllocConsole, LoadLibraryExW, GetCPInfo, GetStringTypeW, GetLocaleInfoW, LCMapStringW, CompareStringW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, MultiByteToWideChar, DecodePointer, EncodePointer, WideCharToMultiByte, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentThreadId, GetStartupInfoW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, IsProcessorFeaturePresent, GetModuleHandleW, WaitForSingleObjectEx, ResetEvent, SetEndOfFile |
USER32.dll | EnumWindows, TranslateMessage, DispatchMessageA, GetMessageA, GetWindowTextW, SetForegroundWindow, SetClipboardData, GetClipboardData, MessageBoxW, IsWindowVisible, CloseWindow, GetWindowThreadProcessId, SendInput, EnumDisplaySettingsW, mouse_event, DrawIcon, GetSystemMetrics, GetIconInfo, SystemParametersInfoW, GetForegroundWindow, GetCursorPos, RegisterClassExA, AppendMenuA, CreateWindowExA, DefWindowProcA, TrackPopupMenu, CreatePopupMenu, ShowWindow, OpenClipboard, SetWindowTextW, ExitWindowsEx, EmptyClipboard, CloseClipboard |
GDI32.dll | CreateCompatibleBitmap, SelectObject, CreateCompatibleDC, StretchBlt, GetDIBits, DeleteDC, DeleteObject, CreateDCA, GetObjectA, BitBlt |
ADVAPI32.dll | RegDeleteKeyA, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, GetUserNameW, RegEnumKeyExA, QueryServiceStatus, CloseServiceHandle, OpenSCManagerW, OpenSCManagerA, ControlService, StartServiceW, QueryServiceConfigW, ChangeServiceConfigW, OpenServiceW, EnumServicesStatusW, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCreateKeyA, RegCloseKey, RegQueryInfoKeyW, RegQueryValueExA, RegCreateKeyExW, RegEnumKeyExW, RegSetValueExW, RegSetValueExA, RegOpenKeyExA, RegOpenKeyExW, RegCreateKeyW, RegDeleteValueW, RegEnumValueW, RegQueryValueExW |
SHELL32.dll | ShellExecuteExA, Shell_NotifyIconA, ExtractIconA, ShellExecuteW |
SHLWAPI.dll | StrToIntA, PathFileExistsA, PathFileExistsW |
WINMM.dll | PlaySoundW, mciSendStringA, mciSendStringW |
WS2_32.dll | connect, socket, send, WSAStartup, recv, htons, htonl, getservbyname, inet_ntoa, ntohs, getservbyport, gethostbyaddr, WSAGetLastError, WSASetLastError, inet_addr, closesocket, gethostbyname |
urlmon.dll | URLOpenBlockingStreamW, URLDownloadToFileW |
gdiplus.dll | GdiplusStartup, GdipDisposeImage, GdipLoadImageFromStream, GdipSaveImageToStream, GdipGetImageEncodersSize, GdipFree, GdipGetImageEncoders, GdipCloneImage, GdipAlloc |
WININET.dll | InternetOpenW, InternetCloseHandle, InternetReadFile, InternetOpenUrlW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 02:36:45 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\Desktop\SXQdCnmxiH.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 440'320 bytes |
MD5 hash: | 1F5592D748BF37EB7B97CF5A07A5CCB0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 02:36:46 |
Start date: | 02/07/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 4.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 15.2% |
Total number of Nodes: | 1168 |
Total number of Limit Nodes: | 18 |
Graph
Function 00414EA2 Relevance: 148.9, APIs: 52, Strings: 33, Instructions: 164libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040A1D6 Relevance: 37.1, APIs: 6, Strings: 15, Instructions: 328threadsleepfileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040A6C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85sleepCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00413C9F Relevance: 3.0, APIs: 2, Instructions: 41COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E92F Relevance: 46.3, APIs: 4, Strings: 22, Instructions: 789sleepnetworkCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00415A49 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 74windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040170E Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 144networkCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401C4F Relevance: 18.1, APIs: 12, Instructions: 60synchronizationCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044909F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00415917 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 48windowstringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004150DD Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004159C9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401D6F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58timethreadCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040D202 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38registryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040CF8C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004087EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401673 Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401494 Relevance: 3.0, APIs: 2, Instructions: 36COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043FCFE Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043B5C6 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004016E4 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040511A Relevance: 35.8, APIs: 10, Strings: 10, Instructions: 835filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403B0B Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 275pipesleepfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407FDE Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004081F9 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 143fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00412E4B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 226serviceCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041474A Relevance: 13.6, APIs: 9, Instructions: 147fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040D9A0 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 388registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004447E0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 188COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044460C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407EC0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004476B8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004072E5 Relevance: 9.3, APIs: 6, Instructions: 316fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041311D Relevance: 9.0, APIs: 6, Instructions: 42serviceCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00443EA8 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407733 Relevance: 7.7, APIs: 5, Instructions: 245fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00405C8E Relevance: 7.7, APIs: 5, Instructions: 210fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040CB6C Relevance: 7.7, APIs: 5, Instructions: 206memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004320EC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404A3B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157filenetworkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00444293 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00414085 Relevance: 4.5, APIs: 3, Instructions: 19nativeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004140B1 Relevance: 4.5, APIs: 3, Instructions: 19nativeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043D31C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404CF3 Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042C37B Relevance: 1.6, APIs: 1, Instructions: 134COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004444E3 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00444713 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040A7D3 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042C6BD Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043680C Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041FB26 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042E220 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044B470 Relevance: .7, Instructions: 651COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00445C19 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004175D6 Relevance: .6, Instructions: 585COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042B2A6 Relevance: .5, Instructions: 504COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041F488 Relevance: .4, Instructions: 411COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00431217 Relevance: .3, Instructions: 345COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041EF91 Relevance: .3, Instructions: 342COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043164C Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00430DE2 Relevance: .3, Instructions: 331COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004309CA Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041601F Relevance: .3, Instructions: 281COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041FC69 Relevance: .2, Instructions: 195COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00411D39 Relevance: 51.1, APIs: 28, Strings: 1, Instructions: 330windowmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004136C3 Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 180synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00408AD8 Relevance: 37.0, APIs: 6, Strings: 15, Instructions: 237registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00408817 Relevance: 37.0, APIs: 6, Strings: 15, Instructions: 216registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040E783 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 109libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004415FD Relevance: 25.9, APIs: 17, Instructions: 419COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041446B Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 147stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00443496 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043B1E5 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00406046 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 329fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004032EE Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043C510 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00410870 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 104sleepfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004470B5 Relevance: 13.8, APIs: 9, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043A834 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00414A29 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004110EE Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108filesynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00404E08 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041317B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45serviceCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004132E6 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45serviceCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043DC70 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00413A15 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043C688 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00407F4F Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041334D Relevance: 9.1, APIs: 6, Instructions: 67serviceCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043F12C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 305COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040C032 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041327F Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040D2A7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004389F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401EFF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041348A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0044152A Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041464E Relevance: 7.5, APIs: 5, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00439722 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040D476 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 179registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401F7F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040D0A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401AEF Relevance: 6.1, APIs: 4, Instructions: 128synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004084F3 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 103sleepCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004390EE Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043916D Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043D017 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00414995 Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0041227E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0042E723 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040D72E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00443D07 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0040C9C0 Relevance: 5.1, APIs: 4, Instructions: 125COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|