Windows
Analysis Report
kbdgc.exe
Overview
General Information
Detection
Score: | 27 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 20% |
Signatures
Classification
- System is w10x64
kbdgc.exe (PID: 7600 cmdline:
"C:\Users\ user\Deskt op\kbdgc.e xe" MD5: 5025218D868F68C956A6BCB8F3C99007)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_00B79F76 | |
Source: | Code function: | 0_2_00B89D3B |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00B76DD8 |
Source: | Code function: | 0_2_00B780FA | |
Source: | Code function: | 0_2_00B854D8 | |
Source: | Code function: | 0_2_00B8E08A | |
Source: | Code function: | 0_2_00B7E8DD | |
Source: | Code function: | 0_2_00B7D828 | |
Source: | Code function: | 0_2_00B73058 | |
Source: | Code function: | 0_2_00B8E99E | |
Source: | Code function: | 0_2_00B8590D | |
Source: | Code function: | 0_2_00B8295B | |
Source: | Code function: | 0_2_00B7D22A | |
Source: | Code function: | 0_2_00B8F208 | |
Source: | Code function: | 0_2_00B9E244 | |
Source: | Code function: | 0_2_00B92308 | |
Source: | Code function: | 0_2_00B84B09 | |
Source: | Code function: | 0_2_00B82C8C | |
Source: | Code function: | 0_2_00B7DC8B | |
Source: | Code function: | 0_2_00B99C3E | |
Source: | Code function: | 0_2_00B75C39 | |
Source: | Code function: | 0_2_00B8E586 | |
Source: | Code function: | 0_2_00B725F5 | |
Source: | Code function: | 0_2_00B8EDD3 | |
Source: | Code function: | 0_2_00B73D3B | |
Source: | Code function: | 0_2_00B7B686 | |
Source: | Code function: | 0_2_00B826E0 | |
Source: | Code function: | 0_2_00B7CE12 | |
Source: | Code function: | 0_2_00B99790 | |
Source: | Code function: | 0_2_00B85F46 |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 0_2_00B8B905 | |
Source: | Command line argument: | 0_2_00B8B905 | |
Source: | Command line argument: | 0_2_00B8B905 |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00B8C57E | |
Source: | Code function: | 0_2_00B8D009 |
Source: | File created: | Jump to dropped file |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Evasive API call chain: | graph_0-21900 |
Source: | Code function: | 0_2_00B79F76 | |
Source: | Code function: | 0_2_00B89D3B |
Source: | Code function: | 0_2_00B8C07D |
Source: | API call chain: | graph_0-22042 |
Source: | Code function: | 0_2_00B8D1B5 |
Source: | Code function: | 0_2_00B94444 |
Source: | Code function: | 0_2_00B98382 |
Source: | Code function: | 0_2_00B8D1B5 | |
Source: | Code function: | 0_2_00B8D303 | |
Source: | Code function: | 0_2_00B8D4BB | |
Source: | Code function: | 0_2_00B9552C |
Source: | Code function: | 0_2_00B8D00B |
Source: | Code function: | 0_2_00B88C23 |
Source: | Code function: | 0_2_00B8B905 |
Source: | Code function: | 0_2_00B7A5E3 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 2 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Software Packing | NTDS | 24 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467148 |
Start date and time: | 2024-07-03 18:54:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | kbdgc.exe |
Detection: | SUS |
Classification: | sus27.winEXE@1/17@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- VT rate limit hit for: kbdgc.exe
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20992 |
Entropy (8bit): | 7.317925520512782 |
Encrypted: | false |
SSDEEP: | 384:lzzN+du/iRjWD6KdIX84HyUM+QqVO3rFLqXzUflNFOKFT1T7tTSr:xUMUiD6K6X84HyJ/35LqjUflJ5tTE |
MD5: | EC4AC33729E7AE3E2DD811D9D2C7E12E |
SHA1: | 51DD666551138996F9883313E904AD103FC0DFD9 |
SHA-256: | F587B7042132D3E94274422812DED7775B749A563E02EC91378BD494F149B08B |
SHA-512: | B1FBAD8CF21BAECD012F34F35880D75BA891B4263C96871EC5E98BDFE7BC9EA8D9809C7BBC1E8845110A03B9320FCFA3943159560D0E9BABE36C1E16F39760A9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16896 |
Entropy (8bit): | 7.257528123852287 |
Encrypted: | false |
SSDEEP: | 384:QaHVlEz4VGlgccKENhtKeLCQMkh+A9Q90HnI/7:QElnICccKENhtKeLCQMG+CQ8+7 |
MD5: | 9A90B2AC6AB4D0C35D9A55B5BA699464 |
SHA1: | 6C73AC92D1994AEAF0AFD3450C55DA204B53B2B7 |
SHA-256: | 29ECDE4F562E0176F0FF6C6C6E8F7DFC1222A35C3D3BC5290E987C67E130FB3C |
SHA-512: | FC82DAF986BB807A5D65371EB4A7991C79F7CD0179415E0B36570E5F0DF20537AF99D136EA88CE0434B8E505381CED3EC6FCE813CD4AF9B0D2EF51B76F8045EE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27136 |
Entropy (8bit): | 7.4794390494515905 |
Encrypted: | false |
SSDEEP: | 768:decBsMWg1dsp927OSmtOiZPF3N0Kbcxgs:ccB2gDspw7OzhTqSs |
MD5: | F5960AAF6CFCA05F6F529AE4ADD63719 |
SHA1: | C53FB97CFAAD02C5B0165F4594C778026FFAF66B |
SHA-256: | 1CD65580C695A7B93E4F83AAF80A7EE5EF74CD11681874B5705DFF8DA493F839 |
SHA-512: | EA9100FF8AAFC18180730503B7B0F64CADA6C4C3959687C9D13A7CCC325F579A14E37E4CF7C16E851066E425FE5E5AA95C8290342567B09A1757427A44D54DA0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 115712 |
Entropy (8bit): | 7.836027423647195 |
Encrypted: | false |
SSDEEP: | 3072:QMV00ilmQeHCE4Xs0gM6yEHPJzZ5JsFa08xHFj1:bzfQOCs9yUPJd7jxh |
MD5: | 51EDC791CCAFE1141F2D36AE275064DB |
SHA1: | 446CAC76FED174C0B5D40BAB5208F786B40299FB |
SHA-256: | B5EA5ECBCF8A17D071FD6DF794FE796F271E3EBB079C6100A078D1B90E54B923 |
SHA-512: | C89A039F9C3998AC4C7302A92558EE58A2C43EE43AC10AAE8437A7451941423D3A6BD0399C992C3AB27074E23DEE9A3C3342BF41FB7F583EAAAB7125AE4FD90C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 99328 |
Entropy (8bit): | 7.838054823011136 |
Encrypted: | false |
SSDEEP: | 3072:P9PCV00ilmQeHCE4Xs0gM6yEHPJzZIK7yo2:hkzfQOCs9yUPJdT7x |
MD5: | 1B39F6E81667D02369AA7D7B0FC30852 |
SHA1: | F930B0FFA1DCB8A202B20A322EEC20D5F89D6882 |
SHA-256: | C68FB9AFA03F43A0F95465B6378F3D75CED4804DB06E3C2F8F6202CEFC93F480 |
SHA-512: | 8747720ACC3A7256041BC611E8C4CB2427E29FD12AD8FBE5BB5F3A64063DAA494B4B0498CAB56EC2E623FCF1BAFCCA75C928F08E40FB47E9F32AA6DA36779ECD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34304 |
Entropy (8bit): | 7.5546645391024905 |
Encrypted: | false |
SSDEEP: | 768:eWHAjg1dsp9v/1Jpr+f0OowQvJzAmzZqtnwwHFs4:vagDspJRbOKvtv8Fs4 |
MD5: | D5C8195621D6A6CE85D8E3DFE2FEB54E |
SHA1: | 28F73F26381512B14204952D606C85325A23C7E1 |
SHA-256: | 247640B4E27177B98176C482DEFB44AA1817704C681916B2F2C5723806E8E4FD |
SHA-512: | 4BF88E07F88441C2CC1A95D0C329BDB848D3509E0401A6EEDF9E0C4194DB81A222A90F1960D5C349E86986EEAF84088E288127AE11D1944898CDABD1DCBC159D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37376 |
Entropy (8bit): | 7.668599184207851 |
Encrypted: | false |
SSDEEP: | 768:wBvDKLrfI5daeg1dsp9RNi0F4Vwg3xDDu1z7gRV4YYe:qorQ5PgDspzNT05Du1zxYY |
MD5: | 38797A5508B282594EF8AD42A444B199 |
SHA1: | C8B69B7CBA4BAB684F60F26D4249997E83B89B32 |
SHA-256: | 1CF1FF95752A37E7E8234D96D4BCB3B65E7CA9173BCF8B6958941E5FAB2F5745 |
SHA-512: | 32133AB1F07FDB490EDF573D7EAFEECF64CD93ED26FA213DC3368000C955E249F99B46D49AFA9F1D2EBAC37A5A76A4F545FCAC58E791CC28F42635209F47B35C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 43520 |
Entropy (8bit): | 7.681040219592289 |
Encrypted: | false |
SSDEEP: | 768:WXM1VYd0g1dsp9GWr1WTlDDSH+4IzaNYqPd3Ww80gXmVVr/xxQ:TYGgDsp/KocaNV3WX0gsT |
MD5: | 0E7BD770F1186ADBAC0245DA8B7AA01B |
SHA1: | 37ADA604765EF7D58E02757E698D859EEEAF8A58 |
SHA-256: | 4472D2FABC61A9C12652D05E80143446247A891879A8C2CAE0B8C33CE29A74B4 |
SHA-512: | 0840BC1D227B953BFCB10AAC30BB96DE1E69554A7EAF95B3331A3EE153972C1195FCD6A8A167E0FBB598FF019F33D05A578590E0EEFE7DB5F5B3A40AF8DBE70E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33792 |
Entropy (8bit): | 7.562436424578068 |
Encrypted: | false |
SSDEEP: | 384:qmkSf6lUVlWdEQl2AxMaiJ3sp1Xx7bNupoAXKZunujB/7l7cSz7ulSUeaFvCaFsW:lkdlUog1dsp9FgpjXsjBZ8S4vWW |
MD5: | 9EFAB31B11B25334F1D4A5D914E736BA |
SHA1: | 28CAF6139123E86CFDF6AF1E29BFEEC41C83E546 |
SHA-256: | F5103002B65A1712D877F8B9BF4C1CA9FA14ECAA9E5259EB1CCDB4DAE00EE1C5 |
SHA-512: | 4FE57D75C0B7BECC9153F5A90D53C479463772994A74CF6E0407C41724AAF599E4CDDDE26AAA75246C207DDADBB66E6C6E39BB7C7B7D964C6B810B01C7AFA8AA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28672 |
Entropy (8bit): | 7.288773304398094 |
Encrypted: | false |
SSDEEP: | 384:9SgjRvdgLDeGaQ5BkZIJHZGeyec6zWlYcU7WwydHKy7Yl9n4W3ptGUU2AK45dOIS:9BtCXcZepyec6zWDUlS7YlyYFUBKzI |
MD5: | BC3FD89CA077D5ED0D92A2EA95FA28F1 |
SHA1: | F9F5B1739CB4E9427AA11B33BFA47DC0615B566D |
SHA-256: | FB63CD260043C958980F2B4C5057D5EF726ABE259A8DCAA4C2D2D7E1D9C3C7A2 |
SHA-512: | EC06B87BEB4F5EA3BE31323873D5701CC888868F5D928258771728E250AC632C96BE3D93130253F8389A8D46D288FB95C4552ECADE61B18574463A125E408E98 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8704 |
Entropy (8bit): | 6.451885016786889 |
Encrypted: | false |
SSDEEP: | 192:3knKQ0AvH0CDBS547sYuVkyNyX/aWLvB2oYI:UK5A/Jo0yVlOVvMoY |
MD5: | 6DCCCBECA34C119EB39036AFF0928EC8 |
SHA1: | 6FFC0B7A455CE38089B03E58216623CC3506E014 |
SHA-256: | DDDA0A65A2DA99ABCB104BEE42F069D71D50F95776C4DCFF0B0506F40171E3E7 |
SHA-512: | CBBAA1AC30B7D0C4D64AED884DDA40809BD4914821DA7465790E57D2FC1D02FD47631284659E392412F1D7DEAB69CA435238E8A6C4C31F0BC6FEE4DF746D500E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8704 |
Entropy (8bit): | 6.425411330574039 |
Encrypted: | false |
SSDEEP: | 96:JTjyU2aozoboSEOg9UOh7sbRqz1Q0SgIeGXqlyAVy2emDrod0alqG+bCMVJcST+P:RUkoFOZOh75EgIeGYVgwcd0aqlVun |
MD5: | 61C996537672E56B3895D38793FEF51E |
SHA1: | C48C8B05E18208C4E58CD997B26E9824D45D62BF |
SHA-256: | 3EC08A5424B1C2CD958D2FCBC3CF37EBD43941540651D907F00C16306ABDFCC7 |
SHA-512: | 5A2281A69A6EA59D87CC8B690A0DC56A0CD602A226B050597DCD6C9EF3463EBE07B949142F4671022F04D78B0C57A8087977E68B99092527711B6815608E3913 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13824 |
Entropy (8bit): | 7.015833199595925 |
Encrypted: | false |
SSDEEP: | 384:wNHebIs5sg/ErTzf7T+dwxkbGfvBqmmjLw:jbX5v/ITzYwxi8vB7 |
MD5: | E8A04303C9F5D3FF634AAF3AF17C16A3 |
SHA1: | 17C7A9D0698B022EE1CA93BD8BFDCF07EB49EFAA |
SHA-256: | 9AA744B900703F545830104E1E5FF8FCC5FD2F45BE6F1AE37CC7D6EBDB67E34C |
SHA-512: | E842A7C5BDAACAC3F45112EE3653684DC3442D66B59849F82630F167E1F6C11F278306EC457AE1A7249DE9E4DEE6FC925B6F08CB92708437805D26734FC7C6C9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12800 |
Entropy (8bit): | 6.9842017501205955 |
Encrypted: | false |
SSDEEP: | 192:eJaaYWfkTm1km9VjPpFAylMlpMtOQBB2sFIuZyZwJLdmtLOc:SaaFe6zAyqluD2SrZkwJp |
MD5: | 218DA672087A986EF7DAC94A4B5E665B |
SHA1: | F83AF3EAB9303AFA49CC37FB1429183B419A3BE4 |
SHA-256: | FA61C479C6B8BF91A47964C64F02AC7F49F51FD04BE8235DF8A81C3D9DB95950 |
SHA-512: | 2E57226275866731F14CBA5C3A4CADB68C9AE6D3F5F8F07B9451A51570117263459ECA1445967CEAC16C0FEE80A7F5C97AF7C904985CD1DC29E95E3550ADF347 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8704 |
Entropy (8bit): | 6.325257751897019 |
Encrypted: | false |
SSDEEP: | 96:zIjyUfapzogM8zMmfKodTFECKFQcJO1Oj35l0Q8tQh8ZriIxz0sfoo:c9uM8zZfKoYC2nO1OYQ+QWrJxz0I |
MD5: | 6C73C30AF9548F1AC5ADECEB15B279FA |
SHA1: | 655E0F25F5FD5E229C0C9B86AF186E14116EC681 |
SHA-256: | DE547EB36BD293CAD5E227772CCE7E804184AB1F87235B3239C3638426B1A138 |
SHA-512: | 00A372842405E76247D3CE10063CCDE4E246ED48893957CC5F04199A000C93FDFFEAFD0FC24CFEC6D26BFE4133050BA25184EB826DA12474F65596FBA25F4C5E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8192 |
Entropy (8bit): | 6.500774482657499 |
Encrypted: | false |
SSDEEP: | 96:ALFyUmaxzop6bdQVtNkRtV4yhwZ1MuQ0f837ACLlY5pVG5poQDBZ7uQooA:MWD65Q9kRtVphoM7x25pqpoPo |
MD5: | 9A6A2DF9EB24983122E0B06EFF4CFF57 |
SHA1: | E9459C7267C245EEB6AF2A866DEC8FB204E215F6 |
SHA-256: | 8D9E6F8242B9D93518DC7945B42950EC96595BBC0984324188566A7B5D4C82C9 |
SHA-512: | 87C240069CCF15A56AD0B5FD5F2287171BBC815F2A233C24EE7A103AFD706CDEEADF6B3AF28D1BBC42FD1D8C62681E628B3402AA9AD480FDB353C046F82E77E4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\kbdgc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 50991104 |
Entropy (8bit): | 5.545741590574733 |
Encrypted: | false |
SSDEEP: | 1572864:h3P5aFLI10JhKvkgVKJ2SUmzNCW+ke2gMNx3Smco1Ow+CiLebfraeEGQ8m+V9n3X:2wmkWiaj |
MD5: | AA54788F8FF9F9D50FA3804069F148CB |
SHA1: | 85BF40F886EE19D1B7C18B320676C58E0FC4D623 |
SHA-256: | B930CFA7A81E07DA6A98A126C6D45560DF027C86B8C6716B9672ABD421C70077 |
SHA-512: | F6E2EB609F95946776165D35106D02E2FA8C1D0B9F7065B6A88DDCEB842482C3FFAE833891953706FFE7CCABA04E01B8913B3EB8643E424BC1D9633CE49C0BED |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.99198950173466 |
TrID: |
|
File name: | kbdgc.exe |
File size: | 6'427'166 bytes |
MD5: | 5025218d868f68c956a6bcb8f3c99007 |
SHA1: | 84f0f59997a46562e837730335c304b719335ce9 |
SHA256: | ae8ada4be2d0844a57fcfcab82e65dd28613f4e9e802a14562c7f595115ee9bc |
SHA512: | a79e4f0cc275857fdec42e68bf59e8d12c324bd948386b9cc3391ea74b9aa5906aea1f9a471c63980c5f11ddaa0ac374476fd21f285e8af1887c31a671486dd8 |
SSDEEP: | 98304:zJpnERJapCZgZ4WUJ7X7KxKxUDxUk6ef5cUtlQbEgUyLeU7wi0:lloopCZsQJz7K36U5vQZ4Uki0 |
TLSH: | 49563305FFC20D33EAB25436DE1A5F54A63C7A644D12C76F97E00DA5FE322E196288B1 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..`_Z.`_Z.`_Z...Z.`_Z...Z1`_Z...Z.`_Z.>\[.`_Z.>[[.`_Z.>Z[.`_Z...Z.`_Z...Z.`_Z.`^Z@`_Z->Z[.`_Z->_[.`_Z(>.Z.`_Z->][.`_ZRich.`_ |
Icon Hash: | 2775250905472797 |
Entrypoint: | 0x41cec9 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x598DB6FE [Fri Aug 11 13:54:06 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 027ea80e8125c6dda271246922d4c3b0 |
Instruction |
---|
call 00007FB824E3C44Fh |
jmp 00007FB824E3BE53h |
cmp ecx, dword ptr [0043A1B8h] |
jne 00007FB824E3BFC5h |
ret |
jmp 00007FB824E3C5C5h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 00430F60h |
mov dword ptr [ecx], 00431904h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FB824E2F9E1h |
mov dword ptr [esi], 00431910h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 00431918h |
mov dword ptr [ecx], 00431910h |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 004318F8h |
push eax |
call 00007FB824E3F158h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
je 00007FB824E3BFCCh |
push 0000000Ch |
push esi |
call 00007FB824E3B5C4h |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
lea ecx, dword ptr [ebp-0Ch] |
call 00007FB824E3BF3Fh |
push 00437AECh |
lea eax, dword ptr [ebp-0Ch] |
push eax |
call 00007FB824E3E857h |
int3 |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
lea ecx, dword ptr [ebp-0Ch] |
call 00007FB824E3BF55h |
push 00437D1Ch |
lea eax, dword ptr [ebp-0Ch] |
push eax |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x38c40 | 0x34 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x38c74 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5b000 | 0x39c4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5f000 | 0x1f58 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x36e50 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x31898 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x30000 | 0x21c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x381c4 | 0x120 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2e1cb | 0x2e200 | 5c7b428a0e89ea47b4077685a6b368f9 | False | 0.5913416751355014 | data | 6.694270808561643 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x30000 | 0x98a0 | 0x9a00 | 93fd19be3a021a1128e7caf2a14b8416 | False | 0.45680296266233766 | COM executable for DOS | 5.121063891730476 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3a000 | 0x1f290 | 0xc00 | 74d4929d26aa823ed75bb2f4ae8c5198 | False | 0.2809244791666667 | data | 3.237186720912972 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.gfids | 0x5a000 | 0xe8 | 0x200 | 5cfc4d481aa83c2fc6ce55ddf06fb8cf | False | 0.337890625 | data | 2.0550667973769086 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x5b000 | 0x39c4 | 0x3a00 | 3ab7d834d0baf7f50b7283fae81c49b7 | False | 0.4030845905172414 | data | 5.363611359089126 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x5f000 | 0x1f58 | 0x2000 | 9caffe0a7af61f18e5154f80560d2242 | False | 0.7845458984375 | data | 6.622969932482304 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_BITMAP | 0x5b57c | 0xbb6 | Device independent bitmap graphic, 93 x 302 x 4, 2 compression, image size 2894, resolution 2835 x 2835 px/m | Chinese | China | 0.2581721147431621 |
RT_ICON | 0x5c134 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Chinese | China | 0.6047297297297297 |
RT_ICON | 0x5c25c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Chinese | China | 0.4703757225433526 |
RT_ICON | 0x5c7c4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Chinese | China | 0.4986559139784946 |
RT_ICON | 0x5caac | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Chinese | China | 0.4444945848375451 |
RT_DIALOG | 0x5d354 | 0x176 | data | Chinese | China | 0.6898395721925134 |
RT_DIALOG | 0x5d4cc | 0xd6 | data | Chinese | China | 0.6962616822429907 |
RT_DIALOG | 0x5d5a4 | 0xba | data | Chinese | China | 0.7204301075268817 |
RT_DIALOG | 0x5d660 | 0x102 | data | Chinese | China | 0.6201550387596899 |
RT_DIALOG | 0x5d764 | 0x286 | data | Chinese | China | 0.4953560371517028 |
RT_DIALOG | 0x5d9ec | 0x1ce | data | Chinese | China | 0.6645021645021645 |
RT_STRING | 0x5dbbc | 0xb6 | data | Chinese | China | 0.7472527472527473 |
RT_STRING | 0x5dc74 | 0xd6 | data | Chinese | China | 0.6962616822429907 |
RT_STRING | 0x5dd4c | 0xca | data | Chinese | China | 0.7920792079207921 |
RT_STRING | 0x5de18 | 0x76 | data | Chinese | China | 0.9152542372881356 |
RT_STRING | 0x5de90 | 0x282 | data | Chinese | China | 0.6417445482866043 |
RT_STRING | 0x5e114 | 0x94 | data | Chinese | China | 0.777027027027027 |
RT_STRING | 0x5e1a8 | 0x78 | data | Chinese | China | 0.9083333333333333 |
RT_STRING | 0x5e220 | 0x64 | data | Chinese | China | 0.63 |
RT_STRING | 0x5e284 | 0x52 | data | Chinese | China | 0.8780487804878049 |
RT_STRING | 0x5e2d8 | 0x6a | data | Chinese | China | 0.7452830188679245 |
RT_GROUP_ICON | 0x5e344 | 0x3e | data | Chinese | China | 0.8387096774193549 |
RT_MANIFEST | 0x5e384 | 0x640 | XML 1.0 document, ASCII text, with CRLF line terminators | Chinese | China | 0.423125 |
DLL | Import |
---|---|
KERNEL32.dll | GetLastError, SetLastError, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, GetTickCount, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, SetStdHandle, HeapSize, GetConsoleCP, GetConsoleMode, SetFilePointerEx, DecodePointer |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | China |
Target ID: | 0 |
Start time: | 12:54:54 |
Start date: | 03/07/2024 |
Path: | C:\Users\user\Desktop\kbdgc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb70000 |
File size: | 6'427'166 bytes |
MD5 hash: | 5025218D868F68C956A6BCB8F3C99007 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 10% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 8.9% |
Total number of Nodes: | 1398 |
Total number of Limit Nodes: | 25 |
Graph
Function 00B8B905 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 180filecomwindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79F76 Relevance: 7.6, APIs: 5, Instructions: 108fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B780FA Relevance: 3.9, APIs: 2, Instructions: 900COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B854D8 Relevance: .3, Instructions: 325COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7EF68 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 314libraryfileloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8AF10 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 96windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B98287 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7F5E6 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79443 Relevance: 6.1, APIs: 4, Instructions: 99fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79319 Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9718E Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B891F2 Relevance: 6.0, APIs: 4, Instructions: 30windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7F7C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B973C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B798CE Relevance: 4.6, APIs: 3, Instructions: 96fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79B8C Relevance: 4.6, APIs: 3, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7C07F Relevance: 4.6, APIs: 3, Instructions: 55COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B97209 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B97FD5 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7134B Relevance: 3.1, APIs: 2, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B71346 Relevance: 3.1, APIs: 2, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B97E14 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B791F7 Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79718 Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B970F2 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B797F1 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7959D Relevance: 3.1, APIs: 2, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7783A Relevance: 3.0, APIs: 2, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B954C3 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7CD80 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B948BE Relevance: 3.0, APIs: 2, Instructions: 33COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7F8BB Relevance: 3.0, APIs: 2, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79DC9 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8B8A4 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79AB2 Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79B19 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7EF1E Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B903E6 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B71281 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7F845 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B71927 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77F13 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B81D8C Relevance: 1.6, APIs: 1, Instructions: 90COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B88D79 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8B44C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7A3AC Relevance: 1.5, APIs: 1, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B758AB Relevance: 1.5, APIs: 1, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B953D5 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B791A9 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79E4B Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B71DAD Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B71DB2 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7F507 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79420 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8B746 Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B79870 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89D3B Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 289timewindowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B76DD8 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 295fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B99C3E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B88C23 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B73D3B Relevance: 1.6, Strings: 1, Instructions: 332COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7A5E3 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8D303 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B98382 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B84B09 Relevance: .8, Instructions: 800COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B85F46 Relevance: .8, Instructions: 773COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7DC8B Relevance: .7, Instructions: 694COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8590D Relevance: .5, Instructions: 509COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7B686 Relevance: .4, Instructions: 449COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8EDD3 Relevance: .3, Instructions: 345COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8F208 Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8E99E Relevance: .3, Instructions: 331COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8E586 Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7D22A Relevance: .3, Instructions: 318COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8295B Relevance: .3, Instructions: 263COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B92308 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B82C8C Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7CE12 Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7D828 Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7E8DD Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B826E0 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B75C39 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8A247 Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 435windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B95BE8 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B879EF Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 124memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8B0B4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B78F33 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B89233 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 96windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7FA35 Relevance: 12.1, APIs: 8, Instructions: 120timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B9BEDD Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8BFA5 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7FC6C Relevance: 9.1, APIs: 6, Instructions: 97timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B87D18 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7F717 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B944C9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7DAFB Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B80708 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B94F4B Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B710B0 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B902A6 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B77319 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7F6DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|