Windows
Analysis Report
SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe (PID: 3376 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan-Dow nloader.Wi n32.Banloa d.24378.53 25.exe" MD5: 02B1BC1D92B390560C7D7FF9AA8E4E79)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00405070 |
Source: | Code function: | 0_2_00420314 |
Source: | Code function: | 0_2_00430A64 |
Source: | Code function: | 0_2_00433974 | |
Source: | Code function: | 0_2_0044DF14 | |
Source: | Code function: | 0_2_0044E6BC | |
Source: | Code function: | 0_2_0044E76C | |
Source: | Code function: | 0_2_00443268 | |
Source: | Code function: | 0_2_00427524 |
Source: | Code function: | 0_2_0044840C | |
Source: | Code function: | 0_2_0041ACFF | |
Source: | Code function: | 0_2_00443268 |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_0041D7B4 |
Source: | Code function: | 0_2_00408346 |
Source: | Code function: | 0_2_00413440 |
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | Code function: | 0_2_0043A7A0 |
Source: | Code function: | 0_2_0043AE55 | |
Source: | Code function: | 0_2_00424080 | |
Source: | Code function: | 0_2_00426094 | |
Source: | Code function: | 0_2_00426024 | |
Source: | Code function: | 0_2_0042605C | |
Source: | Code function: | 0_2_00426104 | |
Source: | Code function: | 0_2_0043C0BC | |
Source: | Code function: | 0_2_004240C0 | |
Source: | Code function: | 0_2_004260CC | |
Source: | Code function: | 0_2_00426174 | |
Source: | Code function: | 0_2_004501B6 | |
Source: | Code function: | 0_2_0042613C | |
Source: | Code function: | 0_2_004261AC | |
Source: | Code function: | 0_2_0041041A | |
Source: | Code function: | 0_2_0041041A | |
Source: | Code function: | 0_2_0041A4FB | |
Source: | Code function: | 0_2_0041A4FB | |
Source: | Code function: | 0_2_004104C4 | |
Source: | Code function: | 0_2_0041A590 | |
Source: | Code function: | 0_2_00450620 | |
Source: | Code function: | 0_2_0042A621 | |
Source: | Code function: | 0_2_004105DC | |
Source: | Code function: | 0_2_0042A67D | |
Source: | Code function: | 0_2_00450652 | |
Source: | Code function: | 0_2_0041270D | |
Source: | Code function: | 0_2_004267E5 | |
Source: | Code function: | 0_2_00430808 | |
Source: | Code function: | 0_2_0041A840 | |
Source: | Code function: | 0_2_0040C8ED | |
Source: | Code function: | 0_2_004068AD | |
Source: | Code function: | 0_2_00428956 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_0044AFC4 | |
Source: | Code function: | 0_2_0044DF9C | |
Source: | Code function: | 0_2_004361CC | |
Source: | Code function: | 0_2_0044E6BC | |
Source: | Code function: | 0_2_0044E76C | |
Source: | Code function: | 0_2_00435098 | |
Source: | Code function: | 0_2_0043594C | |
Source: | Code function: | 0_2_00423B14 |
Source: | Code function: | 0_2_0043A7A0 |
Malware Analysis System Evasion |
---|
Source: | Code function: | 0_2_0042A4B4 |
Source: | User Timer Set: | Jump to behavior |
Source: | Code function: | 0_2_0044D50C |
Source: | API coverage: |
Source: | Code function: | 0_2_0042A4B4 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00405070 |
Source: | Code function: | 0_2_0041DD44 |
Source: | Code function: | 0_2_0043A7A0 |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Code function: | 0_2_00405228 | |
Source: | Code function: | 0_2_0040C134 | |
Source: | Code function: | 0_2_0040AB48 | |
Source: | Code function: | 0_2_0040AB94 | |
Source: | Code function: | 0_2_00405B1E | |
Source: | Code function: | 0_2_00405B20 |
Source: | Code function: | 0_2_00409648 |
Source: | Code function: | 0_2_0043ADD0 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | 11 Input Capture | 1 System Time Discovery | Remote Services | 11 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 12 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 21 Obfuscated Files or Information | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Clipboard Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Software Packing | NTDS | 11 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 16 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | ReversingLabs | |||
9% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1468056 |
Start date and time: | 2024-07-05 09:33:14 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Detection: | MAL |
Classification: | mal60.evad.winEXE@1/0@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
File type: | |
Entropy (8bit): | 7.931306061227011 |
TrID: |
|
File name: | SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
File size: | 150'016 bytes |
MD5: | 02b1bc1d92b390560c7d7ff9aa8e4e79 |
SHA1: | ab51a613b594c17a481eea7d43cac97cec124411 |
SHA256: | a35e13209e866dbdc6ef31c72e55630438e04e1e175b441ec9f680076a846e93 |
SHA512: | c86ca1154faddd251521558ebd8db890b426c5b316caab0867fe58e915dab9b40e1a4275be1758a33fa484672a39dfc1f634efee903fc10d1cd8b3c5a40b7ac4 |
SSDEEP: | 3072:jS13+pTUL3+rasKgvb8PHjdP7LLHSL54kmj0sjZNYuCdfblout:jS13UTm4a9gvba5zyuRehoS |
TLSH: | C7E31247F7BAB964DD8104BA6E9B5E381B31F0F09CA3CF871AE4B369CD437242651621 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | a4868c93a2c6b0a6 |
Entrypoint: | 0x467340 |
Entrypoint Section: | UPX1 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 4e951e86436c76d700c0d4b4eb177a14 |
Instruction |
---|
pushad |
mov esi, 00445000h |
lea edi, dword ptr [esi-00044000h] |
mov dword ptr [edi+0005009Ch], 212E6B55h |
push edi |
mov ebp, esp |
lea ebx, dword ptr [esp-00003E80h] |
xor eax, eax |
push eax |
cmp esp, ebx |
jne 00007F5D55074BCDh |
inc esi |
inc esi |
push ebx |
push 0006592Ch |
push edi |
add ebx, 04h |
push ebx |
push 00022339h |
push esi |
add ebx, 04h |
push ebx |
push eax |
mov dword ptr [ebx], 00000003h |
push ebp |
push edi |
push esi |
push ebx |
sub esp, 7Ch |
mov edx, dword ptr [esp+00000090h] |
mov dword ptr [esp+74h], 00000000h |
mov byte ptr [esp+73h], 00000000h |
mov ebp, dword ptr [esp+0000009Ch] |
lea eax, dword ptr [edx+04h] |
mov dword ptr [esp+78h], eax |
mov eax, 00000001h |
movzx ecx, byte ptr [edx+02h] |
mov ebx, eax |
shl ebx, cl |
mov ecx, ebx |
dec ecx |
mov dword ptr [esp+6Ch], ecx |
movzx ecx, byte ptr [edx+01h] |
shl eax, cl |
dec eax |
mov dword ptr [esp+68h], eax |
mov eax, dword ptr [esp+000000A8h] |
movzx esi, byte ptr [edx] |
mov dword ptr [ebp+00h], 00000000h |
mov dword ptr [esp+60h], 00000000h |
mov dword ptr [eax], 00000000h |
mov eax, 00000300h |
mov dword ptr [esp+64h], esi |
mov dword ptr [esp+5Ch], 00000001h |
mov dword ptr [esp+58h], 00000001h |
mov dword ptr [esp+00h], 00000000h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x6936c | 0x1c4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x68000 | 0x136c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x67efc | 0x18 | UPX1 |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
UPX0 | 0x1000 | 0x44000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
UPX1 | 0x45000 | 0x23000 | 0x23000 | 48f531e312091764d3036e0861777976 | False | 0.9915806361607142 | data | 7.9950539598993 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x68000 | 0x2000 | 0x1600 | f977ad8496001191e7ff92543546ec85 | False | 0.3586647727272727 | data | 3.7549499134853774 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x5faa8 | 0x134 | data | 1.0357142857142858 | ||
RT_CURSOR | 0x5fbdc | 0x134 | data | 1.0357142857142858 | ||
RT_CURSOR | 0x5fd10 | 0x134 | data | 1.0357142857142858 | ||
RT_CURSOR | 0x5fe44 | 0x134 | data | 1.0357142857142858 | ||
RT_CURSOR | 0x5ff78 | 0x134 | data | 1.0357142857142858 | ||
RT_CURSOR | 0x600ac | 0x134 | data | 1.0357142857142858 | ||
RT_CURSOR | 0x601e0 | 0x134 | data | 1.0357142857142858 | ||
RT_BITMAP | 0x60314 | 0x1d0 | data | 1.0237068965517242 | ||
RT_BITMAP | 0x604e4 | 0x1e4 | data | 1.0227272727272727 | ||
RT_BITMAP | 0x606c8 | 0x1d0 | data | 1.0237068965517242 | ||
RT_BITMAP | 0x60898 | 0x1d0 | data | 1.0237068965517242 | ||
RT_BITMAP | 0x60a68 | 0x1d0 | data | 1.0237068965517242 | ||
RT_BITMAP | 0x60c38 | 0x1d0 | data | 1.0237068965517242 | ||
RT_BITMAP | 0x60e08 | 0x1d0 | data | 1.0237068965517242 | ||
RT_BITMAP | 0x60fd8 | 0x1d0 | data | 1.0237068965517242 | ||
RT_BITMAP | 0x611a8 | 0x1d0 | data | 1.0237068965517242 | ||
RT_BITMAP | 0x61378 | 0x1d0 | data | 1.0237068965517242 | ||
RT_BITMAP | 0x61548 | 0xe8 | data | 1.0474137931034482 | ||
RT_ICON | 0x68aac | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Polish | Poland | 0.421028880866426 |
RT_DIALOG | 0x61ed8 | 0x52 | data | 1.1341463414634145 | ||
RT_STRING | 0x61f2c | 0x164 | data | 1.0308988764044944 | ||
RT_STRING | 0x62090 | 0x200 | data | 1.021484375 | ||
RT_STRING | 0x62290 | 0xf8 | data | 1.0443548387096775 | ||
RT_STRING | 0x62388 | 0x300 | data | 1.0143229166666667 | ||
RT_STRING | 0x62688 | 0xbc | data | 1.0585106382978724 | ||
RT_STRING | 0x62744 | 0x10c | data | 1.041044776119403 | ||
RT_STRING | 0x62850 | 0x1c4 | data | 1.0243362831858407 | ||
RT_STRING | 0x62a14 | 0x450 | data | 1.0099637681159421 | ||
RT_STRING | 0x62e64 | 0x35c | data | 1.0127906976744185 | ||
RT_STRING | 0x631c0 | 0x3e8 | data | 1.011 | ||
RT_STRING | 0x635a8 | 0x234 | data | 1.0195035460992907 | ||
RT_STRING | 0x637dc | 0xec | data | 1.0466101694915255 | ||
RT_STRING | 0x638c8 | 0x1b4 | data | 1.025229357798165 | ||
RT_STRING | 0x63a7c | 0x3e4 | data | 1.0110441767068272 | ||
RT_STRING | 0x63e60 | 0x358 | data | 1.0128504672897196 | ||
RT_STRING | 0x641b8 | 0x2b4 | OpenPGP Public Key | 1.0158959537572254 | ||
RT_RCDATA | 0x6446c | 0x10 | data | 1.5625 | ||
RT_RCDATA | 0x6447c | 0x264 | data | 1.0179738562091503 | ||
RT_RCDATA | 0x646e0 | 0x2ab | data | 1.0161054172767203 | ||
RT_GROUP_CURSOR | 0x6498c | 0x14 | data | 1.45 | ||
RT_GROUP_CURSOR | 0x649a0 | 0x14 | data | 1.45 | ||
RT_GROUP_CURSOR | 0x649b4 | 0x14 | data | 1.55 | ||
RT_GROUP_CURSOR | 0x649c8 | 0x14 | data | 1.45 | ||
RT_GROUP_CURSOR | 0x649dc | 0x14 | Non-ISO extended-ASCII text, with no line terminators | 1.45 | ||
RT_GROUP_CURSOR | 0x649f0 | 0x14 | data | 1.45 | ||
RT_GROUP_CURSOR | 0x64a04 | 0x14 | data | 1.45 | ||
RT_GROUP_ICON | 0x69358 | 0x14 | data | Polish | Poland | 1.15 |
DLL | Import |
---|---|
advapi32.dll | RegCloseKey |
comctl32.dll | ImageList_Add |
gdi32.dll | SaveDC |
KERNEL32.DLL | LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect |
oleaut32.dll | VariantCopy |
user32.dll | GetDC |
version.dll | VerQueryValueA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Polish | Poland |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 03:34:01 |
Start date: | 05/07/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 150'016 bytes |
MD5 hash: | 02B1BC1D92B390560C7D7FF9AA8E4E79 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 6.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 15.8% |
Total number of Nodes: | 1190 |
Total number of Limit Nodes: | 56 |
Graph
Function 00405228 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 184registrystringlibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AFC4 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 407windowCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430A64 Relevance: 3.1, APIs: 2, Instructions: 129COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413440 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043ADD0 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044DF14 Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043AB9C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103registrylibraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044DA1C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 132windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432F18 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134registryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044EE7C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D714 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044CE0C Relevance: 10.6, APIs: 7, Instructions: 89COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C5F4 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447B54 Relevance: 7.7, APIs: 5, Instructions: 171COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042922C Relevance: 7.6, APIs: 5, Instructions: 110COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004490AC Relevance: 6.1, APIs: 4, Instructions: 148windowCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044DC9C Relevance: 6.1, APIs: 4, Instructions: 57COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004019FC Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044EAC0 Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004020E8 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C630 Relevance: 3.1, APIs: 2, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427598 Relevance: 3.0, APIs: 2, Instructions: 47timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004029E4 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C9EC Relevance: 3.0, APIs: 2, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406860 Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401514 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040BB54 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040BB52 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044F6E8 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445C84 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004068E6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004068E8 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406940 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004080F0 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F67C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004081CC Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041D280 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404FEC Relevance: 1.5, APIs: 1, Instructions: 26COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408174 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407C1C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A2C0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040173C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408204 Relevance: 1.3, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A7A0 Relevance: 50.8, APIs: 15, Strings: 14, Instructions: 95libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405070 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004361CC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443268 Relevance: 9.4, APIs: 6, Instructions: 405nativeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043594C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044840C Relevance: 7.8, APIs: 5, Instructions: 284windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A4B4 Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D50C Relevance: 4.5, APIs: 3, Instructions: 33synchronizationthreadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00435098 Relevance: 3.1, APIs: 2, Instructions: 63windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041D7B4 Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C134 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408346 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427524 Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B1E Relevance: 1.5, APIs: 1, Instructions: 38COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B20 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041DD44 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AB48 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AB94 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409648 Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041ACFF Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004257CC Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406998 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436C1C Relevance: 16.7, APIs: 11, Instructions: 224COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00428794 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00419090 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 109threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B23C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56filewindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F40C Relevance: 13.6, APIs: 9, Instructions: 150COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C394 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FC16 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FC18 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423C44 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423DEC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403E1C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433F9C Relevance: 12.1, APIs: 8, Instructions: 123COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043F188 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 187windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043743C Relevance: 10.7, APIs: 7, Instructions: 156COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004340F0 Relevance: 10.6, APIs: 7, Instructions: 133COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044CACC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041908E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423D18 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004488D0 Relevance: 9.2, APIs: 6, Instructions: 150COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401AC0 Relevance: 9.1, APIs: 6, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041D630 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405BE9 Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043D5EC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442978 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004030C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043F728 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433C14 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043F568 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E968 Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00420850 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ADD0 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D620 Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AE80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044F438 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 81threadwindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C7FC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D710 Relevance: 6.2, APIs: 4, Instructions: 204COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043C858 Relevance: 6.2, APIs: 4, Instructions: 170COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D174 Relevance: 6.1, APIs: 4, Instructions: 139threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E620 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040C220 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442FD0 Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044BFF0 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041DF4C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00415E28 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D564 Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C6E0 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D5AC Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406870 Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442854 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84keyboardCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|