Windows
Analysis Report
wWk9NkXYcL.exe
Overview
General Information
Sample name: | wWk9NkXYcL.exerenamed because original name is a hash value |
Original sample name: | 3a1ccc44a0aa6f397c3b2eacf6d4c526.exe |
Analysis ID: | 1510359 |
MD5: | 3a1ccc44a0aa6f397c3b2eacf6d4c526 |
SHA1: | 62d0b00435893cae171ddf6b2b5d964f608db84e |
SHA256: | e606e3e72dfaabb3b398d7f7b2b221675038da19080c69c41bd3005066d94f50 |
Tags: | exe |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
wWk9NkXYcL.exe (PID: 3076 cmdline:
"C:\Users\ user\Deskt op\wWk9NkX YcL.exe" MD5: 3A1CCC44A0AA6F397C3B2EACF6D4C526) cmd.exe (PID: 2676 cmdline:
"C:\Window s\System32 \cmd.exe" /k move Em otions Emo tions.cmd & Emotions .cmd & exi t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) conhost.exe (PID: 6768 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) tasklist.exe (PID: 6412 cmdline:
tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1) findstr.exe (PID: 7148 cmdline:
findstr /I "wrsa.exe opssvc.ex e" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E) tasklist.exe (PID: 564 cmdline:
tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1) findstr.exe (PID: 3820 cmdline:
findstr /I "avastui. exe avgui. exe bdserv icehost.ex e ekrn.exe nswscsvc. exe sophos health.exe " MD5: F1D4BE0E99EC734376FDE474A8D4EA3E) cmd.exe (PID: 5724 cmdline:
cmd /c md 473638 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) findstr.exe (PID: 6752 cmdline:
findstr /V "MaskBath roomCompos itionInjec tion" Part icipants MD5: F1D4BE0E99EC734376FDE474A8D4EA3E) cmd.exe (PID: 5948 cmdline:
cmd /c cop y /b ..\Th ey + ..\Fl orence + . .\Astrolog y + ..\Att ributes + ..\Connect + ..\This + ..\Resi dents + .. \Staff + . .\Net + .. \Funded + ..\Laughin g + ..\Rev iewing + . .\Bullet + ..\Amendm ent + ..\N otre + ..\ Beside + . .\Hc + ..\ Heavily + ..\Spirit + ..\Contr ibution + ..\Diction aries + .. \Simply + ..\Infants + ..\Musi c + ..\Rig ht + ..\Fo x + ..\Fir ewall + .. \Mint Q MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) Element.pif (PID: 6444 cmdline:
Element.pi f Q MD5: C63860691927D62432750013B5A20F5F) Element.pif (PID: 6196 cmdline:
C:\Users\u ser~1\AppD ata\Local\ Temp\47363 8\Element. pif MD5: C63860691927D62432750013B5A20F5F) WerFault.exe (PID: 1964 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 6 196 -s 692 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) choice.exe (PID: 7040 cmdline:
choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
- cleanup
Source: | Author: Max Altgelt (Nextron Systems): |
Source: | Author: frack113, Nasreddine Bencherchali: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Author: Joe Security: |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-12T21:26:46.244720+0200 | 2054709 | 1 | A Network Trojan was detected | 192.168.2.7 | 49704 | 195.10.205.48 | 80 | TCP |
2024-09-12T21:26:54.244678+0200 | 2054709 | 1 | A Network Trojan was detected | 192.168.2.7 | 49705 | 193.233.232.86 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Code function: | 21_2_0000021925CE7440 |
Source: | Static PE information: |
Source: | Code function: | 0_2_00405B98 | |
Source: | Code function: | 0_2_00406559 | |
Source: | Code function: | 0_2_004029F1 | |
Source: | Code function: | 21_2_00007FF6C58ECE3C | |
Source: | Code function: | 21_2_00007FF6C58B2DE0 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00404BB4 |
Source: | Code function: | 21_2_00007FF6C5871990 |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_00403415 |
Source: | Code function: | 0_2_0040447D | |
Source: | Code function: | 0_2_0040680A | |
Source: | Code function: | 0_2_00406E34 | |
Source: | Code function: | 21_2_0000021925C730D0 | |
Source: | Code function: | 21_2_0000021925C68CB0 | |
Source: | Code function: | 21_2_0000021925C6A4D0 | |
Source: | Code function: | 21_2_0000021925C534D0 | |
Source: | Code function: | 21_2_0000021925C6B420 | |
Source: | Code function: | 21_2_0000021925C703B0 | |
Source: | Code function: | 21_2_0000021925D4533C | |
Source: | Code function: | 21_2_0000021925D58318 | |
Source: | Code function: | 21_2_0000021925D2C300 | |
Source: | Code function: | 21_2_0000021925C566C0 | |
Source: | Code function: | 21_2_0000021925C6E5C0 | |
Source: | Code function: | 21_2_0000021925C73543 | |
Source: | Code function: | 21_2_0000021925C68500 | |
Source: | Code function: | 21_2_0000021925D6E0C0 | |
Source: | Code function: | 21_2_0000021925D440B4 | |
Source: | Code function: | 21_2_0000021925D4B050 | |
Source: | Code function: | 21_2_0000021925D6E018 | |
Source: | Code function: | 21_2_0000021925D6E008 | |
Source: | Code function: | 21_2_0000021925C53FE9 | |
Source: | Code function: | 21_2_0000021925D52F68 | |
Source: | Code function: | 21_2_0000021925D44F34 | |
Source: | Code function: | 21_2_0000021925CE22C0 | |
Source: | Code function: | 21_2_0000021925D4620C | |
Source: | Code function: | 21_2_0000021925D45138 | |
Source: | Code function: | 21_2_0000021925C6DCD0 | |
Source: | Code function: | 21_2_0000021925D4ECF8 | |
Source: | Code function: | 21_2_0000021925D57C98 | |
Source: | Code function: | 21_2_0000021925C6CCA0 | |
Source: | Code function: | 21_2_0000021925D4FBC8 | |
Source: | Code function: | 21_2_0000021925C66B60 | |
Source: | Code function: | 21_2_0000021925C70B20 | |
Source: | Code function: | 21_2_0000021925C53E4B | |
Source: | Code function: | 21_2_0000021925C51E30 | |
Source: | Code function: | 21_2_0000021925D45D04 | |
Source: | Code function: | 21_2_0000021925C5C8E0 | |
Source: | Code function: | 21_2_0000021925C6D8B0 | |
Source: | Code function: | 21_2_0000021925D5F8A8 | |
Source: | Code function: | 21_2_0000021925D3A80C | |
Source: | Code function: | 21_2_0000021925D57804 | |
Source: | Code function: | 21_2_0000021925CCC780 | |
Source: | Code function: | 21_2_0000021925CDE750 | |
Source: | Code function: | 21_2_0000021925C54729 | |
Source: | Code function: | 21_2_0000021925C71A40 | |
Source: | Code function: | 21_2_0000021925D43A18 | |
Source: | Code function: | 21_2_0000021925D45980 | |
Source: | Code function: | 21_2_0000021925CC99B0 | |
Source: | Code function: | 21_2_00007FF6C58B16D0 | |
Source: | Code function: | 21_2_00007FF6C58A76EC | |
Source: | Code function: | 21_2_00007FF6C58AA650 | |
Source: | Code function: | 21_2_00007FF6C58B6680 | |
Source: | Code function: | 21_2_00007FF6C58A15E0 | |
Source: | Code function: | 21_2_00007FF6C5872820 | |
Source: | Code function: | 21_2_00007FF6C5881820 | |
Source: | Code function: | 21_2_00007FF6C589F760 | |
Source: | Code function: | 21_2_00007FF6C5878790 | |
Source: | Code function: | 21_2_00007FF6C58A8270 | |
Source: | Code function: | 21_2_00007FF6C5886260 | |
Source: | Code function: | 21_2_00007FF6C58B2290 | |
Source: | Code function: | 21_2_00007FF6C589C28C | |
Source: | Code function: | 21_2_00007FF6C591C284 | |
Source: | Code function: | 21_2_00007FF6C58724D4 | |
Source: | Code function: | 21_2_00007FF6C5874528 | |
Source: | Code function: | 21_2_00007FF6C589549C | |
Source: | Code function: | 21_2_00007FF6C58A9360 | |
Source: | Code function: | 21_2_00007FF6C5894364 | |
Source: | Code function: | 21_2_00007FF6C587AEC0 | |
Source: | Code function: | 21_2_00007FF6C5882EE0 | |
Source: | Code function: | 21_2_00007FF6C58A7DFC | |
Source: | Code function: | 21_2_00007FF6C591AE10 | |
Source: | Code function: | 21_2_00007FF6C589BD44 | |
Source: | Code function: | 21_2_00007FF6C5883D70 | |
Source: | Code function: | 21_2_00007FF6C58B512C | |
Source: | Code function: | 21_2_00007FF6C588203B | |
Source: | Code function: | 21_2_00007FF6C588F070 | |
Source: | Code function: | 21_2_00007FF6C589BFC0 | |
Source: | Code function: | 21_2_00007FF6C5921F40 | |
Source: | Code function: | 21_2_00007FF6C58A2F6C | |
Source: | Code function: | 21_2_00007FF6C588EAA8 | |
Source: | Code function: | 21_2_00007FF6C5880950 | |
Source: | Code function: | 21_2_00007FF6C587B9B0 | |
Source: | Code function: | 21_2_00007FF6C58B6C74 | |
Source: | Code function: | 21_2_00007FF6C5908CB0 | |
Source: | Code function: | 21_2_00007FF6C58B2BB0 |
Source: | Dropped File: |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 21_2_00007FF6C58F4124 |
Source: | Code function: | 0_2_0040400B |
Source: | Code function: | 21_2_00007FF6C58EC46C |
Source: | Code function: | 0_2_00402218 |
Source: | Code function: | 21_2_00007FF6C58F368C |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Process created: |
Source: | Static file information: |
Source: | Code function: | 0_2_00405BBF |
Source: | Code function: | 21_2_0000021925C76078 | |
Source: | Code function: | 21_2_00007FF6C58A76B4 | |
Source: | Code function: | 21_2_00007FF6C58A7152 |
Persistence and Installation Behavior |
---|
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 21_2_00007FF6C5894364 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Last function: |
Source: | Code function: | 0_2_00405B98 | |
Source: | Code function: | 0_2_00406559 | |
Source: | Code function: | 0_2_004029F1 | |
Source: | Code function: | 21_2_00007FF6C58ECE3C | |
Source: | Code function: | 21_2_00007FF6C58B2DE0 |
Source: | Code function: | 21_2_00007FF6C5875C44 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 21_2_0000021925D4C004 |
Source: | Code function: | 21_2_00007FF6C5895A40 |
Source: | Code function: | 0_2_00405BBF |
Source: | Code function: | 21_2_0000021925D6E0C0 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 21_2_0000021925D4C004 | |
Source: | Code function: | 21_2_0000021925D6E190 | |
Source: | Code function: | 21_2_0000021925D6E1B0 | |
Source: | Code function: | 21_2_0000021925D6E1A0 | |
Source: | Code function: | 21_2_00007FF6C589566C | |
Source: | Code function: | 21_2_00007FF6C5895850 | |
Source: | Code function: | 21_2_00007FF6C58B8E74 | |
Source: | Code function: | 21_2_00007FF6C58AAD08 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | NtQuerySystemInformation: | Jump to behavior | ||
Source: | NtQueryAttributesFile: | Jump to behavior | ||
Source: | NtQueryInformationToken: | Jump to behavior | ||
Source: | NtClose: | |||
Source: | NtProtectVirtualMemory: | Jump to behavior | ||
Source: | NtClose: | |||
Source: | NtDelayExecution: | Jump to behavior | ||
Source: | NtOpenFile: | Jump to behavior | ||
Source: | NtUnmapViewOfSection: | Jump to behavior | ||
Source: | NtQuerySystemInformation: | Jump to behavior | ||
Source: | NtProtectVirtualMemory: | Jump to behavior | ||
Source: | NtDelayExecution: | Jump to behavior | ||
Source: | NtQuerySystemInformation: | Jump to behavior | ||
Source: | NtUnmapViewOfSection: | Jump to behavior | ||
Source: | NtProtectVirtualMemory: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Thread register set: | Jump to behavior |
Source: | Code function: | 21_2_00007FF6C5873B64 |
Source: | Code function: | 21_2_00007FF6C5894364 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 21_2_00007FF6C58DDB9C |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 21_2_00007FF6C58AFBB0 |
Source: | Code function: | 21_2_0000021925D5E2FC | |
Source: | Code function: | 21_2_0000021925D5E118 | |
Source: | Code function: | 21_2_0000021925D5DCE0 | |
Source: | Code function: | 21_2_0000021925D5DC10 | |
Source: | Code function: | 21_2_0000021925D56D38 | |
Source: | Code function: | 21_2_0000021925D5D8B4 | |
Source: | Code function: | 21_2_0000021925D569A4 |
Source: | Code function: | 21_2_0000021925CD5AFC |
Source: | Code function: | 21_2_00007FF6C58B2290 |
Source: | Code function: | 0_2_00405C70 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 1 Masquerading | 11 Input Capture | 2 System Time Discovery | Remote Services | 11 Input Capture | 2 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 12 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 212 Process Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Native API | Logon Script (Windows) | 1 Abuse Elevation Control Mechanism | 212 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Clipboard Data | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 1 Abuse Elevation Control Mechanism | NTDS | 4 Process Discovery | Distributed Component Object Model | Input Capture | 12 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 3 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 26 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Win32.Trojan.Generic | ||
100% | Avira | TR/AVI.Agent.krnfv |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
aSrgKXZxBg.aSrgKXZxBg | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.233.232.86 | unknown | Russian Federation | 2895 | FREE-NET-ASFREEnetEU | true | |
195.10.205.48 | unknown | Russian Federation | 35813 | TSSCOM-ASRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1510359 |
Start date and time: | 2024-09-12 21:25:11 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 18s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 29 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | wWk9NkXYcL.exerenamed because original name is a hash value |
Original Sample Name: | 3a1ccc44a0aa6f397c3b2eacf6d4c526.exe |
Detection: | MAL |
Classification: | mal100.rans.evad.winEXE@25/34@1/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: wWk9NkXYcL.exe
Time | Type | Description |
---|---|---|
15:26:05 | API Interceptor | |
15:26:08 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
193.233.232.86 | Get hash | malicious | Latrodectus | Browse |
| |
Get hash | malicious | LummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBC | Browse |
| ||
195.10.205.48 | Get hash | malicious | Djvu, Neoreklami, Stealc, Vidar, Xmrig | Browse |
| |
Get hash | malicious | Socks5Systemz, Stealc, Vidar, XWorm, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TSSCOM-ASRU | Get hash | malicious | Xmrig | Browse |
| |
Get hash | malicious | Djvu, Neoreklami, Stealc, Vidar, Xmrig | Browse |
| ||
Get hash | malicious | Socks5Systemz, Stealc, Vidar, XWorm, Xmrig | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | AgentTesla, RedLine, SugarDump, XWorm | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
FREE-NET-ASFREEnetEU | Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, Stealc | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\473638\Element.pif | Get hash | malicious | LummaC, Stealc, Vidar | Browse | ||
Get hash | malicious | Latrodectus | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Xmrig | Browse |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8753 |
Entropy (8bit): | 5.112168319183873 |
Encrypted: | false |
SSDEEP: | 192:/YjisELs0/sDOykocrtURbjM9hC4mJJSKz4wKL3RjtHH016:JsELRsfortQbjKhQJJDz6LBhHH0M |
MD5: | 679A660E6448E2D327012672F96E392B |
SHA1: | D076AF425395161DAAC0093BD2AC3224BF2C0D2C |
SHA-256: | F0C7D541CC3FAECBE583663B7F7EAE6379DF06024E1B7AD6E764A87446406469 |
SHA-512: | 844CB059456118947493905C19730BD09C87AB038FA19012D6E34F942B9B472042E757DA05C5BC8A254E79F6C376CB267F0897300CB40AD0716BAFF7C759BFFB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1065128 |
Entropy (8bit): | 6.43820773264071 |
Encrypted: | false |
SSDEEP: | 24576:SAwciuvaj8l4LEWumcKYB5Wek2vY+BYssmNolbmmPmJ4Ve+aaWBS:SALTBaLETmcKYB5WH2AwjsLbmmPmJ4Vt |
MD5: | C63860691927D62432750013B5A20F5F |
SHA1: | 03678170AADF6BAB2AC2B742F5EA2FD1B11FECA3 |
SHA-256: | 69D2F1718EA284829DDF8C1A0B39742AE59F2F21F152A664BAA01940EF43E353 |
SHA-512: | 3357CB6468C15A10D5E3F1912349D7AF180F7BD4C83D7B0FD1A719A0422E90D52BE34D9583C99ABECCDB5337595B292A2AA025727895565F3A6432CAB46148DE |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2165308 |
Entropy (8bit): | 7.999912272401388 |
Encrypted: | true |
SSDEEP: | 49152:w81uy9Ge4xBxx4fo8/gQy4D2Zm6sazYfidgJ09NTHti+nhhogtnlmwG:T1uVPHb4foPQy4i2uNTHE+hWcn8d |
MD5: | 90E5FA4E6137A05C9714BCA56460A7D4 |
SHA1: | 1092E3F18D073AE57DB628D842F3853675494864 |
SHA-256: | 6C2114AA50E823BD834589EB9020DD9A50C35BA527B15E076D51E9BCE8476C3F |
SHA-512: | 3CD2D72A14617CBF7D936C8723CD140F8F0EDBE437420AFFEC40986783F1AD7EA2F18B9B38C58B45D01E26BB19D6E6FE1CB73092DF36D58E00559D305B868FEA |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 79872 |
Entropy (8bit): | 7.997675665711239 |
Encrypted: | true |
SSDEEP: | 1536:c7J33hd/Xu84+AoSmnbzOYunXgxUFKIgeIlxYJt+iS4Z:Yl37/+8imbzO3nQxUDgewxyt+i |
MD5: | CDE2F7038FA3E2789517A6D7F0127E67 |
SHA1: | C0B294730005E5A0039445ED086959F3042DDAFE |
SHA-256: | 4EB1B91A3194ADEB11C363DF098B87D9EC4D0D2BA88B3D4FE16730C6ECEAEFBF |
SHA-512: | 2710A9FB0B046D53AD27667AD7B2022C0D35042610ABAAAFD32635094057D43420B7BA0A077534C334C85038FAD1D3D6285D69B845E6BC73255F983FC3306F5F |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 78848 |
Entropy (8bit): | 7.99776283032043 |
Encrypted: | true |
SSDEEP: | 1536:2QC9JS8Wyxz/oYh9MczXmHWwfv+IVsxTfKN4VRUf2RMnq03csQP:2k8Wyge9zXmHxHf8fzofmMq0sFP |
MD5: | 8A4B87534399E48007B9F8B94B57D4FD |
SHA1: | 43E5AA90B4929C5C3F4DE023C64B45DFC9F9B98B |
SHA-256: | 99DC8AAD20ACDEC986A8D6060DDBE8E4E5218272BA5A209083184E9E2533FE34 |
SHA-512: | 23F344672A65531DC60509DB871F8BECE28B53B48B27E2F33E1768E83C4627EC05D241C7AB40E2DE54B480050DD2D27A5607C7EDACC0B1F2432AA65CE7C64630 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 7.99815557602569 |
Encrypted: | true |
SSDEEP: | 1536:dOWP6O5A590lucBfq6Hvn80h15xjW3ktc3XkiR8Cw/WC8AxVCTspUjjIJs0iaVy:dOS5A50Bfq+v8G15Yktc3XkiCCwHVCT9 |
MD5: | 2B56AEE801527E06A5EE1C59EC202CA0 |
SHA1: | BC7015AAB830700D5FD4A19A628417193082FDAC |
SHA-256: | A267EED8EF05A62C3A0EC8829D1ADE778C7942AE91DA390FD4DC46373583F730 |
SHA-512: | F12934985F41B801CC252B6C9597339E80DFA613F3A7DFB81FE0A82E8C7590E6E022700E18F5EE4D9B756017DF8F184030D85F80B207D2EC3B8EFDC4D56CD366 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 99328 |
Entropy (8bit): | 7.9982088197359325 |
Encrypted: | true |
SSDEEP: | 3072:WBcCViEN5ytzKb28P7zeJ8L54CZpwFBWrUI:WBcQcG2LJ8L5dwFB1I |
MD5: | D3D39AE5C5F89A1DAFB8E7FD2DB7A388 |
SHA1: | EB5D3EB4093D647240846C2211DE60EA710C70DD |
SHA-256: | E51EC6266337726224A9E53607C02F39E002FB42A7ABD81E9326F4767A315292 |
SHA-512: | DFCBD29F7FE8EB901DC7FE0D40B646B33A6CFFDDE41907A8DF3F4CBAE22309AF54A269B261311B760E3D4F4A46254E86BEC9ABFD8A601EA788ABBD322F475706 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 81920 |
Entropy (8bit): | 7.9976456111907925 |
Encrypted: | true |
SSDEEP: | 1536:szOmTPyRj28ZI5MlnJYP973eF8mIWR8jN4flP/ba:szf2p2iI5M1JYPt3dWR854flba |
MD5: | 1B82BFA2A5BAC845E80F8ECEF5422968 |
SHA1: | 924FA660F63FC7F695C35614FDB4C991BBAD83B9 |
SHA-256: | 5D65ED3F78CD2A58EEA4B787BCD2C2B360D092E42B66D7AE8BF9D40B2D8E3E29 |
SHA-512: | 969B681C000E047DCDA54E5874F2FCA730B3BACBB8C8140166A2223070D7C2E606D261C27334B70C9654A6F8D6C53CD7661DE04288335ADF7CB4A171B8235FC8 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 88064 |
Entropy (8bit): | 7.997813932172339 |
Encrypted: | true |
SSDEEP: | 1536:RvUvXE+1sOsUTwun8bOfXoT1eNWymESPwdgqyJD9fvOXoCTtDq1C0SOadtq:WvR1TFnVfXoT0MHPwdgqyJD9nkTaXSOr |
MD5: | 84CB1247F586ACF910335852D89296C8 |
SHA1: | 6F09511B2A50DC3174314435187371CA0CD58EF1 |
SHA-256: | 6D9D9C1AA649D941CD49A9AB6F496DAE66809685690E905F554173E3B6E51CF0 |
SHA-512: | FFE56EE6932E25B7C22BD897D80AED8417058C8B97B283EC058F1B4F33B20CECBF01195872F97C481808E95CA65C812E048A535F4C8FEB2672A5EA072566C182 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64512 |
Entropy (8bit): | 7.996864555833121 |
Encrypted: | true |
SSDEEP: | 1536:FN40dPcmfNu5w3G5GPWVc+hpxJ3TbY/8FwGbCdZLC5g9MsS:sMd3RWa+/xxYewGbCdZLC68 |
MD5: | 5C33E99D47CCEF024F335D3E3E2CB22C |
SHA1: | 142A30A52EEE8F085B973711EE73A967506384B7 |
SHA-256: | 0E1BE2B56B96B24806828BD7581AC69E5E23BF967C86EA5FF863A6F93BE2C147 |
SHA-512: | 17825EEC669A1857B883AD59E4F26B6D915FD859A9E16F6DF95E808990C1E977ED5A4B2B1551B7F7FEF07B3B7DAE5F0C30EB21357EA77EEB3814CC4B936CA8F6 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53248 |
Entropy (8bit): | 7.996742427668302 |
Encrypted: | true |
SSDEEP: | 768:XfA7daIQ5y7k1J44wr2RXfynL2CDecNJT+Ov/+fzxikTfpLLH0x/MrMIulEH:XfidVey7v2X+HDZzX6xi+pL4/MAN6 |
MD5: | BFD7EBAF2943D11671CB50806174EEDE |
SHA1: | 5C824449E6974EAF71D8FB0F570D4CE76BA831DD |
SHA-256: | 7B5D942BF8203B8CF9DFA5523BD932E36C16F91DFAB306B118E7B1ACDE7883D6 |
SHA-512: | C65E7486F08C0977DE958704EE61016E91B5691D43BB49AE41203BF7ABE0878203FABA1650C67F8C8B0F6276E5042E5BE6C8030968B922BF1117862BE89A1D04 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8753 |
Entropy (8bit): | 5.112168319183873 |
Encrypted: | false |
SSDEEP: | 192:/YjisELs0/sDOykocrtURbjM9hC4mJJSKz4wKL3RjtHH016:JsELRsfortQbjKhQJJDz6LBhHH0M |
MD5: | 679A660E6448E2D327012672F96E392B |
SHA1: | D076AF425395161DAAC0093BD2AC3224BF2C0D2C |
SHA-256: | F0C7D541CC3FAECBE583663B7F7EAE6379DF06024E1B7AD6E764A87446406469 |
SHA-512: | 844CB059456118947493905C19730BD09C87AB038FA19012D6E34F942B9B472042E757DA05C5BC8A254E79F6C376CB267F0897300CB40AD0716BAFF7C759BFFB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 90112 |
Entropy (8bit): | 7.998191478530064 |
Encrypted: | true |
SSDEEP: | 1536:jh29EJjOlr8dAGFblNJ2stjBTF1C9pVH7KWJ1LM5Y4e4kwkq:NbsruAGVlNYsL7yVH7KOeu47kq |
MD5: | E034B160F517322AA180947402FC4726 |
SHA1: | AE518CB0A0AFA46110075AE58160E2B724E62FA4 |
SHA-256: | 9FF4BA69743EDF76E919C3F83B55A29522E18FEDDA36097B43514849A763131E |
SHA-512: | 311E1481C631067BBE8FF2C4A45E7D53524AFA087017944AAFE76DE9D32359437366ABBBAFA28579D3934A9474C1796991905F0DCBA61A1A5FFC45BF543F2DEC |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 82944 |
Entropy (8bit): | 7.998145994072074 |
Encrypted: | true |
SSDEEP: | 1536:kH5qHzoufO+9jRkMSJGDDKKngNHUmMnkaVlPecEb389z8oUFV0DyA:IqTnOtq0R+qcEDi6FiDyA |
MD5: | 1BD686B0C4FC105AF901F7EA5E20282D |
SHA1: | 2957B83F6AE3E59363EF1BA782CBA99BF350B6E8 |
SHA-256: | ECD01318315464EF01AA0E927F6881AF55B31FAF9AE1CD8B82FC76858B031550 |
SHA-512: | E80F741F27A1063691027951EB0842EB42C2250CC7EE34B81F2D9C5962FF2577B0AC431EA385CA068BE722F7B9F51EF0FA940E2D63F555616ADE28543813BC7E |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 97280 |
Entropy (8bit): | 7.997924552621187 |
Encrypted: | true |
SSDEEP: | 1536:gJFgEMm0Ubjn/z1I30j75KICcHd0CQNRCOWTBH/xNadV86kxOVu2C2krv:GqEJfKICudnQNVWtH/xS86kR/r |
MD5: | B471AC38D30713C610628365D7A8F1DC |
SHA1: | D6A6DF5D5E60968060D43B88BF054825B44B2E94 |
SHA-256: | 45959E1300A85984E3C3D2F19EB4ABEFA4B48A3034B8E176B76F6F05E3F421F1 |
SHA-512: | 0BDBF2FAEEA0DF07C3B9D02257152F888F8DD069D64C6CD214C27E95AEF75E8F86698A046211F8F2117A81E84D966D32B64B782897F07E28706F19DBCD1F0BBE |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 58368 |
Entropy (8bit): | 7.996484306271761 |
Encrypted: | true |
SSDEEP: | 768:T/m82fcSbLTLihpebepRuGuKj+3ZSf3dM/uKM427lSnOCAdX6yRPOw07lIuFR6I9:T/IcILikepdj+3EtRKMLS1AdrRmbSuFB |
MD5: | 47C9EC7B6C30900125F9C283F239C5E5 |
SHA1: | BA10185B95B1AE93F054FFFEDD5FD4762512534C |
SHA-256: | 733895E0B9A8C5EEF309A3AD93D32BF5A84A9DD8EF07723A3EC6A017A82CF92F |
SHA-512: | 0BE3F07B210994D83918AF26ADBF964261DFF1E5DFD5F94116D4772E1BC4F1E7CAAD125C2D1F4E3D66D6DDC4438AAC4F69ED6CE355746B41E4978E88A9F20977 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 7.997603696023 |
Encrypted: | true |
SSDEEP: | 1536:K0/ThZjQLQ1Qs7MF8uROvZvA7yuF/vIst8qtNZCaYN03WUxNADxoKnoF8MzZJ4:KwhZjX7MpqhYyDWZCvNKdxNdKnxMzY |
MD5: | 38ECD691B129D30468C631716125D34B |
SHA1: | 84AF6131F0B352A18EB002A5D5794EEF84B24EF7 |
SHA-256: | A9C3B215805DB8032279F61713F96A78D20C68ABFA7EEBC3F655E7133727CB58 |
SHA-512: | 72618DFCDA4F1112BF5318CEC8433AB2B547F6B3BDD7ACED98F3B14E1573E7FAC56ACB6D3A05FF6863AD90C54FF5D71C0C52DA0961EF9B0A9CC3FB4F3F4892F8 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 91136 |
Entropy (8bit): | 7.997803378365791 |
Encrypted: | true |
SSDEEP: | 1536:J4cLv9ntPylKNgFxAVfHYt3kLZfY2xRbjvY6bO1qaO0ILtUXklpk:J3htPFNgP4vOkLZfzbjxbEqaO0cttk |
MD5: | 9BE20FC94B698A9D972B14E5B37768B2 |
SHA1: | 6FD4A8ECE9DFDA0BF1FA7F047BCDF986CA9FA74F |
SHA-256: | 9EC99DA4B772F610461C6F673EDA2BB7FCE625582C1B1C0D12ABA710CBFBA109 |
SHA-512: | 03B3C24E4ECDDDE971F8784D1FF0785C7566CB94AC6B4E3E0506C45093EAD87B3DF3781B39466BA81FC488042F8E8DB6D8074C2122D2F60ABB2DDC3069ADA9AB |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | modified |
Size (bytes): | 65536 |
Entropy (8bit): | 7.997308622711261 |
Encrypted: | true |
SSDEEP: | 1536:tSgycqJS85WzbTqwbocHaqefQ9MroNjQE+QdOTKzsZReX:tSgycqIAWzbPocHqAQOcReX |
MD5: | BD753E623939A3F022BB8D1ACDC2BE35 |
SHA1: | 089C637ACE82140B60043B21489399A4A3478151 |
SHA-256: | 70FDD7CADCD45A80247897EA762BF3A63EDAFAB81D519FFFD2D2830729423FA2 |
SHA-512: | 52EF1993FA316D5C57564E26B3B49EF70AADA9ACB0B29A383096370ACBD6E3C809DB42329D9C47CB271EFFBE49B25D49895E712696324EDDD724E898EF2FEA47 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 81920 |
Entropy (8bit): | 7.998052014024552 |
Encrypted: | true |
SSDEEP: | 1536:ggoTUqD3DIta9FXbWGAAXfhrGMY7j5q0v0DW52Tgj2u7lqdV7:ggEUqnItaF6GAAvhrfYxh8q528j2u7kL |
MD5: | 2B69517D24E1AE9B93162E70DB28BA34 |
SHA1: | 11A60A4350EC3C7857800E245F1FF4100721C971 |
SHA-256: | 01FC4E2A4A2706772EB50215D67724438B1B9C81CBB944CA592A3CB073516735 |
SHA-512: | 588DA1676170F9BFEC7FF5422A68FF02C0F4D2FF0E5116C8354ED871265FC0DD1D3284DED30EA8283A57B3E0A6929DFBE6FCB6451A0E579BE378059AED7DACC5 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41532 |
Entropy (8bit): | 7.995910903907069 |
Encrypted: | true |
SSDEEP: | 768:pd7ys6Lz6b6ThODbaGIQnwS2OqjU44Izt1pIPufUQ1E4vtDtrO0Y4zuHZQBt/:posG6GEuGIQwOEhzt1a2e0ZtK465QBZ |
MD5: | 3FB6C85BA8FED7019CF83091499DE1C0 |
SHA1: | 832DE29E8D56CE6F2E0E42733F6E62DFD5BB4FDC |
SHA-256: | 9C87FB38CCE451D80110F3FD76A212FD9C5547686BE7EB0AB81B90F2090017D8 |
SHA-512: | 18EA2A597791555FDC2495AA25D07B969F6D31B8AEFCFEA694EFCA13B2585488CD4BEC10D0591E3AC5088C781B9DB945E0D512FEBCAF778664446EC7FD282702 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 7.998139758861357 |
Encrypted: | true |
SSDEEP: | 1536:L998g9VFRGNmEjQxZk3DR1QGafNJYVm/zqn0YmfwCsbZAxcVzRcB0m0PfYr5ddTt:L7FRG+fooGuNJJzE01PsbZIcV/DPfyLP |
MD5: | 8F97CA1B16EFC43ADC9B72C20A2B3393 |
SHA1: | 954F461D873F95FF4F11F6A9E29905C456E606E8 |
SHA-256: | E3934941A6269308B585663DEFCFADFC8113D9B540E9ED18710E675DF4E5CFCB |
SHA-512: | 3FF407FE0277D2AF40FD990D0122DF657E2B8EE481F53B5AD17A58871C5AA75C5D5F4356AC87D7182E04C10AD23E16C78A68D143D31EA6E11E2E0427EC733AE2 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 7.997048256672015 |
Encrypted: | true |
SSDEEP: | 1536:LHsExnB7zCewI0w3YSEH1c8FUIcTAVNUL9ZwQwmKicKugh:rvb7zCew1w3jhyz3vQkch |
MD5: | D1CE1088B631506B85154BEE580CE826 |
SHA1: | C484BFA00D4CBF47A8AE382B03FE58014E7C2662 |
SHA-256: | 39DBE3F38F3EF0A96CFB2D812ECE4B575D4C3FAF1A74C4C703A73440FB7EC527 |
SHA-512: | C011DD6B51D5F7F255AC29C9C9E77E4A93659B03CBC1037BF4B08EE36A6D685B7E0C4493538EA934E5F8D7078C7BC11D49FA3B2740FC88F88FBBB250B7699AB6 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 68608 |
Entropy (8bit): | 7.997505856791043 |
Encrypted: | true |
SSDEEP: | 1536:EYwSnInSsSRui7gdt4u+sh5SZByP2rfLvyUHZQefoZEUljRQHugHThpm:EYznISsQui7gkn0+ByPYfLvyeJ+EWjRP |
MD5: | 80006C08DF1D8C82142E12DC2BB6E5F5 |
SHA1: | 6E7D86BE0DCE7B9E27B439849AF77B581CA209F3 |
SHA-256: | 38B182E33A88B93FB2F698E5E89CDB505348F499D45B90AB1BB015ACF99BE817 |
SHA-512: | D8C087CACA232A732425B34C3CE7BA149A1E7C59374847C4DA732A932FFD1D2646CC4593A8D406104F7FA6AB04B7FFD4C388B410E70B2D73D47B97E8490F3212 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1022 |
Entropy (8bit): | 3.530108892384297 |
Encrypted: | false |
SSDEEP: | 12:cNJtpxSGSGciuwSV3OcvC2Peiz3CH2VxgGskmXXUYzEvt+:4p4GSHitcnq2Pz3CWV2GPmUYQvs |
MD5: | 8C7664EE643017421C4D703C970A0810 |
SHA1: | 73B72515BC6CB734B0BDEC85437D7547FB0C1CF0 |
SHA-256: | E5588D932A3A243B12DFAA9BFDA491980842188C70C06A3C52E6EB0B6BB8608A |
SHA-512: | 4CCB256B2A0E9799601D5A99EB68C7FB02355A883763E98B270896181846753E3EE14B0E128F61DFFBC4AF909C8A063022F7B04043606F4C78EACAC771989686 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 82944 |
Entropy (8bit): | 7.997698095829368 |
Encrypted: | true |
SSDEEP: | 1536:e1HR5egLElRnLnezBWkArnoADA2E30EgBnr1C5PA3C+Sv9cvNJd1QX3pa:eDkTlRnmBW1rJ1EELJ1sP6+qrDeI |
MD5: | 2346A38B2E273FF30A9D18C753F6DE07 |
SHA1: | F4DED0078C5B4E20BFD2648154A8780C4077A456 |
SHA-256: | 4D0C4FC236C9FD9CC72D28E8FAEE1EDF39BF7AD6E774A78342C8EA71010573D8 |
SHA-512: | 5A7F6D78378D2D28A7D19698EFDF2BFCB9BE6FD066E1E144F19D8A34D1B1DCD569121D63DA6E66BC53BD485BBBC2C49D0132EA5A49D8CC73F9710AE3AEC1055F |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 58368 |
Entropy (8bit): | 7.9966284847393885 |
Encrypted: | true |
SSDEEP: | 768:nzviMs4Zz2+GYSziSnYAjRiHsRpiboZzQWiZE1jPOuUcYjlf8ItxHn6pni5YAV+A:DeKzfGRziSYJMAMQ8jPOpchCAotVjGBM |
MD5: | 377283970D6B60D8EF7371017F398780 |
SHA1: | 9F193E58BB429464C4DB7815CEE77D5BE2D63749 |
SHA-256: | C0C5C230D205D762AD6925C9E9F1C82A0504281CDEFF378E2FA2DE19F7405C28 |
SHA-512: | F8AA114F216A6E0FA8FC472A85FB9D39781A21E7D9E1BBF9B5D7CB79E4ED8A2BC04F30E2AE4EB4430662DA5E046407C16E63BEF6FEED24731FA696FDB9F391F5 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1064140 |
Entropy (8bit): | 6.439726841092861 |
Encrypted: | false |
SSDEEP: | 24576:JAwciuvaj8l4LEWumcKYB5Wek2vY+BYssmNolbmmPmJ4Ve+aaWBS:JALTBaLETmcKYB5WH2AwjsLbmmPmJ4Vt |
MD5: | 814A4C38BD3E7D17927C132FD6BE882D |
SHA1: | 9025F9305DC25E162060C31AB8FDCCDF568DF4F3 |
SHA-256: | 364F4CE6D551C14F1000A6E6353296B5E784387A6BA8DF5C3A0F47649F7C2985 |
SHA-512: | 61FC9DDB2ED0B49BD613BEBAE345BA1D0F3B8BFFFBB47F67997EFD7F0042AE10D1CA5464E52BE8FFC26A74DDD3AF06C9262203893F99400E4838CBDE140742BD |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73728 |
Entropy (8bit): | 7.997261740056317 |
Encrypted: | true |
SSDEEP: | 1536:D8/RV1mOHCz8BATYsWig+v7zrns+Mz/jllq2Of9Nt:IZ3X1VsWi9/s+0LPDOf9Nt |
MD5: | B1C6DA290068DCD40A18C1BC49189EE9 |
SHA1: | F9885BE86C07FF96D43234EDD773B035035B36CF |
SHA-256: | 3ECA627685B19D1B508AC7A4D63AA35FBE6BF113571C61D1E7237DC190A55C51 |
SHA-512: | EDF8A13CD6D8677052F46084B4F372DE7FBF72E924204CCD2CF86873C3BD25B0F3D96B647A87B71C49968EA138FB6DE6741FECEA999148DDC77ED7871226344E |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 96256 |
Entropy (8bit): | 7.997930512621656 |
Encrypted: | true |
SSDEEP: | 1536:lFrwS3X8MnqhwRGcYDBjd7rWT9xhdqwfw+7aJFl0y8GWG6SfTvdS+FizXxt+d1tU:jgh8GjHo9xf1fcFl0YRTrQCf6sa |
MD5: | E78BEDBC8F2BA8212C13FA11EC970FD2 |
SHA1: | 7E0D85EF797744B6ED2CE4DD200EE5E58B670C68 |
SHA-256: | 4604236A20247E8F9346AA352DFB240CB550AD0CD1A96CDD23DD364B36357FBC |
SHA-512: | C09C5B116F119EAD2699CFC4E7ED59C78DBA95A3E6577C05EB4B82D109C04FFB6029359150DDBD5B8DA860ED8A838C568EA845887AD0F298692FA51FA1348AC5 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69632 |
Entropy (8bit): | 7.997491195832333 |
Encrypted: | true |
SSDEEP: | 1536:ZnumNW06s8Mpi4iczEBjV2AHKhB1otCRMamawqa2hLyWq:gIWzYi4iczER9HK1ECRdmawrgLE |
MD5: | 8EB31452FC71D6705F49585FB70A99B1 |
SHA1: | 7EC047C13954774C901A071B2A6785B8CB6941C9 |
SHA-256: | 26B595C679D843BD50CE39C6DE1CFFC5BAABD595B66EC0686BE9A905A38777CB |
SHA-512: | 5FCC7E47317A4EDAE29B39E5FA1002778AE82BF02D4A97EE298A4F028CF02CE183D02F14B55FEB867D9350F1C81B62E643FF651D260167E58ABFE5D4DB07FBAF |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 81920 |
Entropy (8bit): | 7.997727452482501 |
Encrypted: | true |
SSDEEP: | 1536:uDsBS/pORcHC9k95vSjC4qQ7EKpq1kt78wPMmoNqau1Nq5RvGO1bN9PzJHHe5:u/OR+dKxq1ktA/VNyTqPvGO1bN9PzJs |
MD5: | 98299EB5E90AA1A7D6CF5BDB829E3872 |
SHA1: | 081ED2D78FA1D4BB8FD8F31F861323DAD5534C49 |
SHA-256: | A1050FBFF70B206021A797773F9ACC047B3151DC52EF3BED10D6B28AE7C66554 |
SHA-512: | 44215DCC775A5C0E3BF654D2052C73085D5AC168032C2813382EAA87EBC919160E905AB132BF483257FE62D89C86B40FDC46EA782EF5FCF26C45F77AD5D4C5A1 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54272 |
Entropy (8bit): | 7.996646849887946 |
Encrypted: | true |
SSDEEP: | 1536:Bzl18XkLg9MM/YOQYe/+EPgxvh7AB8nEt:1Lg9Mk1e/+E4z7Ab |
MD5: | F87009BFB39149D32AF82E0146CDE3B7 |
SHA1: | C4FAED10F201924FE6A30B9C6AE42265B943D424 |
SHA-256: | FC8E5A71410CDA9E50E18B3A2080C6391A36ED4C26AFFA1AC178C44C97C1B65B |
SHA-512: | B5EF875C716F739B508D3315A67C2053C0D8C5AE2F818A1C2E53DB7BB1CF086636C4DB1F7116FA43C2790BE06B7C307A86F530C4C479A8EEEF74DC35219845E0 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 76800 |
Entropy (8bit): | 7.997267792102631 |
Encrypted: | true |
SSDEEP: | 1536:x1C2pHGCprwRfp/ise1pbGp+7EKp+8/Rst4XREh+3dxMsNoyvBhelpZCx:FdGCWRYse1pqOEKpTZBhEh+vNo+hI2x |
MD5: | 54DD729C1B5F4E3588FE8552FCC661E8 |
SHA1: | FF83067BCE2D5D57A6CD5731992196043B42DDA7 |
SHA-256: | 4C05689E573BFEFA7473996F77C0BA935650CC7D361A38A4BA889432866B7D7D |
SHA-512: | D7192A9ADF72C1789476B1BF44BF7ADA47BA1E29649E23B4B6B838F9FE984EC3C3D82CF569E3D1C6AC640D1FAF16FAFD466C3079853670248C611FCD060D8771 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.30838613676383 |
TrID: |
|
File name: | wWk9NkXYcL.exe |
File size: | 23'265'280 bytes |
MD5: | 3a1ccc44a0aa6f397c3b2eacf6d4c526 |
SHA1: | 62d0b00435893cae171ddf6b2b5d964f608db84e |
SHA256: | e606e3e72dfaabb3b398d7f7b2b221675038da19080c69c41bd3005066d94f50 |
SHA512: | 4373ae343d6f6c4f84359f8d879a6d4b1275e9245762fc592ef7feace7257b95843775c13c48f8d1a2abdeaf8449f5f4103938fc2527fac26efbb316968b3b08 |
SSDEEP: | 196608:Z8VG/O42OzpufDGQVegTH0DdR4gTH0DdR4gTH0DdR4gTH0DdR4gTH0DdR4gTH0Ds:Z8EOVGpiFVgQQQQQQ |
TLSH: | FA372393C32708B1F57D903A08B6BA338E2E55DF7221959A67CF0BFFB149EC5059A424 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.ydx..7x..7x..7_Hz7{..7_Hl7i..7x..7...7q..7s..7q..7y..7q..7y..7Richx..7........................PE..L....l.K.................h. |
Icon Hash: | 6062e0e2d8c4fc08 |
Entrypoint: | 0x403415 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4BC06CDA [Sat Apr 10 12:19:38 2010 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | bf95d1fc1d10de18b32654b123ad5e1f |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push ebp |
push esi |
push edi |
push 00000020h |
xor ebp, ebp |
pop esi |
mov dword ptr [esp+18h], ebp |
mov dword ptr [esp+10h], 00408570h |
mov dword ptr [esp+14h], ebp |
call dword ptr [00408030h] |
push 00008001h |
call dword ptr [004080B4h] |
push ebp |
call dword ptr [004082B0h] |
push 00000008h |
mov dword ptr [0047B398h], eax |
call 00007F7668EECC6Ch |
push ebp |
push 000002B4h |
mov dword ptr [0047B2B0h], eax |
lea eax, dword ptr [esp+38h] |
push eax |
push ebp |
push 0040856Ch |
call dword ptr [00408180h] |
push 00408554h |
push 004732A0h |
call 00007F7668EECB3Ah |
call dword ptr [004080B0h] |
push eax |
mov edi, 004CC0A0h |
push edi |
call 00007F7668EECB28h |
push ebp |
call dword ptr [00408130h] |
cmp word ptr [004CC0A0h], 0022h |
mov dword ptr [0047B2B8h], eax |
mov eax, edi |
jne 00007F7668EEA50Ah |
push 00000022h |
pop esi |
mov eax, 004CC0A2h |
push esi |
push eax |
call 00007F7668EEC7FCh |
push eax |
call dword ptr [00408250h] |
mov esi, eax |
mov dword ptr [esp+1Ch], esi |
jmp 00007F7668EEA591h |
push 00000020h |
pop ebx |
cmp ax, bx |
jne 00007F7668EEA509h |
inc esi |
inc esi |
cmp word ptr [esi], bx |
je 00007F7668EEA4FBh |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8afc | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xfd000 | 0x4a168 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x2e7902 | 0x31c0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2c0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x671c | 0x6800 | 8bb8f6dca80ad27cbdbce9816ab6ae7c | False | 0.6644381009615384 | data | 6.50478910452928 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x19d6 | 0x1a00 | 161b329b4c70ce4fbd9c1143e738896b | False | 0.4480168269230769 | data | 5.026839717718007 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x7139c | 0x200 | 140876ba314e7bc36379ee5c6db80876 | False | 0.271484375 | data | 1.7360077526852977 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x7c000 | 0x81000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xfd000 | 0x4a168 | 0x4a200 | 6045c79daf0df2fcc23695e835aa8ed3 | False | 0.14129360771500843 | data | 3.8002785037819753 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xfd208 | 0x44028 | Device independent bitmap graphic, 256 x 512 x 32, image size 278528 | English | United States | 0.11365627064127969 |
RT_ICON | 0x141230 | 0x5638 | Device independent bitmap graphic, 72 x 144 x 32, image size 22032 | English | United States | 0.4416908300108735 |
RT_DIALOG | 0x146868 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0x146968 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0x146a88 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0x146ae8 | 0x22 | data | English | United States | 0.9411764705882353 |
RT_VERSION | 0x146b10 | 0x380 | data | English | United States | 0.4419642857142857 |
RT_MANIFEST | 0x146e90 | 0x2d6 | XML 1.0 document, ASCII text, with very long lines (726), with no line terminators | English | United States | 0.5647382920110193 |
DLL | Import |
---|---|
KERNEL32.dll | SetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, MulDiv, lstrlenA, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW |
USER32.dll | ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, FindWindowExW, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, IsWindow |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-12T21:26:46.244720+0200 | 2054709 | ET MALWARE PrivateLoader CnC Activity (GET) | 1 | 192.168.2.7 | 49704 | 195.10.205.48 | 80 | TCP |
2024-09-12T21:26:54.244678+0200 | 2054709 | ET MALWARE PrivateLoader CnC Activity (GET) | 1 | 192.168.2.7 | 49705 | 193.233.232.86 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 12, 2024 21:26:38.273044109 CEST | 49704 | 80 | 192.168.2.7 | 195.10.205.48 |
Sep 12, 2024 21:26:38.356275082 CEST | 80 | 49704 | 195.10.205.48 | 192.168.2.7 |
Sep 12, 2024 21:26:38.356380939 CEST | 49704 | 80 | 192.168.2.7 | 195.10.205.48 |
Sep 12, 2024 21:26:38.356565952 CEST | 49704 | 80 | 192.168.2.7 | 195.10.205.48 |
Sep 12, 2024 21:26:38.361618042 CEST | 80 | 49704 | 195.10.205.48 | 192.168.2.7 |
Sep 12, 2024 21:26:46.244719982 CEST | 49704 | 80 | 192.168.2.7 | 195.10.205.48 |
Sep 12, 2024 21:26:46.248982906 CEST | 49705 | 80 | 192.168.2.7 | 193.233.232.86 |
Sep 12, 2024 21:26:46.417675972 CEST | 80 | 49705 | 193.233.232.86 | 192.168.2.7 |
Sep 12, 2024 21:26:46.417779922 CEST | 49705 | 80 | 192.168.2.7 | 193.233.232.86 |
Sep 12, 2024 21:26:46.417933941 CEST | 49705 | 80 | 192.168.2.7 | 193.233.232.86 |
Sep 12, 2024 21:26:46.422954082 CEST | 80 | 49705 | 193.233.232.86 | 192.168.2.7 |
Sep 12, 2024 21:26:54.244678020 CEST | 49705 | 80 | 192.168.2.7 | 193.233.232.86 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 12, 2024 21:26:09.224596977 CEST | 58687 | 53 | 192.168.2.7 | 1.1.1.1 |
Sep 12, 2024 21:26:09.246236086 CEST | 53 | 58687 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 12, 2024 21:26:09.224596977 CEST | 192.168.2.7 | 1.1.1.1 | 0x3293 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 12, 2024 21:26:09.246236086 CEST | 1.1.1.1 | 192.168.2.7 | 0x3293 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49704 | 195.10.205.48 | 80 | 6196 | C:\Users\user\AppData\Local\Temp\473638\Element.pif |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 12, 2024 21:26:38.356565952 CEST | 219 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49705 | 193.233.232.86 | 80 | 6196 | C:\Users\user\AppData\Local\Temp\473638\Element.pif |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 12, 2024 21:26:46.417933941 CEST | 220 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:26:05 |
Start date: | 12/09/2024 |
Path: | C:\Users\user\Desktop\wWk9NkXYcL.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 23'265'280 bytes |
MD5 hash: | 3A1CCC44A0AA6F397C3B2EACF6D4C526 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:26:05 |
Start date: | 12/09/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x410000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:26:05 |
Start date: | 12/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 15:26:06 |
Start date: | 12/09/2024 |
Path: | C:\Windows\SysWOW64\tasklist.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa00000 |
File size: | 79'360 bytes |
MD5 hash: | 0A4448B31CE7F83CB7691A2657F330F1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 5 |
Start time: | 15:26:06 |
Start date: | 12/09/2024 |
Path: | C:\Windows\SysWOW64\findstr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x560000 |
File size: | 29'696 bytes |
MD5 hash: | F1D4BE0E99EC734376FDE474A8D4EA3E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 6 |
Start time: | 15:26:07 |
Start date: | 12/09/2024 |
Path: | C:\Windows\SysWOW64\tasklist.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa00000 |
File size: | 79'360 bytes |
MD5 hash: | 0A4448B31CE7F83CB7691A2657F330F1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 7 |
Start time: | 15:26:07 |
Start date: | 12/09/2024 |
Path: | C:\Windows\SysWOW64\findstr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x560000 |
File size: | 29'696 bytes |
MD5 hash: | F1D4BE0E99EC734376FDE474A8D4EA3E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 10 |
Start time: | 15:26:07 |
Start date: | 12/09/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x410000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 15:26:07 |
Start date: | 12/09/2024 |
Path: | C:\Windows\SysWOW64\findstr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x560000 |
File size: | 29'696 bytes |
MD5 hash: | F1D4BE0E99EC734376FDE474A8D4EA3E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 14 |
Start time: | 15:26:07 |
Start date: | 12/09/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x410000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 17 |
Start time: | 15:26:08 |
Start date: | 12/09/2024 |
Path: | C:\Users\user\AppData\Local\Temp\473638\Element.pif |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c5870000 |
File size: | 1'065'128 bytes |
MD5 hash: | C63860691927D62432750013B5A20F5F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 18 |
Start time: | 15:26:08 |
Start date: | 12/09/2024 |
Path: | C:\Windows\SysWOW64\choice.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 28'160 bytes |
MD5 hash: | FCE0E41C87DC4ABBE976998AD26C27E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 21 |
Start time: | 16:57:18 |
Start date: | 12/09/2024 |
Path: | C:\Users\user\AppData\Local\Temp\473638\Element.pif |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c5870000 |
File size: | 1'065'128 bytes |
MD5 hash: | C63860691927D62432750013B5A20F5F |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 25 |
Start time: | 16:57:40 |
Start date: | 12/09/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7350b0000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 13.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 21.4% |
Total number of Nodes: | 1325 |
Total number of Limit Nodes: | 22 |
Graph
Function 00403415 Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 307filestringcomCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004053F8 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 227stringregistrylibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402EE7 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 175fileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004018D7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 147stringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040172D Relevance: 6.1, APIs: 4, Instructions: 55COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401CC9 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 71memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040139B Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004058FE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004058DE Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401F9B Relevance: 1.5, APIs: 1, Instructions: 43COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040188D Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402E9E Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403360 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402ED0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401646 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004033EB Relevance: 1.3, APIs: 1, Instructions: 11COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405C70 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040447D Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404BB4 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 290windowclipboardmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040400B Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 272stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406559 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 162filestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402218 Relevance: 1.6, APIs: 1, Instructions: 120comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004029F1 Relevance: 1.5, APIs: 1, Instructions: 28fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406E34 Relevance: .3, Instructions: 348COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040680A Relevance: .3, Instructions: 305COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403C1F Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 212windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040635B Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 163filestringmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004060CA Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 218stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403952 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040434F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004020AF Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401D76 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403F13 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401EF0 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402E3A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405C29 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004043CD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406042 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040243C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004056EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405864 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 0.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 392 |
Total number of Limit Nodes: | 12 |
Graph
Function 0000021925C730D0 Relevance: 178.7, APIs: 1, Strings: 100, Instructions: 1909COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C68CB0 Relevance: 76.7, APIs: 17, Strings: 26, Instructions: 1451registryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925CD32F0 Relevance: 35.3, APIs: 10, Strings: 10, Instructions: 338COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925CD3480 Relevance: 35.2, APIs: 10, Strings: 10, Instructions: 246COMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D58ABC Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5894364 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 122threadkeyboardwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5878790 Relevance: 38.0, APIs: 25, Instructions: 475windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5872820 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5874528 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 223COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58B2290 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 366timeCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5873B64 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 140windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C6DCD0 Relevance: 17.9, APIs: 2, Strings: 8, Instructions: 424COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591AE10 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C5C8E0 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 451COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58724D4 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 381COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C6A4D0 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 352COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5908CB0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 331COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D5D8B4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D5E2FC Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58F368C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925CC99B0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 484COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AAD08 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D4C004 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5871990 Relevance: 7.6, APIs: 5, Instructions: 124keyboardCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58A76EC Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58B2BB0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C6D8B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5895A40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925CD5AFC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D56D38 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D5DC10 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D5DCE0 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D569A4 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925CE7440 Relevance: 1.5, APIs: 1, Instructions: 11encryptionCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AFBB0 Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5895850 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3C038 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591F0C0 Relevance: 49.7, APIs: 33, Instructions: 231windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591F418 Relevance: 39.2, APIs: 26, Instructions: 179windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3F910 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C59219D4 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 162windowfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5920898 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175windowlibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5920B50 Relevance: 22.6, APIs: 15, Instructions: 131filememorywindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58F15FC Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 388COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D40760 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 359COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58DB6A8 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3DDFC Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58EAA78 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 188windowsleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58F3C14 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 135COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58E7A88 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 128windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D5626C Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5871504 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 167windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58F3E90 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 149COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591B590 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3BCE4 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D418EC Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 192COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5874B64 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 178registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58743D8 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 143windowtimeregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3D644 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AD394 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58E7CB0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 77windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5873EF8 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57windowregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C59214FC Relevance: 15.2, APIs: 10, Instructions: 209windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5879924 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 435COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5878248 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 289comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5907FD8 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 231COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925CE6F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591ABC4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3F34C Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5873CEC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60windowregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58B24E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155timeCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C59212A4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58EA6DC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D56A20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58EB400 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 70windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58ECC44 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D4D684 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58B0A4C Relevance: 10.8, APIs: 7, Instructions: 294COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D513C0 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D416E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3BA2C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3D840 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591B754 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D61E90 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5873E24 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5899EE4 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 492COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3D968 Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5880350 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 119COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D563E4 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C6FF10 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 300COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3F094 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925CD2F90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 140stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58A98C8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 121COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C599A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5875648 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D40CB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5919C5C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowlibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5898FF4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58B8844 Relevance: 7.8, APIs: 5, Instructions: 265COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AEB98 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AE50C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58B2828 Relevance: 7.6, APIs: 5, Instructions: 133COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AB8BC Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AF864 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D564AC Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58F0740 Relevance: 7.5, APIs: 5, Instructions: 33synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D58D84 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AFED0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 205COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5874CFC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 184comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C589B078 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58A5EF8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58A61B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C64CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58EAD28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AE938 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591BCCC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3DC94 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591C010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591AA64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58746E4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591B97C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5898612 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58E38DC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58771C4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C587720C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3D1B4 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AC5BC Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3FDC8 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AB608 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C5C000 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 407COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58ACB08 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C67D60 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 230COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58E22F8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 200comCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58ACF38 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C67420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C67960 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D36A50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D5214C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591A67C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5900DE4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591BA9C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58ADAC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D3D0A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591A938 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591A0DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C591A448 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58AFC20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925D363F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5920624 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58B1444 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0000021925C593F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58B138C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58B1378 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C58B1200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5897450 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FF6C5895468 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|