Windows
Analysis Report
dcm2niix.exe
Overview
General Information
Detection
Score: | 24 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
dcm2niix.exe (PID: 2132 cmdline:
"C:\Users\ user\Deskt op\dcm2nii x.exe" MD5: 0D831C8A0B2379CD73393D725BA8F95C) conhost.exe (PID: 2276 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF7D1EE8E90 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00007FF7D1ED7B00 | |
Source: | Code function: | 0_2_00007FF7D1EE9AE0 | |
Source: | Code function: | 0_2_00007FF7D1EC12D0 | |
Source: | Code function: | 0_2_00007FF7D1F51370 | |
Source: | Code function: | 0_2_00007FF7D1EC7AB0 | |
Source: | Code function: | 0_2_00007FF7D1EC52A0 | |
Source: | Code function: | 0_2_00007FF7D1F30B8C | |
Source: | Code function: | 0_2_00007FF7D1F2DBC0 | |
Source: | Code function: | 0_2_00007FF7D1EF8A50 | |
Source: | Code function: | 0_2_00007FF7D1EA4A20 | |
Source: | Code function: | 0_2_00007FF7D1EE01D0 | |
Source: | Code function: | 0_2_00007FF7D1F021C0 | |
Source: | Code function: | 0_2_00007FF7D1F30470 | |
Source: | Code function: | 0_2_00007FF7D1F2BC8C | |
Source: | Code function: | 0_2_00007FF7D1F43CC0 | |
Source: | Code function: | 0_2_00007FF7D1EF0150 | |
Source: | Code function: | 0_2_00007FF7D1F3F50C | |
Source: | Code function: | 0_2_00007FF7D1F2FD10 | |
Source: | Code function: | 0_2_00007FF7D1EBB4F0 | |
Source: | Code function: | 0_2_00007FF7D1EC74F0 | |
Source: | Code function: | 0_2_00007FF7D1EDACE0 | |
Source: | Code function: | 0_2_00007FF7D1EE94D0 | |
Source: | Code function: | 0_2_00007FF7D1F4A97C | |
Source: | Code function: | 0_2_00007FF7D1EA74A0 | |
Source: | Code function: | 0_2_00007FF7D1EC5C80 | |
Source: | Code function: | 0_2_00007FF7D1F431AC | |
Source: | Code function: | 0_2_00007FF7D1EF1480 | |
Source: | Code function: | 0_2_00007FF7D1F01C50 | |
Source: | Code function: | 0_2_00007FF7D1EEB450 | |
Source: | Code function: | 0_2_00007FF7D1F369EC | |
Source: | Code function: | 0_2_00007FF7D1F3121C | |
Source: | Code function: | 0_2_00007FF7D1EBDBF0 | |
Source: | Code function: | 0_2_00007FF7D1ED2BA0 | |
Source: | Code function: | 0_2_00007FF7D1F40A94 | |
Source: | Code function: | 0_2_00007FF7D1EF2380 | |
Source: | Code function: | 0_2_00007FF7D1EF0B70 | |
Source: | Code function: | 0_2_00007FF7D1EA4330 | |
Source: | Code function: | 0_2_00007FF7D1EF9B20 | |
Source: | Code function: | 0_2_00007FF7D1F2FB0C | |
Source: | Code function: | 0_2_00007FF7D1ED3710 | |
Source: | Code function: | 0_2_00007FF7D1ED3F00 | |
Source: | Code function: | 0_2_00007FF7D1F01EE0 | |
Source: | Code function: | 0_2_00007FF7D1F2B780 | |
Source: | Code function: | 0_2_00007FF7D1EDA690 | |
Source: | Code function: | 0_2_00007FF7D1EBEE80 | |
Source: | Code function: | 0_2_00007FF7D1F49FA8 | |
Source: | Code function: | 0_2_00007FF7D1ED4670 | |
Source: | Code function: | 0_2_00007FF7D1ED0660 | |
Source: | Code function: | 0_2_00007FF7D1EF1DF0 | |
Source: | Code function: | 0_2_00007FF7D1ED4D90 | |
Source: | Code function: | 0_2_00007FF7D1EAF570 | |
Source: | Code function: | 0_2_00007FF7D1EC0540 | |
Source: | Code function: | 0_2_00007FF7D1EA8D30 | |
Source: | Code function: | 0_2_00007FF7D1F4990C | |
Source: | Code function: | 0_2_00007FF7D1F2F908 | |
Source: | Code function: | 0_2_00007FF7D1EBF890 | |
Source: | Code function: | 0_2_00007FF7D1ED9880 | |
Source: | Code function: | 0_2_00007FF7D1F32DD0 | |
Source: | Code function: | 0_2_00007FF7D1EDB830 | |
Source: | Code function: | 0_2_00007FF7D1EEA010 | |
Source: | Code function: | 0_2_00007FF7D1F43640 | |
Source: | Code function: | 0_2_00007FF7D1F31654 | |
Source: | Code function: | 0_2_00007FF7D1EC27D0 | |
Source: | Code function: | 0_2_00007FF7D1F3E674 |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF7D1EAE3DC |
Source: | API coverage: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: |
Source: | Code function: | 0_2_00007FF7D1EE8E90 |
Source: | Code function: | 0_2_00007FF7D1F3CFE0 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00007FF7D1F22C20 | |
Source: | Code function: | 0_2_00007FF7D1F3CFE0 |
Source: | Code function: | 0_2_00007FF7D1F4F348 | |
Source: | Code function: | 0_2_00007FF7D1F4FBAC | |
Source: | Code function: | 0_2_00007FF7D1F423CC | |
Source: | Code function: | 0_2_00007FF7D1F4F774 | |
Source: | Code function: | 0_2_00007FF7D1F4284C | |
Source: | Code function: | 0_2_00007FF7D1F4FD90 | |
Source: | Code function: | 0_2_00007FF7D1F4F6A4 |
Source: | Code function: | 0_2_00007FF7D1F23954 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Process Injection | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 12 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1466701 |
Start date and time: | 2024-07-03 09:59:36 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | dcm2niix.exe |
Detection: | SUS |
Classification: | sus24.winEXE@2/1@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Users\user\Desktop\dcm2niix.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3187 |
Entropy (8bit): | 5.067059768602068 |
Encrypted: | false |
SSDEEP: | 96:IlcfLmljOM1/QgUuAFCUoleMstn9s1ONLeJZk:7fqZltbeVo14 |
MD5: | 5AFD1A966036869AB111D99D61D2852D |
SHA1: | 466F56B0B5F507D943EDEB309C8C478B712876D5 |
SHA-256: | F5F581BD997500B8391A22CBC1885D6C074090EF0C6E6B8F5F5B82AF178EB91D |
SHA-512: | A0F302D6DB4D10A986619C63A6EB8365F45D92D701F7A21CE115B5CC5586DE63F79185AF6B453C15A88DE6573F99FD94BECBC55EB5E7B79AA13B3DFB970FE955 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.5850747384413095 |
TrID: |
|
File name: | dcm2niix.exe |
File size: | 968'192 bytes |
MD5: | 0d831c8a0b2379cd73393d725ba8f95c |
SHA1: | bd2cdd77c5fe97e2b238fb7f1f8ea6342e1d5b18 |
SHA256: | 34de9d74012c9768ed8318d69c0bb0a2b34cb50f787a20f95ab4781c2bcaeb71 |
SHA512: | 0fb88a4b440f12fb93f45f6947e6d9c589bf605fcbeb4d9f1123817187752e5c529fbb7b9e690c34c657d8b72eb6f935866ae975f1e36d851d2f9b6a263e82ca |
SSDEEP: | 24576:XfyrO84gvaKvQwSbmTXkO/gmpxUNsVyz/luG8Z5JUe:PxgvgwvkO/gmpSDz/G5 |
TLSH: | E1259E46A3A510FDC567C178C9666A07EAB1309503305BFB1BD18AB52F23AF05E7FB12 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................................D....................%]......%.......%.......%.......................%.......%.......%.......%_.... |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x1400836dc |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x65CFAE96 [Fri Feb 16 18:51:02 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 7de9a4c2977e8c4166f418a6a66112b5 |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F14A482DBD4h |
dec eax |
add esp, 28h |
jmp 00007F14A482D7D7h |
int3 |
int3 |
dec eax |
and dword ptr [ecx+10h], 00000000h |
dec eax |
lea eax, dword ptr [00044EFCh] |
dec eax |
mov dword ptr [ecx+08h], eax |
dec eax |
lea eax, dword ptr [00041711h] |
dec eax |
mov dword ptr [ecx], eax |
dec eax |
mov eax, ecx |
ret |
int3 |
int3 |
dec eax |
sub esp, 48h |
dec eax |
lea ecx, dword ptr [esp+20h] |
call 00007F14A482D937h |
dec eax |
lea edx, dword ptr [0005DB33h] |
dec eax |
lea ecx, dword ptr [esp+20h] |
call 00007F14A482F32Ah |
int3 |
xor eax, eax |
cmp dword ptr [000EC008h], eax |
setne al |
ret |
and dword ptr [000EAF21h], 00000000h |
ret |
dec eax |
mov dword ptr [esp+08h], ebx |
push ebp |
dec eax |
lea ebp, dword ptr [esp-000004C0h] |
dec eax |
sub esp, 000005C0h |
mov ebx, ecx |
mov ecx, 00000017h |
call dword ptr [0003394Ah] |
test eax, eax |
je 00007F14A482D966h |
mov ecx, ebx |
int 29h |
mov ecx, 00000003h |
call 00007F14A482D929h |
xor edx, edx |
dec eax |
lea ecx, dword ptr [ebp-10h] |
inc ecx |
mov eax, 000004D0h |
call 00007F14A485FACCh |
dec eax |
lea ecx, dword ptr [ebp-10h] |
call dword ptr [000338E5h] |
dec eax |
mov ebx, dword ptr [ebp+000000E8h] |
dec eax |
lea edx, dword ptr [ebp+000004D8h] |
dec eax |
mov ecx, ebx |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xe1420 | 0x930 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xe1d50 | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x178000 | 0x1e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x170000 | 0x66f0 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x179000 | 0xcb4 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xd65c0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xd6780 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xd6480 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xb7000 | 0x388 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb5f98 | 0xb6000 | 8c29b626e4ef00f88cafd468e98ff52c | False | 0.5078366457760989 | data | 6.553625256220452 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xb7000 | 0x2b984 | 0x2ba00 | f6854a3ea5debc9ab13168f9ff8e066e | False | 0.41244515580229224 | data | 5.691796207879042 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xe3000 | 0x8c744 | 0x2e00 | 02f4287b7be72289ff6c5d39e6331b17 | False | 0.20991847826086957 | data | 4.069272388030607 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x170000 | 0x66f0 | 0x6800 | d53716c7f7e099ecc2a3dfa139ac6fcf | False | 0.4874924879807692 | data | 5.961544602157479 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0x177000 | 0x1f4 | 0x200 | 97be48bebbea4e765d6cb6967c113286 | False | 0.537109375 | data | 4.220872291010496 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x178000 | 0x1e0 | 0x200 | a801c98b309dbc1142bbe1764e1fead3 | False | 0.52734375 | data | 4.7122981932940915 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x179000 | 0xcb4 | 0xe00 | 51388e937bd6ba69ec7e781bf633a933 | False | 0.46205357142857145 | data | 5.238677135255283 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MANIFEST | 0x178060 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
KERNEL32.dll | WaitForSingleObject, CreateProcessA, GetLastError, GetModuleHandleA, WriteConsoleW, CloseHandle, FindNextFileA, FindFirstFileA, GetModuleFileNameA, FindClose, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, LCMapStringEx, GetStringTypeW, GetCPInfo, RtlPcToFileHeader, RaiseException, RtlUnwindEx, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, QueryPerformanceFrequency, ExitProcess, GetModuleHandleExW, ReadFile, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, GetModuleFileNameW, GetStdHandle, WriteFile, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetCurrentDirectoryW, SetStdHandle, DeleteFileW, HeapReAlloc, GetTimeZoneInformation, FlushFileBuffers, GetConsoleOutputCP, GetFileSizeEx, HeapSize, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, GetFileAttributesExW, CreateDirectoryW, SetEndOfFile, RtlUnwind |
ADVAPI32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegSetValueExA |
Name | Ordinal | Address |
---|---|---|
cJSON_AddArrayToObject | 1 | 0x140055cc0 |
cJSON_AddBoolToObject | 2 | 0x140055e40 |
cJSON_AddFalseToObject | 3 | 0x140055fd0 |
cJSON_AddItemReferenceToArray | 4 | 0x140056150 |
cJSON_AddItemReferenceToObject | 5 | 0x140056210 |
cJSON_AddItemToArray | 6 | 0x140056350 |
cJSON_AddItemToObject | 7 | 0x140056390 |
cJSON_AddItemToObjectCS | 8 | 0x140056470 |
cJSON_AddNullToObject | 9 | 0x140056520 |
cJSON_AddNumberToObject | 10 | 0x1400566a0 |
cJSON_AddObjectToObject | 11 | 0x140056800 |
cJSON_AddRawToObject | 12 | 0x140056980 |
cJSON_AddStringToObject | 13 | 0x140056ae0 |
cJSON_AddTrueToObject | 14 | 0x140056c40 |
cJSON_Compare | 15 | 0x140056dc0 |
cJSON_CreateArray | 16 | 0x1400570b0 |
cJSON_CreateArrayReference | 17 | 0x1400570f0 |
cJSON_CreateBool | 18 | 0x140057140 |
cJSON_CreateDoubleArray | 19 | 0x140057180 |
cJSON_CreateFalse | 20 | 0x1400572a0 |
cJSON_CreateFloatArray | 21 | 0x1400572e0 |
cJSON_CreateIntArray | 22 | 0x140057400 |
cJSON_CreateNull | 23 | 0x140057520 |
cJSON_CreateNumber | 24 | 0x140057560 |
cJSON_CreateObject | 25 | 0x140057600 |
cJSON_CreateObjectReference | 26 | 0x140057640 |
cJSON_CreateRaw | 27 | 0x140057690 |
cJSON_CreateString | 28 | 0x1400577a0 |
cJSON_CreateStringArray | 29 | 0x1400578b0 |
cJSON_CreateStringReference | 30 | 0x1400579d0 |
cJSON_CreateTrue | 31 | 0x140057a20 |
cJSON_Delete | 32 | 0x140057a60 |
cJSON_DeleteItemFromArray | 33 | 0x140057ae0 |
cJSON_DeleteItemFromObject | 34 | 0x140057bd0 |
cJSON_DeleteItemFromObjectCaseSensitive | 35 | 0x140057ca0 |
cJSON_DetachItemFromArray | 36 | 0x140057d70 |
cJSON_DetachItemFromObject | 37 | 0x140057df0 |
cJSON_DetachItemFromObjectCaseSensitive | 38 | 0x140057e60 |
cJSON_DetachItemViaPointer | 39 | 0x140057ed0 |
cJSON_Duplicate | 40 | 0x140057f20 |
cJSON_GetArrayItem | 41 | 0x140058110 |
cJSON_GetArraySize | 42 | 0x140058150 |
cJSON_GetErrorPtr | 43 | 0x140058170 |
cJSON_GetObjectItem | 44 | 0x140058180 |
cJSON_GetObjectItemCaseSensitive | 45 | 0x140058190 |
cJSON_GetStringValue | 46 | 0x1400581a0 |
cJSON_HasObjectItem | 47 | 0x1400581c0 |
cJSON_InitHooks | 48 | 0x1400581e0 |
cJSON_InsertItemInArray | 49 | 0x140058270 |
cJSON_IsArray | 50 | 0x140058300 |
cJSON_IsBool | 51 | 0x140058310 |
cJSON_IsFalse | 52 | 0x140058330 |
cJSON_IsInvalid | 53 | 0x140058340 |
cJSON_IsNull | 54 | 0x140058350 |
cJSON_IsNumber | 55 | 0x140058360 |
cJSON_IsObject | 56 | 0x140058370 |
cJSON_IsRaw | 57 | 0x140058380 |
cJSON_IsString | 58 | 0x140058390 |
cJSON_IsTrue | 59 | 0x1400583a0 |
cJSON_Minify | 60 | 0x1400583b0 |
cJSON_Parse | 61 | 0x140058500 |
cJSON_ParseWithOpts | 62 | 0x140058510 |
cJSON_Print | 63 | 0x140058740 |
cJSON_PrintBuffered | 64 | 0x140058760 |
cJSON_PrintPreallocated | 65 | 0x140058820 |
cJSON_PrintUnformatted | 66 | 0x140058890 |
cJSON_ReplaceItemInArray | 67 | 0x1400588a0 |
cJSON_ReplaceItemInObject | 68 | 0x140058920 |
cJSON_ReplaceItemInObjectCaseSensitive | 69 | 0x140058930 |
cJSON_ReplaceItemViaPointer | 70 | 0x140058940 |
cJSON_SetNumberHelper | 71 | 0x1400589b0 |
cJSON_Version | 72 | 0x1400589f0 |
cJSON_free | 73 | 0x140058a30 |
cJSON_malloc | 74 | 0x140058a40 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 04:00:23 |
Start date: | 03/07/2024 |
Path: | C:\Users\user\Desktop\dcm2niix.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d1ea0000 |
File size: | 968'192 bytes |
MD5 hash: | 0D831C8A0B2379CD73393D725BA8F95C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 04:00:23 |
Start date: | 03/07/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 1.2% |
Total number of Nodes: | 248 |
Total number of Limit Nodes: | 5 |
Graph
Function 00007FF7D1EEF640 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 76registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F42448 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EEF8F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 210COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F42358 Relevance: 3.0, APIs: 2, Instructions: 18threadCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EAF570 Relevance: 325.5, APIs: 3, Strings: 177, Instructions: 10469COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1ED7B00 Relevance: 167.3, Strings: 133, Instructions: 1079COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EC27D0 Relevance: 74.5, APIs: 7, Strings: 35, Instructions: 1011COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F2BC8C Relevance: 50.9, APIs: 25, Strings: 3, Instructions: 1888COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EBB4F0 Relevance: 47.7, APIs: 1, Strings: 25, Instructions: 2206COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EC7AB0 Relevance: 30.8, APIs: 1, Strings: 16, Instructions: 1071COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F51370 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1ED9880 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 153processsynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F4F348 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F4FD90 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F3CFE0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F23954 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F4284C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F4A97C Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F4F6A4 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F4F774 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F423CC Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EBF890 Relevance: .6, Instructions: 602COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EF1480 Relevance: .6, Instructions: 557COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EF0B70 Relevance: .6, Instructions: 551COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EBDBF0 Relevance: .5, Instructions: 545COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EF2380 Relevance: .4, Instructions: 440COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EE94D0 Relevance: .4, Instructions: 436COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EBEE80 Relevance: .4, Instructions: 406COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EC12D0 Relevance: .4, Instructions: 391COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EDA690 Relevance: .4, Instructions: 354COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F3121C Relevance: .4, Instructions: 351COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F31654 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EE9AE0 Relevance: .3, Instructions: 318COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F2B780 Relevance: .3, Instructions: 287COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EF0150 Relevance: .3, Instructions: 282COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EF1DF0 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F30B8C Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EC0540 Relevance: .2, Instructions: 233COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F43CC0 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F021C0 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F01EE0 Relevance: .2, Instructions: 187COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F4990C Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F01C50 Relevance: .2, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F2FD10 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F2FB0C Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F2F908 Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F32DD0 Relevance: .1, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F3E674 Relevance: .1, Instructions: 126COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F369EC Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F41E94 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EEF7A0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 62registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F0BBC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 179COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EA6B10 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 300COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EA3E10 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 205COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EC6590 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 116COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EA6740 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 245COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EA6380 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 223COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F2E48C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F45AA8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F247D4 Relevance: 10.7, APIs: 7, Instructions: 214COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EC9CD0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F2A2C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F54510 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F4200C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F0B860 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EA5EF0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 115COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F0C780 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EAA410 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 63COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F46F68 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F420D4 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F451A0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EA5C60 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 164COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F0BA20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F0C9D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F3BC54 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F48FD8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F0C660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1EFBA70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F46374 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F250F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF7D1F3AF28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|