Edit tour
Windows
Analysis Report
file.exe
Overview
General Information
| Sample name: | file.exe |
| Analysis ID: | 1518425 |
| MD5: | 7a1336cb114d90e0f64b7d29f29bbda8 |
| SHA1: | c8fe455d1bc2e8117236b58c952fd920cc87f166 |
| SHA256: | ec92d229701dbcc7e54bc124c94e917c05adc13bdaba3a67e3e00180735ff888 |
| Tags: | exeuser-jstrosch |
| Infos: | |
 | |
Detection
| Score: | 76 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Renames NTDLL to bypass HIPS
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Detected potential crypto function
Drops PE files
Enables debug privileges
Enables driver privileges
Enables security privileges
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
file.exe (PID: 5956 cmdline: "C:\Users\ user\Deskt op\file.ex e" MD5: 7A1336CB114D90E0F64B7D29F29BBDA8)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Binary or memory string: | memstr_8b205abc-2 | |
| Source: | Code function: | 0_2_00401206 | |
| Source: | Code function: | 0_2_005062DB | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Classification label: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_007609D3 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00754B9A | |
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Code function: | 0_2_005F509E | |
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_007609D3 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00772830 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 LSASS Driver | 1 Process Injection | 1 Process Injection | 11 Input Capture | 1 Security Software Discovery | Remote Services | 11 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 LSASS Driver | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 3 Obfuscated Files or Information | Security Account Manager | 3 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Software Packing | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 87% | ReversingLabs | Win32.Infostealer.Tinba | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1518425 |
| Start date and time: | 2024-09-25 17:27:00 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 58s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | file.exe |
| Detection: | MAL |
| Classification: | mal76.evad.winEXE@1/2@0/0 |
| EGA Information: |
|
| HCA Information: | Failed |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- VT rate limit hit for: file.exe
⊘No simulations
⊘No context
⊘No context
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\4db659.tmp | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Bdaejec | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| C:\Users\user\AppData\Local\Temp\4db5eb.tmp | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | ADWIND, Lokibot, Ramnit, Sality | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Bdaejec | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Process: | C:\Users\user\Desktop\file.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1699896 |
| Entropy (8bit): | 6.290547513916722 |
| Encrypted: | false |
| SSDEEP: | 24576:0Na0qyFU/vb313JPCGucMBbruVALdpNQHKl3y9UfSj6HYZY8zCixcq:kFU3b3HucMBbrb/qj98deCNq |
| MD5: | 5564A98A4692BA8B2D25770FB834D5F6 |
| SHA1: | 129D030D817F6B25D1FDEF2CAD33EB81DE1DEA8B |
| SHA-256: | 28AB9A0F5F50FD5398324B5EC099F5C53C6FAA701C3F6D8B0B3DA47A76C56230 |
| SHA-512: | D803E2E3425095E170910103A4470C598FD4A9A10C1217A006A6393CD1ECA06D1C628E845F6FD1071F1C92778D481F47E4E5F175005FEC2CB0A7519C90992858 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\file.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1679648 |
| Entropy (8bit): | 5.3288490918902225 |
| Encrypted: | false |
| SSDEEP: | 24576:nB79uCigstmh6JVZ3et1NtJJBwuCx59U4IgL5pc6:JXh2LeXJBwuOTU4I56 |
| MD5: | 2E8AB67DC55089DFBCBFA7710BD15B07 |
| SHA1: | 159434853CE512029314C6B70070220D251A924A |
| SHA-256: | 2BCC4FD8A4D3C4033A81702E1B685860BE78D6F1A7E980F2E7593C59656F2706 |
| SHA-512: | 7898B7B48685A2079BC77210464C448025E5BECB25EDDF3FB612A320B627FDB45AFF12D4913ADA98524E2C4718D74E911CE007F4DE6E3F2BB7184CDFAC5A0E5F |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.332202119447142 |
| TrID: |
|
| File name: | file.exe |
| File size: | 5'603'328 bytes |
| MD5: | 7a1336cb114d90e0f64b7d29f29bbda8 |
| SHA1: | c8fe455d1bc2e8117236b58c952fd920cc87f166 |
| SHA256: | ec92d229701dbcc7e54bc124c94e917c05adc13bdaba3a67e3e00180735ff888 |
| SHA512: | 9376a69c1cc17d478baa49a191e86a33a190397eba3ca7e11a772786c60d819ba70282dc1abc050d0680002cc8f2ac0eb98335cf266e74bcce214254164b1aa8 |
| SSDEEP: | 98304:mKgVAhl+8ewKd249PMCVe9kCh7bT8Y5D3dV4JM8jUCYHMR1HLqZBYMg:mKgVAhl+8id249PMCVe9kCh7bT8Y5D3m |
| TLSH: | B1464A23B152C061E50515B015A0DB382E763AB86C7E86AFFBF0DDA57DB08B1C7B261D |
| File Content Preview: | MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......a...%..F%..F%..FJ..F,..FJ..F#..F^..F+..Fs..F...F...F'..F...F...F%..F...FG..F...F#..F$..F#..Fq..F...F$..F...FP..F6..F,..F...F... |
 | |
| Icon Hash: | 66c4c44a6c668c72 |
| Entrypoint: | 0x750540 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | |
| Time Stamp: | 0x66E98455 [Tue Sep 17 13:29:57 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 14ac16b6ab41482a6dec812b524ddab4 |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| push FFFFFFFFh |
| push 008674A0h |
| push 00753EE4h |
| mov eax, dword ptr fs:[00000000h] |
| push eax |
| mov dword ptr fs:[00000000h], esp |
| sub esp, 58h |
| push ebx |
| push esi |
| push edi |
| mov dword ptr [ebp-18h], esp |
| call dword ptr [0077B200h] |
| xor edx, edx |
| mov dl, ah |
| mov dword ptr [009BF180h], edx |
| mov ecx, eax |
| and ecx, 000000FFh |
| mov dword ptr [009BF17Ch], ecx |
| shl ecx, 08h |
| add ecx, edx |
| mov dword ptr [009BF178h], ecx |
| shr eax, 10h |
| mov dword ptr [009BF174h], eax |
| push 00000001h |
| call 00007FD14CB220A4h |
| pop ecx |
| test eax, eax |
| jne 00007FD14CB1A6CAh |
| push 0000001Ch |
| call 00007FD14CB1A788h |
| pop ecx |
| call 00007FD14CB21E4Fh |
| test eax, eax |
| jne 00007FD14CB1A6CAh |
| push 00000010h |
| call 00007FD14CB1A777h |
| pop ecx |
| xor esi, esi |
| mov dword ptr [ebp-04h], esi |
| call 00007FD14CB21C7Dh |
| call dword ptr [0077B448h] |
| mov dword ptr [009C4944h], eax |
| call 00007FD14CB21B3Bh |
| mov dword ptr [009BF0E0h], eax |
| call 00007FD14CB218E4h |
| call 00007FD14CB21826h |
| call 00007FD14CB1EC76h |
| mov dword ptr [ebp-30h], esi |
| lea eax, dword ptr [ebp-5Ch] |
| push eax |
| call dword ptr [0077B2ACh] |
| call 00007FD14CB217B7h |
| mov dword ptr [ebp-64h], eax |
| test byte ptr [ebp-30h], 00000001h |
| je 00007FD14CB1A6C8h |
| movzx eax, word ptr [ebp+00h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x474058 | 0x190 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5c5000 | 0x8aa8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x37b000 | 0x878 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x37944e | 0x37a000 | 379a58168dfffa03660d8471fd03c823 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x37b000 | 0xfbcf8 | 0xfc000 | f796a927937884ac8f7f460d90cd8d4f | False | 0.5729941716269841 | data | 6.5988962951107135 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x477000 | 0x14d94a | 0xd8000 | 1c0120b524d300df6e961b24013b1b9c | False | 0.5099973325376157 | data | 5.576805928304713 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x5c5000 | 0x8aa8 | 0x9000 | 7a253bdaf65e2c2df38c6fcf55188ed0 | False | 0.4484320746527778 | data | 5.885356181019409 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x5c5f88 | 0xb | ASCII text, with no line terminators | Chinese | China | 1.7272727272727273 |
| TEXTINCLUDE | 0x5c5f94 | 0x16 | data | Chinese | China | 1.3636363636363635 |
| TEXTINCLUDE | 0x5c5fac | 0x151 | C source, ASCII text, with CRLF line terminators | Chinese | China | 0.6201780415430267 |
| WAVE | 0x5c6100 | 0x1448 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz | Chinese | China | 0.8330123266563945 |
| RT_CURSOR | 0x5c7548 | 0x134 | data | Chinese | China | 0.5811688311688312 |
| RT_CURSOR | 0x5c767c | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.37662337662337664 |
| RT_CURSOR | 0x5c77b0 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.4805194805194805 |
| RT_CURSOR | 0x5c78e4 | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | Chinese | China | 0.7 |
| RT_CURSOR | 0x5c7998 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967292, 3840 elements, 2nd "\377\370\017\377\377\374\037\377\377\376?\377\377\377\177\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | Chinese | China | 0.32792207792207795 |
| RT_CURSOR | 0x5c7acc | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967288, 3840 elements, 2nd "\377\370\037\377\377\370\037\377\377\370\037\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | Chinese | China | 0.3246753246753247 |
| RT_CURSOR | 0x5c7c00 | 0x134 | data | Italian | Italy | 0.37012987012987014 |
| RT_CURSOR | 0x5c7d34 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | Italian | Italy | 0.5097402597402597 |
| RT_CURSOR | 0x5c7e68 | 0x134 | data | Italian | Italy | 0.487012987012987 |
| RT_BITMAP | 0x5c7f9c | 0x1002 | Device independent bitmap graphic, 104 x 13 x 24, image size 4058, resolution 2834 x 2834 px/m | Chinese | China | 0.349194729136164 |
| RT_BITMAP | 0x5c8fa0 | 0x16c | Device independent bitmap graphic, 39 x 13 x 4, image size 260 | Chinese | China | 0.3598901098901099 |
| RT_BITMAP | 0x5c910c | 0x248 | Device independent bitmap graphic, 64 x 15 x 4, image size 480 | Chinese | China | 0.3407534246575342 |
| RT_BITMAP | 0x5c9354 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | Chinese | China | 0.4444444444444444 |
| RT_BITMAP | 0x5c9498 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.26453488372093026 |
| RT_BITMAP | 0x5c95f0 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.2616279069767442 |
| RT_BITMAP | 0x5c9748 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.2441860465116279 |
| RT_BITMAP | 0x5c98a0 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.24709302325581395 |
| RT_BITMAP | 0x5c99f8 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.2238372093023256 |
| RT_BITMAP | 0x5c9b50 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240 | Chinese | China | 0.19476744186046513 |
| RT_BITMAP | 0x5c9ca8 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240 | Chinese | China | 0.20930232558139536 |
| RT_BITMAP | 0x5c9e00 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240 | Chinese | China | 0.18895348837209303 |
| RT_BITMAP | 0x5c9f58 | 0x5e4 | Device independent bitmap graphic, 70 x 39 x 4, image size 1404 | Chinese | China | 0.34615384615384615 |
| RT_BITMAP | 0x5ca53c | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | Chinese | China | 0.44565217391304346 |
| RT_BITMAP | 0x5ca5f4 | 0x16c | Device independent bitmap graphic, 39 x 13 x 4, image size 260 | Chinese | China | 0.28296703296703296 |
| RT_BITMAP | 0x5ca760 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | Chinese | China | 0.37962962962962965 |
| RT_ICON | 0x5ca8a4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Chinese | China | 0.26344086021505375 |
| RT_ICON | 0x5cab8c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Chinese | China | 0.41216216216216217 |
| RT_ICON | 0x5cacb4 | 0xc44 | Device independent bitmap graphic, 32 x 62 x 24, image size 3100, resolution 2835 x 2835 px/m | 0.9168789808917197 | ||
| RT_MENU | 0x5cb8f8 | 0xc | data | Chinese | China | 1.5 |
| RT_MENU | 0x5cb904 | 0x284 | data | Chinese | China | 0.5 |
| RT_DIALOG | 0x5cbb88 | 0x98 | data | Chinese | China | 0.7171052631578947 |
| RT_DIALOG | 0x5cbc20 | 0x17a | data | Chinese | China | 0.5185185185185185 |
| RT_DIALOG | 0x5cbd9c | 0xfa | data | Chinese | China | 0.696 |
| RT_DIALOG | 0x5cbe98 | 0xea | data | Chinese | China | 0.6239316239316239 |
| RT_DIALOG | 0x5cbf84 | 0x8ae | data | Chinese | China | 0.39603960396039606 |
| RT_DIALOG | 0x5cc834 | 0xb2 | data | Chinese | China | 0.7359550561797753 |
| RT_DIALOG | 0x5cc8e8 | 0xcc | data | Chinese | China | 0.7647058823529411 |
| RT_DIALOG | 0x5cc9b4 | 0xb2 | data | Chinese | China | 0.6629213483146067 |
| RT_DIALOG | 0x5cca68 | 0xe2 | data | Chinese | China | 0.6637168141592921 |
| RT_DIALOG | 0x5ccb4c | 0x18c | data | Chinese | China | 0.5227272727272727 |
| RT_STRING | 0x5cccd8 | 0x50 | data | Chinese | China | 0.85 |
| RT_STRING | 0x5ccd28 | 0x2c | data | Chinese | China | 0.5909090909090909 |
| RT_STRING | 0x5ccd54 | 0x78 | data | Chinese | China | 0.925 |
| RT_STRING | 0x5ccdcc | 0x1c4 | data | Chinese | China | 0.8141592920353983 |
| RT_STRING | 0x5ccf90 | 0x12a | data | Chinese | China | 0.5201342281879194 |
| RT_STRING | 0x5cd0bc | 0x146 | data | Chinese | China | 0.6288343558282209 |
| RT_STRING | 0x5cd204 | 0x40 | data | Chinese | China | 0.65625 |
| RT_STRING | 0x5cd244 | 0x64 | data | Chinese | China | 0.73 |
| RT_STRING | 0x5cd2a8 | 0x1d8 | data | Chinese | China | 0.6758474576271186 |
| RT_STRING | 0x5cd480 | 0x114 | data | Chinese | China | 0.6376811594202898 |
| RT_STRING | 0x5cd594 | 0x24 | data | Chinese | China | 0.4444444444444444 |
| RT_GROUP_CURSOR | 0x5cd5b8 | 0x14 | data | Chinese | China | 1.4 |
| RT_GROUP_CURSOR | 0x5cd5cc | 0x14 | data | Chinese | China | 1.4 |
| RT_GROUP_CURSOR | 0x5cd5e0 | 0x14 | data | Italian | Italy | 1.4 |
| RT_GROUP_CURSOR | 0x5cd5f4 | 0x14 | data | Italian | Italy | 1.4 |
| RT_GROUP_CURSOR | 0x5cd608 | 0x14 | data | Italian | Italy | 1.4 |
| RT_GROUP_CURSOR | 0x5cd61c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.25 |
| RT_GROUP_CURSOR | 0x5cd630 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.25 |
| RT_GROUP_CURSOR | 0x5cd644 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | Chinese | China | 1.0294117647058822 |
| RT_GROUP_ICON | 0x5cd668 | 0x14 | data | 1.25 | ||
| RT_GROUP_ICON | 0x5cd67c | 0x14 | data | Chinese | China | 1.2 |
| RT_GROUP_ICON | 0x5cd690 | 0x14 | data | Chinese | China | 1.25 |
| RT_VERSION | 0x5cd6a4 | 0x234 | data | Chinese | China | 0.5301418439716312 |
| RT_MANIFEST | 0x5cd8d8 | 0x1cd | XML 1.0 document, ASCII text, with very long lines (461), with no line terminators | 0.5878524945770065 |
| DLL | Import |
|---|---|
| MSVFW32.dll | DrawDibDraw |
| AVIFIL32.dll | AVIStreamGetFrame, AVIStreamInfoA |
| iphlpapi.dll | GetAdaptersInfo |
| WINMM.dll | waveOutRestart, midiStreamRestart, midiStreamClose, midiOutReset, midiStreamStop, PlaySoundA, waveOutUnprepareHeader, waveOutPrepareHeader, waveOutWrite, waveOutPause, waveOutReset, waveOutClose, midiStreamOut, midiOutPrepareHeader, midiStreamProperty, midiStreamOpen, midiOutUnprepareHeader, waveOutOpen, waveOutGetNumDevs |
| WS2_32.dll | inet_addr, inet_ntoa, gethostbyname, WSAStartup, WSACleanup, select, send, closesocket, htons, socket, setsockopt, recvfrom, ioctlsocket, WSAAsyncSelect, connect, recv, getpeername, ntohl, WSAGetLastError, ntohs, getservbyname, shutdown, accept |
| RASAPI32.dll | RasGetConnectStatusA, RasHangUpA |
| KERNEL32.dll | GetTimeZoneInformation, GetLocaleInfoA, GetVersion, TerminateThread, CreateMutexA, ReleaseMutex, SuspendThread, InterlockedIncrement, InterlockedDecrement, MapViewOfFile, UnmapViewOfFile, GetSystemInfo, IsProcessorFeaturePresent, lstrcmpiA, SetNamedPipeHandleState, WaitNamedPipeA, OpenFileMappingA, OpenEventA, TlsAlloc, TlsFree, TlsSetValue, TlsGetValue, LocalFree, FileTimeToLocalFileTime, lstrcpynA, DuplicateHandle, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalGetAtomNameA, lstrcmpA, LocalAlloc, GlobalHandle, LocalReAlloc, GetFileTime, GetCurrentThread, GlobalFlags, SetErrorMode, GetProcessVersion, GetCPInfo, GetOEMCP, GetStartupInfoA, RtlUnwind, GetSystemTime, GetLocalTime, RaiseException, HeapSize, GetACP, SetStdHandle, GetFileType, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, SetEnvironmentVariableW, SetEnvironmentVariableA, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsValidLocale, IsValidCodePage, EnumSystemLocalesA, CompareStringA, CompareStringW, IsBadReadPtr, IsBadCodePtr, GetLocaleInfoW, SetLastError, TerminateProcess, GetFileSize, SetFilePointer, GetCurrentProcess, GetWindowsDirectoryA, GetSystemDirectoryA, CreateSemaphoreA, ResumeThread, ReleaseSemaphore, EnterCriticalSection, LeaveCriticalSection, GetProfileStringA, WriteFile, WaitForMultipleObjects, CreateFileA, SetEvent, FindResourceA, LoadResource, LockResource, ReadFile, GetModuleFileNameA, WideCharToMultiByte, MultiByteToWideChar, GetCurrentThreadId, ExitProcess, GlobalSize, GlobalFree, DeleteCriticalSection, InitializeCriticalSection, lstrcatA, lstrlenA, WinExec, lstrcpyA, FindNextFileA, GetDriveTypeA, GlobalReAlloc, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetUserDefaultLCID, GetFullPathNameA, FreeLibrary, LoadLibraryA, GetLastError, GetVersionExA, WritePrivateProfileStringA, GetPrivateProfileStringA, CreateThread, CreateEventA, Sleep, ExpandEnvironmentStringsA, GlobalAlloc, GlobalLock, GlobalUnlock, FindFirstFileA, FindClose, GetFileAttributesA, DeleteFileA, GetCurrentDirectoryA, SetCurrentDirectoryA, GetVolumeInformationA, GetModuleHandleA, GetProcAddress, MulDiv, GetCommandLineA, GetTickCount, CreateProcessA, WaitForSingleObject, CloseHandle, InterlockedExchange, FileTimeToSystemTime |
| USER32.dll | GetSysColorBrush, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, CheckMenuItem, IsDialogMessageA, ScrollWindowEx, SendDlgItemMessageA, MapWindowPoints, AdjustWindowRectEx, GetScrollPos, RegisterClassA, GetClassLongA, RemovePropA, GetMessageTime, GetLastActivePopup, RegisterWindowMessageA, GetWindowPlacement, EndDialog, CreateDialogIndirectParamA, DestroyWindow, EndPaint, BeginPaint, CharUpperA, GetWindowTextLengthA, GetDlgItem, GetClassNameA, GetDesktopWindow, UnregisterHotKey, RegisterHotKey, CreateWindowExA, GetWindowTextA, SetWindowTextA, GetMenuItemCount, GetMenuItemID, GetMenuStringA, GetMenuState, GetTabbedTextExtentA, GrayStringA, TabbedTextOutA, WindowFromDC, EnumChildWindows, GetWindowDC, UnhookWindowsHookEx, CallNextHookEx, SetWindowsHookExA, GetPropA, MoveWindow, CallWindowProcA, SetPropA, DrawTextA, GetCursor, DrawStateA, FrameRect, GetNextDlgTabItem, GetForegroundWindow, LoadIconA, TranslateMessage, DrawFrameControl, DrawEdge, DrawFocusRect, WindowFromPoint, GetMessageA, DispatchMessageA, SetRectEmpty, CreateIconFromResourceEx, CreateIconFromResource, DrawIconEx, CreatePopupMenu, AppendMenuA, ModifyMenuA, CreateMenu, CreateAcceleratorTableA, GetDlgCtrlID, GetSubMenu, EnableMenuItem, ClientToScreen, EnumDisplaySettingsA, LoadImageA, SystemParametersInfoA, ShowWindow, IsWindowEnabled, TranslateAcceleratorA, GetKeyState, CopyAcceleratorTableA, PostQuitMessage, IsZoomed, GetClassInfoA, DefWindowProcA, GetSystemMenu, DeleteMenu, GetMenu, SetMenu, PeekMessageA, IsIconic, SetFocus, GetActiveWindow, GetWindow, DestroyAcceleratorTable, SetWindowRgn, GetMessagePos, ScreenToClient, ChildWindowFromPointEx, CopyRect, LoadBitmapA, WinHelpA, KillTimer, SetTimer, ReleaseCapture, GetCapture, SetCapture, GetScrollRange, SetScrollRange, SetScrollPos, SetRect, InflateRect, IntersectRect, DestroyIcon, PtInRect, OffsetRect, EnableWindow, RedrawWindow, GetWindowLongA, SetWindowLongA, GetSysColor, SetActiveWindow, SetCursorPos, LoadCursorA, SetCursor, GetDC, FillRect, IsRectEmpty, ReleaseDC, IsChild, TrackPopupMenu, DestroyMenu, SetForegroundWindow, GetWindowRect, EqualRect, UpdateWindow, ValidateRect, InvalidateRect, GetClientRect, GetFocus, GetParent, GetTopWindow, PostMessageA, IsWindow, SetParent, DestroyCursor, SendMessageA, SetWindowPos, MessageBoxA, GetCursorPos, GetSystemMetrics, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, wsprintfA, WaitForInputIdle, LoadStringA, RegisterClipboardFormatA, IsWindowVisible, UnregisterClassA |
| GDI32.dll | FillRgn, CreateRectRgn, CombineRgn, PatBlt, CreatePen, SelectObject, CreatePatternBrush, CreateBitmap, CreateBrushIndirect, CreateDCA, CreateCompatibleBitmap, GetPolyFillMode, GetStretchBltMode, GetROP2, GetBkColor, GetBkMode, GetTextColor, CreateRoundRectRgn, CreateEllipticRgn, PathToRegion, EndPath, BeginPath, GetWindowOrgEx, GetViewportOrgEx, GetWindowExtEx, ExtTextOutA, Escape, TranslateCharsetInfo, CreateSolidBrush, SetPolyFillMode, SetROP2, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetClipBox, ExcludeClipRect, CreateFontIndirectA, MoveToEx, LineTo, ExtSelectClipRgn, GetViewportExtEx, GetTextMetricsA, CreateFontA, SetDIBitsToDevice, SetTextColor, SetBkMode, TextOutA, SetBkColor, CreateRectRgnIndirect, CreateDIBSection, SetPixel, SetStretchBltMode, GetClipRgn, CreatePolygonRgn, SelectClipRgn, DeleteObject, CreateDIBitmap, GetSystemPaletteEntries, CreatePalette, StretchBlt, SelectPalette, RealizePalette, GetDIBits, RectVisible, PtVisible, CreatePenIndirect, RestoreDC, Ellipse, Rectangle, LPtoDP, DPtoLP, GetCurrentObject, RoundRect, SaveDC, SetWindowOrgEx, GetStockObject, GetObjectA, EndPage, EndDoc, DeleteDC, StartDocA, StartPage, BitBlt, GetPixel, CreateCompatibleDC, GetTextExtentPoint32A, SetPixelV, GetDeviceCaps |
| MSIMG32.dll | GradientFill |
| WINSPOOL.DRV | OpenPrinterA, DocumentPropertiesA, ClosePrinter |
| comdlg32.dll | ChooseColorA, GetOpenFileNameA, GetSaveFileNameA, GetFileTitleA |
| ADVAPI32.dll | RegCreateKeyExA, RegOpenKeyA, RegQueryValueA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegEnumValueA |
| SHELL32.dll | SHGetFileInfoA, DragAcceptFiles, DragFinish, ShellExecuteA, Shell_NotifyIconA, DragQueryFileA |
| ole32.dll | ReleaseStgMedium, RevokeDragDrop, RegisterDragDrop, OleUninitialize, CLSIDFromString, CoCreateInstance, OleInitialize |
| OLEAUT32.dll | RegisterTypeLib, LoadTypeLib, UnRegisterTypeLib |
| COMCTL32.dll | ImageList_DragLeave, ImageList_DragEnter, ImageList_Destroy, ImageList_Create, ImageList_BeginDrag, ImageList_Add, ImageList_DragMove, ImageList_Draw, _TrackMouseEvent, ImageList_SetBkColor, ImageList_GetImageCount, ImageList_GetImageInfo, ImageList_GetIcon, ImageList_DragShowNolock, ImageList_EndDrag, ImageList_Read, ImageList_DrawIndirect, ImageList_AddMasked, ImageList_Duplicate |
| WLDAP32.dll | |
| WININET.dll | InternetSetOptionA, InternetCrackUrlA, HttpOpenRequestA, HttpSendRequestA, HttpQueryInfoA, InternetReadFile, InternetOpenA, InternetCloseHandle, InternetConnectA, InternetCanonicalizeUrlA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Chinese | China |  |
| Italian | Italy |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
| Target ID: | 0 |
| Start time: | 11:27:51 |
| Start date: | 25/09/2024 |
| Path: | C:\Users\user\Desktop\file.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 5'603'328 bytes |
| MD5 hash: | 7A1336CB114D90E0F64B7D29F29BBDA8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 0.9% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 110 |
| Total number of Limit Nodes: | 8 |
Graph
Function 005F509E Relevance: 1.8, Strings: 1, Instructions: 544COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401206 Relevance: .1, Instructions: 131COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F316C Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 166libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C9DB4 Relevance: 5.3, APIs: 4, Instructions: 338COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CA164 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076C251 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00772447 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00757F7D Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007521B5 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076D07D Relevance: 1.5, APIs: 1, Instructions: 14COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005062DB Relevance: 41.4, Strings: 27, Instructions: 7603COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007609D3 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00772830 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00758013 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00757A4C Relevance: 12.1, APIs: 8, Instructions: 132COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077192B Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00757B7E Relevance: 7.6, APIs: 5, Instructions: 150COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075C028 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007728C3 Relevance: 5.0, APIs: 4, Instructions: 36COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|