Windows
Analysis Report
SumatraPDF-3.5.2-64.exe
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
- System is w7x64
- SumatraPDF-3.5.2-64.exe (PID: 2544 cmdline:
"C:\Users\ user\Deskt op\Sumatra PDF-3.5.2- 64.exe" MD5: C02DC2CA96FE9841963883C0FE177399)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Registry key queried: | Jump to behavior |
Source: | API coverage: |
Source: | Code function: | 0_2_0000000140134BD8 |
Source: | Binary or memory string: |
Source: | Registry key value queried: | Jump to behavior | ||
Source: | Registry key value queried: | Jump to behavior | ||
Source: | Registry key value queried: | Jump to behavior |
Source: | Code function: | 0_2_0000000140134F68 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467016 |
Start date and time: | 2024-07-03 16:28:25 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 12m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SumatraPDF-3.5.2-64.exe |
Detection: | CLEAN |
Classification: | clean1.winEXE@1/1@0/0 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtEnumerateValueKey calls found.
- VT rate limit hit for: SumatraPDF-3.5.2-64.exe
Time | Type | Description |
---|---|---|
10:29:33 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1900 |
Entropy (8bit): | 5.178903367295074 |
Encrypted: | false |
SSDEEP: | 48:bsGMk3jjseCLuvkkKtY/K0iswT415VPv4CBzqjHB:AGMk3kehkkKtY/Fix4BvvQB |
MD5: | 24F296183D3CB208BBE982476AB93154 |
SHA1: | 93F0BB240742A555FA5477E759D6429BE988D71A |
SHA-256: | 6255EEAED0A76F17867D6E2CD83D3DA25A027E5B1D7EF63E245F7B73B3CD6946 |
SHA-512: | 2931F4870B41AA7815BECD11E1AEA44220DD7523A6BD6E9138142DC87AB765023BA11D00C8DBA97A1F0D367D458E20CD7583D399DCB5C6B55723DF9212A17664 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.0278259579196165 |
TrID: |
|
File name: | SumatraPDF-3.5.2-64.exe |
File size: | 16'065'496 bytes |
MD5: | c02dc2ca96fe9841963883c0fe177399 |
SHA1: | 7e42e66e9198c258da48a6194577e3dbd424463a |
SHA256: | 290e4aa7ed64c728138711c011e89aab7aa48dbc1ae430371dc2be4100b92bf0 |
SHA512: | d7acf551d0764fcfb9a895701679981f76b2ff73f99bce5da2c6c3f2f0556ee33f45d0d98848fee96a6ccfa24e09c26303705c5f094e945e647f53f7e4716faf |
SSDEEP: | 393216:Y6OPZedL1pUAuPXiuZ08RBCxXJq3oeNy8x:KedJp9uPXiuZ08RBCxXJxWy8x |
TLSH: | B0F69D96B2945AB4D142FA3CC91183AEF22DFC5C5B51838342DA7D746E733A81C29FB1 |
File Content Preview: | MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........................................................................V...............................e............S..b....S..... |
Icon Hash: | 07e1f996ba8aca55 |
Entrypoint: | 0x1405548c4 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6538CEF7 [Wed Oct 25 08:16:55 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | b60d142e4e08a961cef4281a2d95eda1 |
Signature Valid: | true |
Signature Issuer: | CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 26EC7DA902C98B5E1B1E6F563968F3AE |
Thumbprint SHA-1: | D362E5044F9E7DC7D84B1EA26BB53ADF6A79E84D |
Thumbprint SHA-256: | B8FBBAFE0BA712899CA1B03DB143695DD1A1B673FB4FAB386CAB466B4EE3A8F0 |
Serial: | 00C8A79ACFA20CA41509245C1F7F64FFC4 |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F9C70879C40h |
dec eax |
add esp, 28h |
jmp 00007F9C7087941Fh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
nop word ptr [eax+eax+00000000h] |
dec eax |
cmp ecx, dword ptr [008CC119h] |
jne 00007F9C708795B2h |
dec eax |
rol ecx, 10h |
test cx, FFFFh |
jne 00007F9C708795A3h |
ret |
dec eax |
ror ecx, 10h |
jmp 00007F9C708798A3h |
int3 |
int3 |
jmp 00007F9C7088CC98h |
int3 |
int3 |
int3 |
jmp 00007F9C70879598h |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
lea eax, dword ptr [0004A7DBh] |
dec eax |
mov ebx, ecx |
dec eax |
mov dword ptr [ecx], eax |
test dl, 00000001h |
je 00007F9C708795ACh |
mov edx, 00000018h |
call 00007F9C7087957Bh |
dec eax |
mov eax, ebx |
dec eax |
add esp, 20h |
pop ebx |
ret |
int3 |
dec eax |
sub esp, 28h |
call 00007F9C7087A130h |
test eax, eax |
je 00007F9C708795C3h |
dec eax |
mov eax, dword ptr [00000030h] |
dec eax |
mov ecx, dword ptr [eax+08h] |
jmp 00007F9C708795A7h |
dec eax |
cmp ecx, eax |
je 00007F9C708795B6h |
xor eax, eax |
dec eax |
cmpxchg dword ptr [008EFB30h], ecx |
jne 00007F9C70879590h |
xor al, al |
dec eax |
add esp, 28h |
ret |
mov al, 01h |
jmp 00007F9C70879599h |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x812a98 | 0xdc | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xed2000 | 0xe0258 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xeaf000 | 0x21e7c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xf4d800 | 0x4bd8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xfb3000 | 0x9170 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x7f1f60 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x7f2000 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x5a9c60 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x59d000 | 0x1128 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x81147c | 0xe0 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x59b1e4 | 0x59b200 | 503b41bd8b2c2ba39327e60a2b1797f1 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x59d000 | 0x279290 | 0x279400 | 14ef811286d37dbb54bcc47206717044 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x817000 | 0x697278 | 0x62d600 | de4ad32ce98fd7772fa90ca2d0ed8b5a | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0xeaf000 | 0x21e7c | 0x22000 | d2221f544567f88c907ea454206c35dd | False | 0.5113381778492647 | data | 6.3091803857365685 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0xed1000 | 0x15c | 0x200 | 089d101f3919aa13556907694bc92ddf | False | 0.419921875 | data | 3.292991650879148 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xed2000 | 0xe0258 | 0xe0400 | 5e5589d2ac272c4d073f658deb8ec97f | False | 0.4159688109671126 | data | 6.65346150992118 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xfb3000 | 0x9170 | 0x9200 | d29ee96fa252a54bb44b8f4291855f74 | False | 0.1701359160958904 | data | 5.460504125280082 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0xfb2108 | 0x134 | data | English | United States | 0.29545454545454547 |
RT_BITMAP | 0xfb0768 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768 | English | United States | 0.7091584158415841 |
RT_ICON | 0xf598c0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colors | English | United States | 0.3829957356076759 |
RT_ICON | 0xf5a768 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colors | English | United States | 0.4381768953068592 |
RT_ICON | 0xf5b010 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colors | English | United States | 0.33598265895953755 |
RT_ICON | 0xf5b578 | 0x3add | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9757780874643307 |
RT_ICON | 0xf5f058 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.312551867219917 |
RT_ICON | 0xf61600 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.3785178236397749 |
RT_ICON | 0xf626a8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.5815602836879432 |
RT_ICON | 0xf62b78 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | United States | 0.6060767590618337 |
RT_ICON | 0xf63a20 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | United States | 0.7635379061371841 |
RT_ICON | 0xf642c8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | United States | 0.7695086705202312 |
RT_ICON | 0xf64830 | 0xeec1 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9984457060584742 |
RT_ICON | 0xf736f8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.42012448132780084 |
RT_ICON | 0xf75ca0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.5684803001876173 |
RT_ICON | 0xf76d48 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.7092198581560284 |
RT_ICON | 0xf77218 | 0x42a9 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9773220041019631 |
RT_ICON | 0xf7b4c8 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 131072 | English | United States | 0.07738376907606767 |
RT_ICON | 0xf8bcf0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 32768 | English | United States | 0.11118327822390174 |
RT_ICON | 0xf8ff18 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 18432 | English | United States | 0.12531120331950207 |
RT_ICON | 0xf924c0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 8192 | English | United States | 0.15196998123827393 |
RT_ICON | 0xf93568 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 2048 | English | United States | 0.2473404255319149 |
RT_ICON | 0xf93a30 | 0x47ce | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9778043738439778 |
RT_ICON | 0xf98200 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 131072 | English | United States | 0.08258902164911866 |
RT_ICON | 0xfa8a28 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 32768 | English | United States | 0.11478507321681625 |
RT_ICON | 0xfacc50 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 18432 | English | United States | 0.13101659751037345 |
RT_ICON | 0xfaf1f8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 8192 | English | United States | 0.16064727954971858 |
RT_ICON | 0xfb02a0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 2048 | English | United States | 0.2526595744680851 |
RT_DIALOG | 0xfb0a90 | 0x140 | data | English | United States | 0.55 |
RT_DIALOG | 0xfb0e70 | 0x1c0 | data | English | United States | 0.515625 |
RT_DIALOG | 0xfb0d68 | 0x102 | data | English | United States | 0.624031007751938 |
RT_DIALOG | 0xfb1030 | 0xd0 | dBase III DBT, next free block index 4294901761 | English | United States | 0.6586538461538461 |
RT_DIALOG | 0xfb1100 | 0x4b4 | data | English | United States | 0.4418604651162791 |
RT_DIALOG | 0xfb0bd0 | 0x198 | data | English | United States | 0.5563725490196079 |
RT_DIALOG | 0xfb15b8 | 0x10c | data | English | United States | 0.5970149253731343 |
RT_DIALOG | 0xfb16c8 | 0x2ac | data | English | United States | 0.4283625730994152 |
RT_DIALOG | 0xfb1978 | 0x148 | data | English | United States | 0.5914634146341463 |
RT_RCDATA | 0xed2bd0 | 0x86ceb | Unicode text, UTF-8 text | English | United States | 0.41135626463541186 |
RT_GROUP_CURSOR | 0xfb2240 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0xf62b10 | 0x68 | data | English | United States | 0.7019230769230769 |
RT_GROUP_ICON | 0xf771b0 | 0x68 | data | English | United States | 0.7211538461538461 |
RT_GROUP_ICON | 0xf939d0 | 0x5a | data | English | United States | 0.7777777777777778 |
RT_GROUP_ICON | 0xfb0708 | 0x5a | data | English | United States | 0.7777777777777778 |
RT_VERSION | 0xed2960 | 0x26c | data | English | United States | 0.5145161290322581 |
RT_MANIFEST | 0xfb1ac0 | 0x643 | XML 1.0 document, ASCII text | English | United States | 0.42732376793512167 |
DLL | Import |
---|---|
COMCTL32.dll | ImageList_EndDrag, ImageList_Add, ImageList_DragEnter, ImageList_DragMove, ImageList_BeginDrag, ImageList_Create, ImageList_AddMasked, InitCommonControlsEx, ImageList_Destroy, CreatePropertySheetPageW, ImageList_GetIconSize, ImageList_Draw |
KERNEL32.dll | SystemTimeToFileTime, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetLogicalDrives, CloseHandle, FindResourceW, GetModuleHandleW, MulDiv, VerSetConditionMask, VerifyVersionInfoW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, HeapCreate, HeapFree, GetCurrentProcess, TerminateProcess, GetEnvironmentVariableA, WaitForSingleObject, GetCurrentThreadId, GetLocaleInfoA, CreateToolhelp32Snapshot, QueryPerformanceFrequency, Sleep, IsDebuggerPresent, DebugBreak, CreateMutexW, ReleaseMutex, DecodePointer, LoadLibraryExA, WriteConsoleW, GetStringTypeW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindFirstFileExW, GetTimeZoneInformation, HeapSize, GetProcessHeap, SetStdHandle, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, LCMapStringW, FlsFree, FlsSetValue, FlsGetValue, FlsAlloc, GetConsoleOutputCP, ReadConsoleW, SetEnvironmentVariableW, GetModuleHandleExW, FreeLibraryAndExitThread, SetFilePointerEx, LCMapStringEx, TlsFree, InitializeCriticalSectionAndSpinCount, EncodePointer, RtlUnwind, RtlPcToFileHeader, RtlUnwindEx, InitializeCriticalSectionEx, GetStartupInfoW, InitializeSListHead, SleepConditionVariableSRW, WakeAllConditionVariable, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, IsProcessorFeaturePresent, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, CreateSemaphoreW, GetProcessAffinityMask, ReleaseSemaphore, GetConsoleMode, MoveFileW, FlushFileBuffers, GetFileType, SetEndOfFile, CreateHardLinkW, RemoveDirectoryW, DeviceIoControl, SetThreadPriority, SetLastError, SetConsoleCtrlHandler, GetCurrentDirectoryW, FoldStringW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, TzSpecificLocalTimeToSystemTime, IsDBCSLeadByte, GetCPInfo, CompareStringW, AreFileApisANSI, LocalFileTimeToFileTime, RaiseException, FileTimeToDosDateTime, FileTimeToLocalFileTime, SetThreadContext, FlushInstructionCache, VirtualAlloc, VirtualFree, VirtualProtect, GetSystemDirectoryW, OpenThread, VirtualQuery, GetThreadContext, GetModuleHandleA, ResumeThread, SuspendThread, Thread32First, Thread32Next, AllocConsole, FormatMessageA, CreateProcessW, InitializeSRWLock, InitializeConditionVariable, GetThreadGroupAffinity, InitOnceBeginInitialize, InitOnceComplete, WakeConditionVariable, GetEnvironmentVariableW, FreeLibrary, LoadLibraryW, OutputDebugStringW, LoadLibraryExW, GetProcAddress, GetModuleFileNameW, GetFileAttributesW, OutputDebugStringA, GetTempPathW, GetUserDefaultUILanguage, MapViewOfFile, CreateFileMappingW, UnmapViewOfFile, SetErrorMode, GetDateFormatW, GetTimeFormatW, MoveFileExW, LoadResource, LockResource, SizeofResource, SetThreadExecutionState, GlobalAddAtomW, GlobalDeleteAtom, GetTickCount, GetSystemTime, GlobalUnlock, GlobalLock, GlobalFree, GlobalAlloc, GetCurrentThread, Process32FirstW, Process32NextW, OpenProcess, ExitProcess, GetCommandLineW, GetLastError, SetUnhandledExceptionFilter, Module32NextW, PeekNamedPipe, LocalFree, SetCurrentDirectoryW, LoadLibraryA, AttachConsole, GetVersionExW, GetStdHandle, SetConsoleScreenBufferSize, GetCurrentProcessId, HeapDestroy, AddVectoredExceptionHandler, GlobalMemoryStatusEx, Module32FirstW, HeapAlloc, CreateThread, GetSystemInfo, HeapReAlloc, SetEvent, GetConsoleScreenBufferInfo, ReadDirectoryChangesW, QueueUserAPC, ResetEvent, ExitThread, WaitForMultipleObjectsEx, CompareFileTime, CancelIo, GetFileTime, GetDriveTypeW, GetTempFileNameW, CopyFileW, DeleteFileW, GetFileAttributesExW, GetFileInformationByHandle, SetFileAttributesW, GetVolumePathNameW, SetFileTime, GetDriveTypeA, GetPrivateProfileIntW, CreateEventW, GetShortPathNameW, GetLongPathNameW, WritePrivateProfileStringW, GetFileSizeEx, GetACP, MultiByteToWideChar, GetExitCodeProcess, ReadFile, SetFilePointer, TlsSetValue, TlsAlloc, TlsGetValue, CreateEventA, GetModuleFileNameA, GetFullPathNameA, FindClose, FindFirstFileW, GetFullPathNameW, FindNextFileW, lstrcpynW, GetWindowsDirectoryW, WideCharToMultiByte, GetLocaleInfoW, SetNamedPipeHandleState, WriteFile, CreateFileW, CreateDirectoryW |
USER32.dll | SystemParametersInfoW, GetMessagePos, WindowFromDC, IsWindowEnabled, GetUpdateRect, SetRectEmpty, GetClassInfoExW, RegisterWindowMessageW, GetCursorPos, ClientToScreen, SetLayeredWindowAttributes, DeferWindowPos, GetPropW, RemovePropW, BeginDeferWindowPos, SetPropW, EndDeferWindowPos, HideCaret, SetClassLongPtrW, ShowCaret, IsCharAlphaNumericW, WindowFromPoint, GetWindowThreadProcessId, GetMessageW, AllowSetForegroundWindow, LoadBitmapW, TranslateAcceleratorW, LoadCursorW, GetClassNameW, SetParent, MapVirtualKeyW, ScreenToClient, IsWindow, CharLowerBuffW, GetAncestor, IsCharUpperW, CheckRadioButton, EndDialog, SetDlgItemTextW, SendDlgItemMessageW, DialogBoxIndirectParamW, IsDlgButtonChecked, BringWindowToTop, SetWindowLongW, CheckDlgButton, DialogBoxParamW, MoveWindow, OpenClipboard, CloseClipboard, EmptyClipboard, ReuseDDElParam, ShowWindowAsync, IsWindowUnicode, UnpackDDElParam, ModifyMenuW, CheckMenuRadioItem, GetMenuItemID, GetMenu, SetMenuItemInfoW, SetMenu, DrawTextExW, InsertMenuW, GetWindowLongW, GetWindow, FindWindowExW, GetFocus, IsChild, MessageBeep, GetDesktopWindow, UpdateWindow, MessageBoxW, MsgWaitForMultipleObjects, DispatchMessageW, SendMessageW, PeekMessageW, TranslateMessage, GetDlgItem, PostQuitMessage, PostMessageW, EnableWindow, MessageBoxA, CreateMenu, LoadIconW, SetActiveWindow, DestroyWindow, GetMenuItemInfoW, GetSystemMenu, CallWindowProcW, GetWindowRect, IsWindowVisible, SetWindowPos, GetMenuItemCount, SetWindowLongPtrW, CreateWindowExW, CreatePopupMenu, GetWindowLongPtrW, RegisterClassExW, GetClassLongPtrW, SendInput, DdeFreeStringHandle, DdeDisconnect, DrawTextW, CheckMenuItem, SetClipboardData, DdeFreeDataHandle, DdeClientTransaction, DdeUninitialize, DdeInitializeW, TrackMouseEvent, GetMonitorInfoW, GetWindowInfo, DdeConnect, DdeCreateStringHandleW, DestroyCursor, EnumDisplayMonitors, MonitorFromWindow, MonitorFromRect, CopyImage, GetKeyState, AdjustWindowRectEx, OemToCharA, CharToOemA, OemToCharBuffA, CharLowerW, CharUpperW, CharToOemBuffW, TrackPopupMenu, ShowWindow, InvalidateRgn, OffsetRect, RedrawWindow, MapWindowPoints, SetMenuDefaultItem, GetSysColor, GetForegroundWindow, DestroyAcceleratorTable, DestroyMenu, FindWindowW, GetWindowDC, TrackPopupMenuEx, RemoveMenu, GetClientRect, IsZoomed, AppendMenuW, DrawIconEx, EnableMenuItem, DrawEdge, GetParent, DrawFrameControl, InvalidateRect, SetScrollInfo, DefWindowProcW, ShowScrollBar, GetDC, FillRect, GetCursor, GetScrollInfo, GetScrollPos, GetCapture, SetTimer, SetFocus, SetCapture, SetCursor, KillTimer, ReleaseCapture, IsIconic, ReleaseDC, GetSystemMetrics, BeginPaint, SetForegroundWindow, EndPaint, CreateAcceleratorTableW, IsDialogMessageW |
GDI32.dll | SetROP2, GetObjectA, GetTextExtentPoint32W, ExtTextOutW, GetObjectW, CreateDIBSection, GetTextExtentPoint32A, SetLayout, CreateRoundRectRgn, SelectClipRgn, RoundRect, BitBlt, StartPage, AbortDoc, EndDoc, CreateDCW, GetDeviceCaps, SetMapMode, StartDocW, EndPage, Polyline, LineTo, MoveToEx, SetBkColor, Ellipse, CreateFontIndirectW, CreatePatternBrush, CreateBitmap, SetBkMode, GetClipBox, CreateRectRgn, SetViewportOrgEx, ExcludeClipRect, ExtSelectClipRgn, SetBrushOrgEx, SelectObject, CreateCompatibleDC, PatBlt, StretchBlt, GetStockObject, DeleteDC, SetTextColor, CreatePen, Rectangle, DeleteObject, CreateSolidBrush, GetDIBColorTable, SetWorldTransform, SetStretchBltMode, SetDIBits, TextOutW, GetDIBits, SetGraphicsMode, SetDIBColorTable, CreateCompatibleBitmap |
WINSPOOL.DRV | DocumentPropertiesW, OpenPrinterW, GetPrinterW, EnumPrintersW, DeviceCapabilitiesW, ClosePrinter |
COMDLG32.dll | GetOpenFileNameW, GetSaveFileNameW, PrintDlgExW |
ADVAPI32.dll | CryptDestroyHash, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExW, RegGetValueW, RegEnumKeyW, InitializeSecurityDescriptor, CheckTokenMembership, FreeSid, OpenProcessToken, RegSetKeySecurity, SetFileSecurityW, LookupPrivilegeValueW, AdjustTokenPrivileges, CryptAcquireContextW, CryptCreateHash, CryptHashData, RegOpenKeyExW, CryptGetHashParam, CryptReleaseContext, SetSecurityDescriptorDacl, AllocateAndInitializeSid |
SHELL32.dll | SHGetDesktopFolder, ShellExecuteExW, DragAcceptFiles, SHChangeNotify, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHGetMalloc, DragFinish, DragQueryFileW, SHBindToParent, SHAddToRecentDocs, SHGetFolderPathW, SHFileOperationW, CommandLineToArgvW |
ole32.dll | CoSetProxyBlanket, CreateStreamOnHGlobal, CoInitialize, CoCreateInstance, OleUninitialize, OleInitialize, CoTaskMemAlloc, CoTaskMemFree, CoGetMalloc, ReleaseStgMedium, CoUninitialize |
OLEAUT32.dll | VariantInit, VariantClear, SysFreeString, SysAllocString, SafeArrayPutElement, SafeArrayCreateVector |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 3, 2024 16:29:50.589545012 CEST | 8.8.8.8 | 192.168.2.22 | 0xdd47 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Jul 3, 2024 16:29:50.589545012 CEST | 8.8.8.8 | 192.168.2.22 | 0xdd47 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Jul 3, 2024 16:29:50.598968029 CEST | 8.8.8.8 | 192.168.2.22 | 0x9680 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Jul 3, 2024 16:29:50.598968029 CEST | 8.8.8.8 | 192.168.2.22 | 0x9680 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 10:29:33 |
Start date: | 03/07/2024 |
Path: | C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fbe0000 |
File size: | 16'065'496 bytes |
MD5 hash: | C02DC2CA96FE9841963883C0FE177399 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 2.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 1.2% |
Total number of Nodes: | 344 |
Total number of Limit Nodes: | 6 |
Graph
Function 000000014015B2F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000014015BB14 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000014014A428 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000014014A3B0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000000140134F68 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000013FBE1760 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 241libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000013FBE20F4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 100libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000013FBE1336 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 104COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000014015B054 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000013FBE1C99 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000013FBE1DF2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000013FBE24B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000013FBE22A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000000013FBE1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|