Edit tour
Windows
Analysis Report
dAYksbWyFS.exe
Overview
General Information
| Sample name: | dAYksbWyFS.exerenamed because original name is a hash value |
| Original sample name: | 0007f9d205fd99b833ed659b802b3c17a408cc0b.exe |
| Analysis ID: | 1546794 |
| MD5: | 18390350844942315df7e588671b4b4e |
| SHA1: | 0007f9d205fd99b833ed659b802b3c17a408cc0b |
| SHA256: | e57857d31f92e1a0d8290378e345749b42711777eee1af937a2b8b4fbafd9826 |
| Tags: | exeReversingLabsuser-NDA0E |
| Infos: | |
 | |
Detection
| Score: | 52 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
dAYksbWyFS.exe (PID: 6236 cmdline: "C:\Users\ user\Deskt op\dAYksbW yFS.exe" MD5: 18390350844942315DF7E588671B4B4E)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-01T15:55:26.771372+0100 | 2022930 | 1 | A Network Trojan was detected | 4.175.87.197 | 443 | 192.168.2.6 | 49774 | TCP |
| 2024-11-01T15:55:48.258634+0100 | 2022930 | 1 | A Network Trojan was detected | 20.109.210.53 | 443 | 192.168.2.6 | 57376 | TCP |
| 2024-11-01T15:55:49.408023+0100 | 2022930 | 1 | A Network Trojan was detected | 20.109.210.53 | 443 | 192.168.2.6 | 57384 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_005043C0 | |
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_005C4050 | |
| Source: | Code function: | 0_2_00660000 | |
| Source: | Code function: | 0_2_00776010 | |
| Source: | Code function: | 0_2_0060A0B0 | |
| Source: | Code function: | 0_2_0080C070 | |
| Source: | Code function: | 0_2_00746080 | |
| Source: | Code function: | 0_2_0053A240 | |
| Source: | Code function: | 0_2_006802C0 | |
| Source: | Code function: | 0_2_0056A2A0 | |
| Source: | Code function: | 0_2_0064C330 | |
| Source: | Code function: | 0_2_0070E460 | |
| Source: | Code function: | 0_2_0065E440 | |
| Source: | Code function: | 0_2_005CA470 | |
| Source: | Code function: | 0_2_0065A410 | |
| Source: | Code function: | 0_2_0058C420 | |
| Source: | Code function: | 0_2_005FC4D0 | |
| Source: | Code function: | 0_2_0074E540 | |
| Source: | Code function: | 0_2_00748520 | |
| Source: | Code function: | 0_2_005145D0 | |
| Source: | Code function: | 0_2_007825F6 | |
| Source: | Code function: | 0_2_007825C6 | |
| Source: | Code function: | 0_2_00756610 | |
| Source: | Code function: | 0_2_005FA620 | |
| Source: | Code function: | 0_2_005AC6F0 | |
| Source: | Code function: | 0_2_006806D0 | |
| Source: | Code function: | 0_2_007986B0 | |
| Source: | Code function: | 0_2_0051E710 | |
| Source: | Code function: | 0_2_0061C710 | |
| Source: | Code function: | 0_2_0078C7C9 | |
| Source: | Code function: | 0_2_0078C7C1 | |
| Source: | Code function: | 0_2_006E67AB | |
| Source: | Code function: | 0_2_00668790 | |
| Source: | Code function: | 0_2_00756870 | |
| Source: | Code function: | 0_2_005F6810 | |
| Source: | Code function: | 0_2_007128C0 | |
| Source: | Code function: | 0_2_0074C970 | |
| Source: | Code function: | 0_2_005D4910 | |
| Source: | Code function: | 0_2_006309F0 | |
| Source: | Code function: | 0_2_0076E9D0 | |
| Source: | Code function: | 0_2_00618980 | |
| Source: | Code function: | 0_2_00664980 | |
| Source: | Code function: | 0_2_00788980 | |
| Source: | Code function: | 0_2_0061CA20 | |
| Source: | Code function: | 0_2_0061AA00 | |
| Source: | Code function: | 0_2_0080EAF8 | |
| Source: | Code function: | 0_2_005E2A20 | |
| Source: | Code function: | 0_2_00716AD0 | |
| Source: | Code function: | 0_2_00504A80 | |
| Source: | Code function: | 0_2_00644AB0 | |
| Source: | Code function: | 0_2_00748AA0 | |
| Source: | Code function: | 0_2_00698A80 | |
| Source: | Code function: | 0_2_005FAB50 | |
| Source: | Code function: | 0_2_0067EBF0 | |
| Source: | Code function: | 0_2_0052CB90 | |
| Source: | Code function: | 0_2_00654CE0 | |
| Source: | Code function: | 0_2_00794C80 | |
| Source: | Code function: | 0_2_007E4C80 | |
| Source: | Code function: | 0_2_0076AD74 | |
| Source: | Code function: | 0_2_0076AD7C | |
| Source: | Code function: | 0_2_0076AD60 | |
| Source: | Code function: | 0_2_0076AD68 | |
| Source: | Code function: | 0_2_005C2DC0 | |
| Source: | Code function: | 0_2_00616D80 | |
| Source: | Code function: | 0_2_005ACE00 | |
| Source: | Code function: | 0_2_00806E20 | |
| Source: | Code function: | 0_2_0060AEA0 | |
| Source: | Code function: | 0_2_00642FE0 | |
| Source: | Code function: | 0_2_0064CFF0 | |
| Source: | Code function: | 0_2_0074AFE0 | |
| Source: | Code function: | 0_2_00787050 | |
| Source: | Code function: | 0_2_00505010 | |
| Source: | Code function: | 0_2_008070E8 | |
| Source: | Code function: | 0_2_0053F020 | |
| Source: | Code function: | 0_2_007A10DA | |
| Source: | Code function: | 0_2_0067B0C0 | |
| Source: | Code function: | 0_2_007A10B0 | |
| Source: | Code function: | 0_2_0059D0B0 | |
| Source: | Code function: | 0_2_0076B080 | |
| Source: | Code function: | 0_2_00683170 | |
| Source: | Code function: | 0_2_007A11F9 | |
| Source: | Code function: | 0_2_0056B1C0 | |
| Source: | Code function: | 0_2_007A11E1 | |
| Source: | Code function: | 0_2_00801154 | |
| Source: | Code function: | 0_2_00801158 | |
| Source: | Code function: | 0_2_0080115C | |
| Source: | Code function: | 0_2_00785270 | |
| Source: | Code function: | 0_2_008072A8 | |
| Source: | Code function: | 0_2_007A120E | |
| Source: | Code function: | 0_2_00677210 | |
| Source: | Code function: | 0_2_005D12C0 | |
| Source: | Code function: | 0_2_007A12D3 | |
| Source: | Code function: | 0_2_006992B0 | |
| Source: | Code function: | 0_2_007A12A6 | |
| Source: | Code function: | 0_2_00773290 | |
| Source: | Code function: | 0_2_00675280 | |
| Source: | Code function: | 0_2_005032A2 | |
| Source: | Code function: | 0_2_007A1281 | |
| Source: | Code function: | 0_2_00523340 | |
| Source: | Code function: | 0_2_00713320 | |
| Source: | Code function: | 0_2_007E5300 | |
| Source: | Code function: | 0_2_006F53E1 | |
| Source: | Code function: | 0_2_005F93D0 | |
| Source: | Code function: | 0_2_005E33A0 | |
| Source: | Code function: | 0_2_0050D457 | |
| Source: | Code function: | 0_2_005C3460 | |
| Source: | Code function: | 0_2_005D5430 | |
| Source: | Code function: | 0_2_00667410 | |
| Source: | Code function: | 0_2_00587420 | |
| Source: | Code function: | 0_2_0060B490 | |
| Source: | Code function: | 0_2_00583540 | |
| Source: | Code function: | 0_2_007D7540 | |
| Source: | Code function: | 0_2_00793500 | |
| Source: | Code function: | 0_2_006555E0 | |
| Source: | Code function: | 0_2_0085D510 | |
| Source: | Code function: | 0_2_0080551C | |
| Source: | Code function: | 0_2_005E3590 | |
| Source: | Code function: | 0_2_00506500 | |
| Source: | Code function: | 0_2_00684690 | |
| Source: | Code function: | 0_2_00507429 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Static PE information: | ||
| Source: | ReversingLabs: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_006C6F3E | |
| Source: | Code function: | 0_2_00501000 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | Path Interception | Path Interception | 2 Obfuscated Files or Information | OS Credential Dumping | 1 System Information Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 87% | ReversingLabs | Win32.Virus.Floxif | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| 198.187.3.20.in-addr.arpa | unknown | unknown | false | unknown | |
| 212.20.149.52.in-addr.arpa | unknown | unknown | false | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1546794 |
| Start date and time: | 2024-11-01 15:54:08 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 14s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 5 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | dAYksbWyFS.exerenamed because original name is a hash value |
| Original Sample Name: | 0007f9d205fd99b833ed659b802b3c17a408cc0b.exe |
| Detection: | MAL |
| Classification: | mal52.winEXE@1/0@2/0 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target dAYksbWyFS.exe, PID 6236 because there are no executed function
- VT rate limit hit for: dAYksbWyFS.exe
⊘No simulations
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.816253871374478 |
| TrID: |
|
| File name: | dAYksbWyFS.exe |
| File size: | 4'962'863 bytes |
| MD5: | 18390350844942315df7e588671b4b4e |
| SHA1: | 0007f9d205fd99b833ed659b802b3c17a408cc0b |
| SHA256: | e57857d31f92e1a0d8290378e345749b42711777eee1af937a2b8b4fbafd9826 |
| SHA512: | e8612f992fd32f47d3d3ff565603aaf060f2594ae8605e3474a4aef909540be40ae79f80b17028635902e1eb8d7f291ff3d40006c6425a8d2d2deaffa440b184 |
| SSDEEP: | 98304:e+RpKOOSV1teI65yS8Ag+7BUqXUahb7oYF9tIwBxurtN37:e+RpPOSdeI65yh+7BzLZMYFnIwBxu337 |
| TLSH: | 38369D22F5A09170F5A23236B93C67395D333E329B3589CF86942CA46FB07D2653935B |
| File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...7..f.........."......`6..........q............@...........................K......>K...@...........................@.P...8.@.... |
 | |
| Icon Hash: | 2f232d67b7934633 |
| Entrypoint: | 0x5c71f0 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x66CBF037 [Mon Aug 26 03:02:15 2024 UTC] |
| TLS Callbacks: | 0x515a60, 0x5c60f0, 0x4efe20, 0x5c58f0, 0x49f8c0, 0x50fc20 |
| CLR (.Net) Version: | |
| OS Version Major: | 10 |
| OS Version Minor: | 0 |
| File Version Major: | 10 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 10 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 20ab254b36a04ea3556f60145d061fed |
| Signature Valid: | |
| Signature Issuer: | |
| Signature Validation Error: | |
| Error Number: | |
| Not Before, Not After | |
| Subject Chain | |
| Version: | |
| Thumbprint MD5: | |
| Thumbprint SHA-1: | |
| Thumbprint SHA-256: | |
| Serial: |
| Instruction |
|---|
| jmp 00007FA5E0C9AB62h |
| jmp 00007FA5E0CBE21Dh |
| mov ecx, dword ptr [00808040h] |
| push esi |
| push edi |
| mov edi, BB40E64Eh |
| mov esi, FFFF0000h |
| cmp ecx, edi |
| je 00007FA5E0CBE3A6h |
| test esi, ecx |
| jne 00007FA5E0CBE3C8h |
| call 00007FA5E0CBE3D1h |
| mov ecx, eax |
| cmp ecx, edi |
| jne 00007FA5E0CBE3A9h |
| mov ecx, BB40E64Fh |
| jmp 00007FA5E0CBE3B0h |
| test esi, ecx |
| jne 00007FA5E0CBE3ACh |
| or eax, 00004711h |
| shl eax, 10h |
| or ecx, eax |
| mov dword ptr [00808040h], ecx |
| not ecx |
| pop edi |
| mov dword ptr [00808080h], ecx |
| pop esi |
| ret |
| push ebp |
| mov ebp, esp |
| sub esp, 14h |
| and dword ptr [ebp-0Ch], 00000000h |
| lea eax, dword ptr [ebp-0Ch] |
| and dword ptr [ebp-08h], 00000000h |
| push eax |
| call dword ptr [0080218Ch] |
| mov eax, dword ptr [ebp-08h] |
| xor eax, dword ptr [ebp-0Ch] |
| mov dword ptr [ebp-04h], eax |
| call dword ptr [008020ECh] |
| xor dword ptr [ebp-04h], eax |
| call dword ptr [008020E4h] |
| xor dword ptr [ebp-04h], eax |
| lea eax, dword ptr [ebp-14h] |
| push eax |
| call dword ptr [00802290h] |
| mov eax, dword ptr [ebp-10h] |
| lea ecx, dword ptr [ebp-04h] |
| xor eax, dword ptr [ebp-14h] |
| xor eax, dword ptr [ebp-04h] |
| xor eax, ecx |
| leave |
| ret |
| mov eax, 00004000h |
| ret |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| mov al, 01h |
| ret |
| push 00030000h |
| push 00010000h |
| push 00000000h |
| call 00007FA5E0CCE05Ah |
| add esp, 0Ch |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x4011e7 | 0x50 | .rdata |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x401238 | 0x1a4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x422000 | 0x7ed00 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x4a6000 | 0x2868 | .reloc |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3fb9b0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x3fb740 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x367218 | 0xc0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x401c64 | 0x888 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x401160 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x365f97 | 0x366000 | 28588a4097d34776b330277629531032 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x367000 | 0xa06d0 | 0xa0800 | 0e86f6aca0d03682c49d107663d58934 | False | 0.3671646831191589 | data | 6.197584652049431 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x408000 | 0x17e88 | 0x5600 | b56710214665ff4596dc12b50d6871d6 | False | 0.12213844476744186 | data | 3.1582901854938568 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0x420000 | 0x171 | 0x200 | 7e5b0ce4b7afe46cae111a29eb89d76f | False | 0.07421875 | data | 0.34262747993819864 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| CPADinfo | 0x421000 | 0x28 | 0x200 | 842689af09e7bf563672a4b43f1a2286 | False | 0.04296875 | data | 0.12227588125913882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x422000 | 0x7ed00 | 0x7ee00 | edbd37e5a965d552dde348c6d612cde3 | False | 0.2842903325123153 | data | 5.382730601374703 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x4a1000 | 0x1ab44 | 0x1ac00 | 6d753dfb4dbbb1a7f1c0a268084e2f0d | False | 0.6594626168224299 | data | 6.701981472446077 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| TYPELIB | 0x42cc00 | 0x1f30 | data | English | United States | 0.3572144288577154 |
| TYPELIB | 0x42eb30 | 0x974 | data | English | United States | 0.34917355371900827 |
| TYPELIB | 0x42f4a8 | 0x5198 | data | English | United States | 0.2967732669475297 |
| TYPELIB | 0x434640 | 0x1fac | data | English | United States | 0.35360138135175134 |
| TYPELIB | 0x4365f0 | 0x984 | data | English | United States | 0.3460591133004926 |
| TYPELIB | 0x436f78 | 0x5858 | data | English | United States | 0.2998761938450654 |
| RT_BITMAP | 0x4282c0 | 0x4678 | Device independent bitmap graphic, 100 x 60 x 24, image size 18000, resolution 3780 x 3780 px/m | English | United States | 0.020343680709534368 |
| RT_ICON | 0x425b30 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colors | English | United States | 0.6317567567567568 |
| RT_ICON | 0x425c58 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colors | English | United States | 0.5823699421965318 |
| RT_ICON | 0x4261c0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colors | English | United States | 0.5120967741935484 |
| RT_ICON | 0x4264a8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.5455776173285198 |
| RT_ICON | 0x426d50 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1536 | English | United States | 0.36341463414634145 |
| RT_ICON | 0x4273b8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | English | United States | 0.42350746268656714 |
| RT_DIALOG | 0x42c938 | 0x204 | data | English | United States | 0.46124031007751937 |
| RT_DIALOG | 0x42cb40 | 0xc0 | data | English | United States | 0.5572916666666666 |
| RT_STRING | 0x43cc48 | 0xd0a | data | English | United States | 0.4682444577591372 |
| RT_STRING | 0x43d958 | 0xdd2 | data | English | United States | 0.38157150932730355 |
| RT_STRING | 0x43e730 | 0xc0c | data | English | United States | 0.5239948119325551 |
| RT_STRING | 0x43f340 | 0xd3c | Targa image data - Color 1072 x 1093 x 32 +1083 +1075 "\257\0045\0044\004 " | English | United States | 0.4542502951593861 |
| RT_STRING | 0x440080 | 0xbac | data | English | United States | 0.499665327978581 |
| RT_STRING | 0x440c30 | 0x396 | data | English | United States | 0.6285403050108932 |
| RT_STRING | 0x440fc8 | 0x2dc | data | English | United States | 0.4959016393442623 |
| RT_STRING | 0x4412a8 | 0x282 | data | English | United States | 0.7819314641744548 |
| RT_STRING | 0x441530 | 0x2be | data | English | United States | 0.603988603988604 |
| RT_STRING | 0x4417f0 | 0x2ce | data | English | United States | 0.6782729805013927 |
| RT_STRING | 0x441ac0 | 0x1c6 | data | English | United States | 0.7026431718061674 |
| RT_STRING | 0x441c88 | 0x1d6 | data | English | United States | 0.5808510638297872 |
| RT_STRING | 0x441e60 | 0x1f0 | data | English | United States | 0.7701612903225806 |
| RT_STRING | 0x442050 | 0x1d8 | data | English | United States | 0.6334745762711864 |
| RT_STRING | 0x442228 | 0x1ca | data | English | United States | 0.7183406113537117 |
| RT_STRING | 0x4423f8 | 0x21a | data | English | United States | 0.6672862453531598 |
| RT_STRING | 0x442618 | 0x28e | data | English | United States | 0.43577981651376146 |
| RT_STRING | 0x4428a8 | 0x27c | data | English | United States | 0.7468553459119497 |
| RT_STRING | 0x442b28 | 0x2ae | data | English | United States | 0.6749271137026239 |
| RT_STRING | 0x442dd8 | 0x280 | data | English | United States | 0.6296875 |
| RT_STRING | 0x443058 | 0x152 | data | English | United States | 0.7958579881656804 |
| RT_STRING | 0x4431b0 | 0xcc | data | English | United States | 0.7401960784313726 |
| RT_STRING | 0x443280 | 0xd2 | data | English | United States | 0.8904761904761904 |
| RT_STRING | 0x443358 | 0xea | data | English | United States | 0.8974358974358975 |
| RT_STRING | 0x443448 | 0xe8 | data | English | United States | 0.7931034482758621 |
| RT_STRING | 0x443530 | 0x124 | data | English | United States | 0.8561643835616438 |
| RT_STRING | 0x443658 | 0x20c | Targa image data - RLE 1083 x 1103 x 32 +1077 +1075 "A\0045\004." | English | United States | 0.601145038167939 |
| RT_STRING | 0x443868 | 0x21c | data | English | United States | 0.6611111111111111 |
| RT_STRING | 0x443a88 | 0x24c | data | English | United States | 0.7261904761904762 |
| RT_STRING | 0x443cd8 | 0x1d2 | data | English | United States | 0.6609442060085837 |
| RT_STRING | 0x443eb0 | 0x200 | data | English | United States | 0.75 |
| RT_STRING | 0x4440b0 | 0x2ce | data | English | United States | 0.564066852367688 |
| RT_STRING | 0x444380 | 0x298 | data | English | United States | 0.6204819277108434 |
| RT_STRING | 0x444618 | 0x278 | data | English | United States | 0.7848101265822784 |
| RT_STRING | 0x444890 | 0x2d2 | Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "8\011.\011M\011*\011(\011M\011(\011 " | English | United States | 0.6481994459833795 |
| RT_STRING | 0x444b68 | 0x29a | data | English | United States | 0.7087087087087087 |
| RT_STRING | 0x444e08 | 0x488 | data | English | United States | 0.5198275862068965 |
| RT_STRING | 0x445290 | 0x476 | data | English | United States | 0.4956217162872154 |
| RT_STRING | 0x445708 | 0x49c | data | English | United States | 0.6466101694915254 |
| RT_STRING | 0x445ba8 | 0x456 | data | English | United States | 0.5540540540540541 |
| RT_STRING | 0x446000 | 0x3f8 | data | English | United States | 0.5974409448818898 |
| RT_STRING | 0x4463f8 | 0x460 | data | English | United States | 0.575 |
| RT_STRING | 0x446858 | 0x4b4 | data | English | United States | 0.46677740863787376 |
| RT_STRING | 0x446d10 | 0x478 | data | English | United States | 0.6354895104895105 |
| RT_STRING | 0x447188 | 0x470 | data | English | United States | 0.5598591549295775 |
| RT_STRING | 0x4475f8 | 0x41c | data | English | United States | 0.5807984790874525 |
| RT_STRING | 0x447a18 | 0x426 | data | English | United States | 0.5790960451977402 |
| RT_STRING | 0x447e40 | 0x488 | data | English | United States | 0.45775862068965517 |
| RT_STRING | 0x4482c8 | 0x424 | data | English | United States | 0.6490566037735849 |
| RT_STRING | 0x4486f0 | 0x42c | data | English | United States | 0.5608614232209738 |
| RT_STRING | 0x448b20 | 0x43a | data | English | United States | 0.6090573012939002 |
| RT_STRING | 0x448f60 | 0x43c | data | English | United States | 0.6199261992619927 |
| RT_STRING | 0x4493a0 | 0x59c | data | English | United States | 0.435933147632312 |
| RT_STRING | 0x449940 | 0x500 | Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "\025\011@\011 " | English | United States | 0.6640625 |
| RT_STRING | 0x449e40 | 0x59c | data | English | United States | 0.5682451253481894 |
| RT_STRING | 0x44a3e0 | 0x536 | data | English | United States | 0.5907046476761619 |
| RT_STRING | 0x44a918 | 0x8e6 | data | English | United States | 0.5258999122036875 |
| RT_STRING | 0x44b200 | 0xc92 | data | English | United States | 0.3334369173399627 |
| RT_STRING | 0x44be98 | 0xbf4 | data | English | United States | 0.5320261437908497 |
| RT_STRING | 0x44ca90 | 0xc5e | data | English | United States | 0.48673404927353126 |
| RT_STRING | 0x44d6f0 | 0xcd8 | data | English | United States | 0.4382603406326034 |
| RT_STRING | 0x44e3c8 | 0x92c | data | English | United States | 0.5404599659284497 |
| RT_STRING | 0x44ecf8 | 0x9ce | data | English | United States | 0.3669322709163347 |
| RT_STRING | 0x44f6c8 | 0x962 | data | English | United States | 0.5104079933388843 |
| RT_STRING | 0x450030 | 0x986 | data | English | United States | 0.5332239540607056 |
| RT_STRING | 0x4509b8 | 0x9d8 | data | English | United States | 0.4765873015873016 |
| RT_STRING | 0x451390 | 0x8ec | data | English | United States | 0.563922942206655 |
| RT_STRING | 0x451c80 | 0xcc6 | data | English | United States | 0.382262996941896 |
| RT_STRING | 0x452948 | 0xca8 | data | English | United States | 0.4367283950617284 |
| RT_STRING | 0x4535f0 | 0xcbe | data | English | United States | 0.5076640098099325 |
| RT_STRING | 0x4542b0 | 0xd0c | data | English | United States | 0.4224550898203593 |
| RT_STRING | 0x454fc0 | 0x8a6 | data | English | United States | 0.5519421860885275 |
| RT_STRING | 0x455868 | 0x256 | data | English | United States | 0.4983277591973244 |
| RT_STRING | 0x455ac0 | 0x260 | data | English | United States | 0.5444078947368421 |
| RT_STRING | 0x455d20 | 0x22e | data | English | United States | 0.6505376344086021 |
| RT_STRING | 0x455f50 | 0x23a | data | English | United States | 0.5333333333333333 |
| RT_STRING | 0x456190 | 0x288 | data | English | United States | 0.6388888888888888 |
| RT_STRING | 0x456418 | 0x7a6 | data | English | United States | 0.49284984678243104 |
| RT_STRING | 0x456bc0 | 0x820 | data | English | United States | 0.46923076923076923 |
| RT_STRING | 0x4573e0 | 0x6be | data | English | United States | 0.6292004634994206 |
| RT_STRING | 0x457aa0 | 0x7d8 | data | English | United States | 0.4960159362549801 |
| RT_STRING | 0x458278 | 0x636 | data | English | United States | 0.5943396226415094 |
| RT_STRING | 0x4588b0 | 0xe0 | data | English | United States | 0.10714285714285714 |
| RT_STRING | 0x458990 | 0xe0 | data | English | United States | 0.10714285714285714 |
| RT_STRING | 0x458a70 | 0xe0 | data | English | United States | 0.10714285714285714 |
| RT_STRING | 0x458b50 | 0xe0 | data | English | United States | 0.10714285714285714 |
| RT_STRING | 0x458c30 | 0xe0 | data | English | United States | 0.10714285714285714 |
| RT_STRING | 0x458d10 | 0x2c4 | data | English | United States | 0.634180790960452 |
| RT_STRING | 0x458fd8 | 0x30e | data | English | United States | 0.45524296675191817 |
| RT_STRING | 0x4592e8 | 0x2b2 | data | English | United States | 0.6768115942028986 |
| RT_STRING | 0x4595a0 | 0x318 | data | English | United States | 0.5732323232323232 |
| RT_STRING | 0x4598b8 | 0x326 | data | English | United States | 0.6178660049627791 |
| RT_STRING | 0x459be0 | 0x2da | data | English | United States | 0.6328767123287671 |
| RT_STRING | 0x459ec0 | 0x362 | data | English | United States | 0.3972286374133949 |
| RT_STRING | 0x45a228 | 0x2f4 | data | English | United States | 0.6666666666666666 |
| RT_STRING | 0x45a520 | 0x302 | data | English | United States | 0.5324675324675324 |
| RT_STRING | 0x45a828 | 0x35a | data | English | United States | 0.5722610722610723 |
| RT_STRING | 0x45ab88 | 0x2ca | data | English | United States | 0.6442577030812325 |
| RT_STRING | 0x45ae58 | 0x2b0 | data | English | United States | 0.39098837209302323 |
| RT_STRING | 0x45b108 | 0x2ba | data | English | United States | 0.670487106017192 |
| RT_STRING | 0x45b3c8 | 0x2f0 | data | English | United States | 0.6316489361702128 |
| RT_STRING | 0x45b6b8 | 0x2fa | data | English | United States | 0.573490813648294 |
| RT_STRING | 0x45b9b8 | 0x2c2 | data | English | United States | 0.6147308781869688 |
| RT_STRING | 0x45bc80 | 0x34c | data | English | United States | 0.39691943127962087 |
| RT_STRING | 0x45bfd0 | 0x3a4 | data | English | United States | 0.5482832618025751 |
| RT_STRING | 0x45c378 | 0x34c | data | English | United States | 0.566350710900474 |
| RT_STRING | 0x45c6c8 | 0x372 | data | English | United States | 0.4580498866213152 |
| RT_STRING | 0x45ca40 | 0x2a4 | data | English | United States | 0.628698224852071 |
| RT_STRING | 0x45cce8 | 0x29a | data | English | United States | 0.506006006006006 |
| RT_STRING | 0x45cf88 | 0x2b4 | data | English | United States | 0.5520231213872833 |
| RT_STRING | 0x45d240 | 0x290 | data | English | United States | 0.6829268292682927 |
| RT_STRING | 0x45d4d0 | 0x274 | data | English | United States | 0.5589171974522293 |
| RT_STRING | 0x45d748 | 0x252 | data | English | United States | 0.6936026936026936 |
| RT_STRING | 0x45d9a0 | 0x35a | data | English | United States | 0.5233100233100233 |
| RT_STRING | 0x45dd00 | 0x354 | data | English | United States | 0.5446009389671361 |
| RT_STRING | 0x45e058 | 0x31c | data | English | United States | 0.6947236180904522 |
| RT_STRING | 0x45e378 | 0x342 | data | English | United States | 0.5203836930455635 |
| RT_STRING | 0x45e6c0 | 0x314 | data | English | United States | 0.6421319796954315 |
| RT_STRING | 0x45e9d8 | 0x48a | data | English | United States | 0.5223752151462995 |
| RT_STRING | 0x45ee68 | 0x4c2 | data | English | United States | 0.4852216748768473 |
| RT_STRING | 0x45f330 | 0x3c6 | data | English | United States | 0.6635610766045549 |
| RT_STRING | 0x45f6f8 | 0x480 | data | English | United States | 0.5234375 |
| RT_STRING | 0x45fb78 | 0x400 | data | English | United States | 0.59765625 |
| RT_STRING | 0x45ff78 | 0xce | data | English | United States | 0.8786407766990292 |
| RT_STRING | 0x460048 | 0xc6 | data | English | United States | 0.7878787878787878 |
| RT_STRING | 0x460110 | 0xde | data | English | United States | 0.9324324324324325 |
| RT_STRING | 0x4601f0 | 0xd2 | data | English | United States | 0.8 |
| RT_STRING | 0x4602c8 | 0xd6 | data | English | United States | 0.8925233644859814 |
| RT_STRING | 0x4603a0 | 0x9f8 | data | English | United States | 0.5144984326018809 |
| RT_STRING | 0x460d98 | 0xbe6 | data | English | United States | 0.40151017728168087 |
| RT_STRING | 0x461980 | 0xa52 | data | English | United States | 0.5825132475397427 |
| RT_STRING | 0x4623d8 | 0xbd0 | data | English | United States | 0.4728835978835979 |
| RT_STRING | 0x462fa8 | 0xb1e | data | English | United States | 0.5358397751229796 |
| RT_STRING | 0x463ac8 | 0x308 | data | English | United States | 0.663659793814433 |
| RT_STRING | 0x463dd0 | 0x210 | data | English | United States | 0.5075757575757576 |
| RT_STRING | 0x463fe0 | 0x210 | data | English | United States | 0.7821969696969697 |
| RT_STRING | 0x4641f0 | 0x1fa | AmigaOS bitmap font "n", fc_YSize 14345, 18688 elements, 2nd "0\011A\0115\011>\011$\011 ", 3rd | English | United States | 0.6304347826086957 |
| RT_STRING | 0x4643f0 | 0x236 | data | English | United States | 0.6554770318021201 |
| RT_STRING | 0x464628 | 0x25a | data | English | United States | 0.654485049833887 |
| RT_STRING | 0x464888 | 0x2fa | data | English | United States | 0.4658792650918635 |
| RT_STRING | 0x464b88 | 0x302 | data | English | United States | 0.7324675324675325 |
| RT_STRING | 0x464e90 | 0x2e2 | data | English | United States | 0.6653116531165312 |
| RT_STRING | 0x465178 | 0x2f2 | data | English | United States | 0.603448275862069 |
| RT_STRING | 0x465470 | 0x1e4 | data | English | United States | 0.7148760330578512 |
| RT_STRING | 0x465658 | 0x2b4 | data | English | United States | 0.4479768786127168 |
| RT_STRING | 0x465910 | 0x25c | data | English | United States | 0.5927152317880795 |
| RT_STRING | 0x465b70 | 0x20e | data | English | United States | 0.629277566539924 |
| RT_STRING | 0x465d80 | 0x25e | data | English | United States | 0.5247524752475248 |
| RT_STRING | 0x465fe0 | 0x398 | data | English | United States | 0.6478260869565218 |
| RT_STRING | 0x466378 | 0x82e | data | English | United States | 0.3997134670487106 |
| RT_STRING | 0x466ba8 | 0x7a2 | data | English | United States | 0.46827021494370524 |
| RT_STRING | 0x467350 | 0x772 | data | English | United States | 0.5503672612801679 |
| RT_STRING | 0x467ac8 | 0x7c2 | data | English | United States | 0.44511581067472306 |
| RT_STRING | 0x468290 | 0x68e | data | English | United States | 0.5917759237187128 |
| RT_STRING | 0x468920 | 0xa90 | data | English | United States | 0.3742603550295858 |
| RT_STRING | 0x4693b0 | 0xa96 | data | English | United States | 0.4022140221402214 |
| RT_STRING | 0x469e48 | 0x92e | data | English | United States | 0.5404255319148936 |
| RT_STRING | 0x46a778 | 0xa8a | data | English | United States | 0.4099332839140104 |
| RT_STRING | 0x46b208 | 0x76a | data | English | United States | 0.5379346680716544 |
| RT_STRING | 0x46b978 | 0x236 | AmigaOS bitmap font "'\0061\006M\006 ", fc_YSize 29696, 11270 elements, 2nd "l", 3rd "l" | English | United States | 0.598939929328622 |
| RT_STRING | 0x46bbb0 | 0x1ec | data | English | United States | 0.5711382113821138 |
| RT_STRING | 0x46bda0 | 0x1f4 | data | English | United States | 0.752 |
| RT_STRING | 0x46bf98 | 0x1f8 | data | English | United States | 0.6031746031746031 |
| RT_STRING | 0x46c190 | 0x1bc | data | English | United States | 0.6959459459459459 |
| RT_STRING | 0x46c350 | 0x33a | data | English | United States | 0.6186440677966102 |
| RT_STRING | 0x46c690 | 0x386 | data | English | United States | 0.532150776053215 |
| RT_STRING | 0x46ca18 | 0x32a | data | English | United States | 0.682716049382716 |
| RT_STRING | 0x46cd48 | 0x346 | data | English | United States | 0.5930787589498807 |
| RT_STRING | 0x46d090 | 0x2d8 | data | English | United States | 0.6483516483516484 |
| RT_STRING | 0x46d368 | 0x6fa | data | English | United States | 0.5481522956326987 |
| RT_STRING | 0x46da68 | 0x810 | data | English | United States | 0.438953488372093 |
| RT_STRING | 0x46e278 | 0x640 | data | English | United States | 0.644375 |
| RT_STRING | 0x46e8b8 | 0x79e | data | English | United States | 0.5174358974358975 |
| RT_STRING | 0x46f058 | 0x766 | data | English | United States | 0.5739176346356917 |
| RT_STRING | 0x46f7c0 | 0x490 | data | English | United States | 0.5958904109589042 |
| RT_STRING | 0x46fc50 | 0x5bc | data | English | United States | 0.44141689373297005 |
| RT_STRING | 0x470210 | 0x47a | data | English | United States | 0.68760907504363 |
| RT_STRING | 0x470690 | 0x560 | data | English | United States | 0.5697674418604651 |
| RT_STRING | 0x470bf0 | 0x53c | data | English | United States | 0.5835820895522388 |
| RT_STRING | 0x471130 | 0x66a | data | English | United States | 0.5773447015834349 |
| RT_STRING | 0x4717a0 | 0x96c | data | English | United States | 0.36525704809286896 |
| RT_STRING | 0x472110 | 0x7e2 | data | English | United States | 0.5906838453914767 |
| RT_STRING | 0x4728f8 | 0x850 | data | English | United States | 0.5596804511278195 |
| RT_STRING | 0x473148 | 0x8da | data | English | United States | 0.4929390997352162 |
| RT_STRING | 0x473a28 | 0x76e | data | English | United States | 0.5825446898002103 |
| RT_STRING | 0x474198 | 0xa5a | data | English | United States | 0.37471698113207547 |
| RT_STRING | 0x474bf8 | 0xa3e | data | English | United States | 0.4767353165522502 |
| RT_STRING | 0x475638 | 0x9be | data | English | United States | 0.5288692862870891 |
| RT_STRING | 0x475ff8 | 0xa18 | data | English | United States | 0.45859133126934987 |
| RT_STRING | 0x476a10 | 0x4fe | data | English | United States | 0.6048513302034428 |
| RT_STRING | 0x476f10 | 0x14e | data | English | United States | 0.5718562874251497 |
| RT_STRING | 0x477060 | 0x126 | data | English | United States | 0.7482993197278912 |
| RT_STRING | 0x477188 | 0x144 | data | English | United States | 0.8333333333333334 |
| RT_STRING | 0x4772d0 | 0x142 | data | English | United States | 0.6149068322981367 |
| RT_STRING | 0x477418 | 0x328 | data | English | United States | 0.6732673267326733 |
| RT_STRING | 0x477740 | 0xc14 | data | English | United States | 0.40297542043984474 |
| RT_STRING | 0x478358 | 0xc0e | data | English | United States | 0.4539857420609203 |
| RT_STRING | 0x478f68 | 0xa9e | data | English | United States | 0.579102281089036 |
| RT_STRING | 0x479a08 | 0xb32 | data | English | United States | 0.4605722260990928 |
| RT_STRING | 0x47a540 | 0x99c | data | English | United States | 0.5650406504065041 |
| RT_STRING | 0x47aee0 | 0xe0c | data | English | United States | 0.4582869855394883 |
| RT_STRING | 0x47bcf0 | 0xe42 | data | English | United States | 0.42219178082191783 |
| RT_STRING | 0x47cb38 | 0xd36 | data | English | United States | 0.5671200473092844 |
| RT_STRING | 0x47d870 | 0xea0 | data | English | United States | 0.47489316239316237 |
| RT_STRING | 0x47e710 | 0xcae | data | English | United States | 0.5274183610597659 |
| RT_STRING | 0x47f3c0 | 0x38a | data | English | United States | 0.6158940397350994 |
| RT_STRING | 0x47f750 | 0x3e0 | data | English | United States | 0.5120967741935484 |
| RT_STRING | 0x47fb30 | 0x2f0 | data | English | United States | 0.7526595744680851 |
| RT_STRING | 0x47fe20 | 0x38a | data | English | United States | 0.5894039735099338 |
| RT_STRING | 0x4801b0 | 0x362 | data | English | United States | 0.6674364896073903 |
| RT_STRING | 0x480518 | 0x8cc | data | English | United States | 0.5146536412078153 |
| RT_STRING | 0x480de8 | 0xa5e | data | English | United States | 0.3918613413715147 |
| RT_STRING | 0x481848 | 0x8da | data | English | United States | 0.588261253309797 |
| RT_STRING | 0x482128 | 0x9d6 | data | English | United States | 0.4749801429706116 |
| RT_STRING | 0x482b00 | 0x982 | data | English | United States | 0.5283483976992605 |
| RT_STRING | 0x483488 | 0x326 | data | English | United States | 0.684863523573201 |
| RT_STRING | 0x4837b0 | 0x29c | AmigaOS bitmap font "e", fc_YSize 27392, 18176 elements, 2nd "i", 3rd "e" | English | United States | 0.5209580838323353 |
| RT_STRING | 0x483a50 | 0x26e | data | English | United States | 0.7781350482315113 |
| RT_STRING | 0x483cc0 | 0x2c4 | data | English | United States | 0.6214689265536724 |
| RT_STRING | 0x483f88 | 0x298 | data | English | United States | 0.6867469879518072 |
| RT_STRING | 0x484220 | 0x22a | data | English | United States | 0.7274368231046932 |
| RT_STRING | 0x484450 | 0x226 | data | English | United States | 0.5254545454545455 |
| RT_STRING | 0x484678 | 0x22a | AmigaOS bitmap font "e", fc_YSize 21248, 20992 elements, 2nd "k", 3rd "\260\014\202\014\255\014\277\014\270\014\277\014\010" | English | United States | 0.7833935018050542 |
| RT_STRING | 0x4848a8 | 0x28a | data | English | United States | 0.7076923076923077 |
| RT_STRING | 0x484b38 | 0x238 | AmigaOS bitmap font "e", fc_YSize 13572, 20992 elements, 2nd "B\0040\004@\004B\004C\004X\004 ", 3rd "I\016\024" | English | United States | 0.6566901408450704 |
| RT_STRING | 0x484d70 | 0x4cc | data | English | United States | 0.6172638436482085 |
| RT_STRING | 0x485240 | 0x8a0 | data | English | United States | 0.4134963768115942 |
| RT_STRING | 0x485ae0 | 0x864 | data | English | United States | 0.5591247672253259 |
| RT_STRING | 0x486348 | 0x7cc | data | English | United States | 0.593687374749499 |
| RT_STRING | 0x486b18 | 0x84e | data | English | United States | 0.5174035747883349 |
| RT_STRING | 0x487368 | 0x4ce | data | English | United States | 0.6650406504065041 |
| RT_STRING | 0x487838 | 0x2b2 | data | English | United States | 0.5289855072463768 |
| RT_STRING | 0x487af0 | 0x2e0 | AmigaOS bitmap font "a", fc_YSize 4294950666, 18944 elements, 2nd "\276", 3rd "P" | English | United States | 0.6073369565217391 |
| RT_STRING | 0x487dd0 | 0x2d0 | data | English | United States | 0.725 |
| RT_STRING | 0x4880a0 | 0x2ae | data | English | United States | 0.5962099125364432 |
| RT_STRING | 0x488350 | 0x288 | data | English | United States | 0.7577160493827161 |
| RT_STRING | 0x4885d8 | 0x3c6 | data | English | United States | 0.4927536231884058 |
| RT_STRING | 0x4889a0 | 0x398 | data | English | United States | 0.5576086956521739 |
| RT_STRING | 0x488d38 | 0x320 | data | English | United States | 0.74125 |
| RT_STRING | 0x489058 | 0x364 | data | English | United States | 0.5725806451612904 |
| RT_STRING | 0x4893c0 | 0x3d0 | data | English | United States | 0.6567622950819673 |
| RT_STRING | 0x489790 | 0xb96 | data | English | United States | 0.45853000674308836 |
| RT_STRING | 0x48a328 | 0xc0c | data | English | United States | 0.44520103761348895 |
| RT_STRING | 0x48af38 | 0xae2 | data | English | United States | 0.5918880114860015 |
| RT_STRING | 0x48ba20 | 0xc86 | data | English | United States | 0.48378041172801 |
| RT_STRING | 0x48c6a8 | 0xad2 | data | English | United States | 0.523826714801444 |
| RT_STRING | 0x48d180 | 0xaa6 | data | English | United States | 0.5135730007336757 |
| RT_STRING | 0x48dc28 | 0xb1e | data | English | United States | 0.4328882642304989 |
| RT_STRING | 0x48e748 | 0xa1a | data | English | United States | 0.5916473317865429 |
| RT_STRING | 0x48f168 | 0xb76 | data | English | United States | 0.5 |
| RT_STRING | 0x48fce0 | 0xa9a | data | English | United States | 0.523581429624171 |
| RT_STRING | 0x490780 | 0xa36 | data | English | United States | 0.5198928844682479 |
| RT_STRING | 0x4911b8 | 0xb0a | data | English | United States | 0.4157820240622788 |
| RT_STRING | 0x491cc8 | 0xa1a | data | English | United States | 0.58584686774942 |
| RT_STRING | 0x4926e8 | 0xb88 | data | English | United States | 0.47696476964769646 |
| RT_STRING | 0x493270 | 0xb78 | data | English | United States | 0.5085149863760218 |
| RT_STRING | 0x493de8 | 0x69a | data | English | United States | 0.5792899408284023 |
| RT_STRING | 0x494488 | 0x7e8 | data | English | United States | 0.39377470355731226 |
| RT_STRING | 0x494c70 | 0x774 | data | English | United States | 0.5922431865828093 |
| RT_STRING | 0x4953e8 | 0x750 | data | English | United States | 0.5133547008547008 |
| RT_STRING | 0x495b38 | 0x790 | data | English | United States | 0.5485537190082644 |
| RT_STRING | 0x4962c8 | 0x62c | data | English | United States | 0.5905063291139241 |
| RT_STRING | 0x4968f8 | 0x8ee | data | English | United States | 0.37445319335083116 |
| RT_STRING | 0x4971e8 | 0x83e | data | English | United States | 0.590047393364929 |
| RT_STRING | 0x497a28 | 0x828 | data | English | United States | 0.5483716475095786 |
| RT_STRING | 0x498250 | 0x85a | data | English | United States | 0.49251637043966323 |
| RT_STRING | 0x498ab0 | 0x6d8 | data | English | United States | 0.605593607305936 |
| RT_STRING | 0x499188 | 0x852 | data | English | United States | 0.39624413145539905 |
| RT_STRING | 0x4999e0 | 0x878 | data | English | United States | 0.5166051660516605 |
| RT_STRING | 0x49a258 | 0x7d4 | data | English | United States | 0.5773453093812375 |
| RT_STRING | 0x49aa30 | 0x7ee | data | English | United States | 0.4945812807881773 |
| RT_STRING | 0x49b220 | 0x454 | data | English | United States | 0.6561371841155235 |
| RT_STRING | 0x49b678 | 0xd2 | data | English | United States | 0.8047619047619048 |
| RT_STRING | 0x49b750 | 0xd8 | data | English | United States | 0.8472222222222222 |
| RT_STRING | 0x49b828 | 0xe8 | data | English | United States | 0.875 |
| RT_STRING | 0x49b910 | 0xdc | data | English | United States | 0.7772727272727272 |
| RT_STRING | 0x49b9f0 | 0x28c | data | English | United States | 0.7147239263803681 |
| RT_STRING | 0x49bc80 | 0x976 | data | English | United States | 0.4149463253509496 |
| RT_STRING | 0x49c5f8 | 0x8e0 | data | English | United States | 0.4652288732394366 |
| RT_STRING | 0x49ced8 | 0x812 | data | English | United States | 0.5880929332042595 |
| RT_STRING | 0x49d6f0 | 0x8e6 | data | English | United States | 0.44688323090430204 |
| RT_STRING | 0x49dfd8 | 0x70c | data | English | United States | 0.5598669623059866 |
| RT_STRING | 0x49e6e8 | 0x3e6 | data | English | United States | 0.531062124248497 |
| RT_STRING | 0x49ead0 | 0x362 | data | English | United States | 0.4907621247113164 |
| RT_STRING | 0x49ee38 | 0x3b2 | data | English | United States | 0.671247357293869 |
| RT_STRING | 0x49f1f0 | 0x37a | data | English | United States | 0.5573033707865168 |
| RT_STRING | 0x49f570 | 0x312 | data | English | United States | 0.6513994910941476 |
| RT_STRING | 0x49f888 | 0x368 | data | English | United States | 0.5791284403669725 |
| RT_STRING | 0x49fbf0 | 0x35e | data | English | United States | 0.5127610208816705 |
| RT_STRING | 0x49ff50 | 0x326 | data | English | United States | 0.6923076923076923 |
| RT_STRING | 0x4a0278 | 0x37e | data | English | United States | 0.610738255033557 |
| RT_STRING | 0x4a05f8 | 0x2d6 | data | English | United States | 0.6556473829201102 |
| RT_STRING | 0x4a08d0 | 0x54 | data | English | United States | 0.6666666666666666 |
| RT_GROUP_ICON | 0x428260 | 0x5a | data | English | United States | 0.7333333333333333 |
| RT_VERSION | 0x43c7d0 | 0x474 | data | English | United States | 0.4412280701754386 |
| RT_MANIFEST | 0x4a0928 | 0x3d2 | XML 1.0 document, ASCII text, with very long lines (864) | English | United States | 0.5398773006134969 |
| DLL | Import |
|---|---|
| ADVAPI32.dll | AddAce, AllocateAndInitializeSid, BuildExplicitAccessWithNameW, BuildSecurityDescriptorW, BuildTrusteeWithSidW, ChangeServiceConfigW, CheckTokenMembership, CloseServiceHandle, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertStringSidToSidW, CopySid, CreateProcessAsUserW, CreateServiceW, DeleteService, DuplicateTokenEx, EqualSid, FreeSid, GetAce, GetAclInformation, GetLengthSid, GetNamedSecurityInfoW, GetSecurityDescriptorControl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorLength, GetSecurityDescriptorOwner, GetSecurityDescriptorSacl, GetSecurityInfo, GetSidIdentifierAuthority, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetTokenInformation, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, ImpersonateLoggedOnUser, ImpersonateNamedPipeClient, InitializeAcl, InitializeSecurityDescriptor, InitializeSid, IsValidAcl, IsValidSecurityDescriptor, IsValidSid, LookupAccountSidW, MakeAbsoluteSD, MakeSelfRelativeSD, OpenProcessToken, OpenSCManagerW, OpenServiceW, OpenThreadToken, QueryServiceConfigW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExA, RegQueryValueExW, RegSetValueExW, RegisterServiceCtrlHandlerW, RegisterTraceGuidsW, RevertToSelf, SetEntriesInAclW, SetNamedSecurityInfoW, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityInfo, SetServiceStatus, StartServiceCtrlDispatcherW, TraceEvent, UnregisterTraceGuids |
| dbghelp.dll | SymCleanup, SymFromAddr, SymGetLineFromAddr64, SymGetSearchPathW, SymInitialize, SymSetOptions, SymSetSearchPathW |
| GDI32.dll | BitBlt, CombineRgn, CreateCompatibleBitmap, CreateCompatibleDC, CreateFontIndirectW, CreateRectRgn, CreateRectRgnIndirect, CreateSolidBrush, DPtoLP, DeleteDC, DeleteObject, ExtTextOutW, FillRgn, GetDeviceCaps, GetObjectW, GetRegionData, GetStockObject, GetTextMetricsW, OffsetRgn, SelectObject, SetBkColor, SetTextColor, SetViewportOrgEx |
| MSIMG32.dll | GradientFill |
| OLEAUT32.dll | LoadRegTypeLib, LoadTypeLib, OleCreateFontIndirect, OleLoadPicturePath, SafeArrayAccessData, SafeArrayCreateVector, SafeArrayDestroy, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayGetVartype, SafeArrayUnaccessData, SysAllocString, SysAllocStringByteLen, SysAllocStringLen, SysFreeString, SysStringLen, SystemTimeToVariantTime, VariantClear, VariantInit |
| SHELL32.dll | CommandLineToArgvW, SHGetFolderPathW, SHGetKnownFolderPath, ShellExecuteExW |
| USER32.dll | AllowSetForegroundWindow, BeginPaint, CallWindowProcW, CharNextW, CharUpperW, ClientToScreen, CopyImage, CopyRect, CreateAcceleratorTableW, CreateDialogIndirectParamW, CreateWindowExW, DefWindowProcW, DestroyAcceleratorTable, DestroyIcon, DestroyWindow, DispatchMessageW, EnableMenuItem, EnableWindow, EndDialog, EndPaint, EnumChildWindows, FillRect, FrameRect, GetActiveWindow, GetClassInfoExW, GetClassNameW, GetClientRect, GetCursorPos, GetDC, GetDesktopWindow, GetDlgItem, GetFocus, GetMenuState, GetMessageW, GetMonitorInfoW, GetParent, GetQueueStatus, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTopWindow, GetWindow, GetWindowLongW, GetWindowRect, GetWindowTextLengthW, GetWindowTextW, InflateRect, InvalidateRect, InvalidateRgn, IsChild, IsDialogMessageW, IsMenu, IsRectEmpty, IsWindow, IsWindowVisible, KillTimer, LoadCursorW, LoadImageW, MapDialogRect, MapWindowPoints, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjectsEx, OffsetRect, PeekMessageW, PostMessageW, PostQuitMessage, PostThreadMessageW, RedrawWindow, RegisterClassExW, RegisterClassW, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, ScreenToClient, SendDlgItemMessageW, SendMessageW, SetActiveWindow, SetCapture, SetDlgItemTextW, SetFocus, SetForegroundWindow, SetTimer, SetWindowContextHelpId, SetWindowLongW, SetWindowPos, SetWindowTextW, ShowWindow, SystemParametersInfoW, TranslateMessage, UnregisterClassW, UpdateWindow |
| KERNEL32.dll | AcquireSRWLockExclusive, AcquireSRWLockShared, AddVectoredExceptionHandler, AssignProcessToJobObject, CloseHandle, CompareStringW, ConnectNamedPipe, CopyFileW, CreateDirectoryW, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateIoCompletionPort, CreateMutexW, CreateNamedPipeW, CreatePipe, CreateProcessW, CreateSemaphoreW, CreateThread, CreateToolhelp32Snapshot, DecodePointer, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DisconnectNamedPipe, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExpandEnvironmentStringsW, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FindResourceExW, FindResourceW, FlushFileBuffers, FlushInstructionCache, FlushViewOfFile, FormatMessageA, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDiskFreeSpaceExW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileSizeEx, GetFileTime, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHeap, GetProcessId, GetProcessMitigationPolicy, GetProcessTimes, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDefaultLCID, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetThreadContext, GetThreadId, GetThreadLocale, GetThreadPreferredUILanguages, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserPreferredUILanguages, GetVersionExW, GetWindowsDirectoryW, GlobalAlloc, GlobalFree, GlobalHandle, GlobalLock, GlobalMemoryStatusEx, GlobalUnlock, HeapAlloc, HeapDestroy, HeapFree, HeapReAlloc, HeapSetInformation, HeapSize, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, InitializeSRWLock, InterlockedPopEntrySList, InterlockedPushEntrySList, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetModuleInformation, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalFree, LockFileEx, LockResource, MapViewOfFile, MoveFileExW, MoveFileW, MulDiv, MultiByteToWideChar, OpenProcess, OutputDebugStringA, OutputDebugStringW, PeekNamedPipe, PostQueuedCompletionStatus, Process32FirstW, Process32NextW, ProcessIdToSessionId, QueryFullProcessImageNameW, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, RegisterWaitForSingleObject, ReleaseMutex, ReleaseSRWLockExclusive, ReleaseSRWLockShared, ReleaseSemaphore, RemoveDirectoryW, RemoveVectoredExceptionHandler, ReplaceFileW, ResetEvent, ResumeThread, RtlCaptureStackBackTrace, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFileInformationByHandle, SetFilePointer, SetFilePointerEx, SetFileTime, SetHandleInformation, SetLastError, SetNamedPipeHandleState, SetProcessShutdownParameters, SetStdHandle, SetThreadInformation, SetThreadPriority, SetUnhandledExceptionFilter, SizeofResource, Sleep, SleepConditionVariableSRW, SleepEx, SuspendThread, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TransactNamedPipe, TryAcquireSRWLockExclusive, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, UnlockFileEx, UnmapViewOfFile, UnregisterWaitEx, UpdateProcThreadAttribute, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, VirtualQueryEx, WTSGetActiveConsoleSessionId, WaitForSingleObject, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, lstrcmpW |
| ole32.dll | CLSIDFromProgID, CLSIDFromString, CoAddRefServerProcess, CoCreateGuid, CoCreateInstance, CoGetClassObject, CoImpersonateClient, CoInitializeEx, CoInitializeSecurity, CoRegisterClassObject, CoRegisterInitializeSpy, CoReleaseServerProcess, CoResumeClassObjects, CoRevertToSelf, CoRevokeClassObject, CoRevokeInitializeSpy, CoSetProxyBlanket, CoTaskMemAlloc, CoTaskMemFree, CoUninitialize, CreateStreamOnHGlobal, IIDFromString, OleInitialize, OleLockRunning, OleUninitialize, StringFromGUID2 |
| Secur32.dll | GetUserNameExW |
| WTSAPI32.dll | WTSEnumerateSessionsW, WTSFreeMemory, WTSQuerySessionInformationW |
| USERENV.dll | CreateEnvironmentBlock, DestroyEnvironmentBlock, EnterCriticalPolicySection, LeaveCriticalPolicySection, UnloadUserProfile |
| COMCTL32.dll | InitCommonControlsEx, _TrackMouseEvent |
| WINHTTP.dll | WinHttpAddRequestHeaders, WinHttpCloseHandle, WinHttpConnect, WinHttpCrackUrl, WinHttpGetProxyForUrl, WinHttpOpen, WinHttpOpenRequest, WinHttpQueryHeaders, WinHttpReadData, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpSetOption, WinHttpSetStatusCallback, WinHttpSetTimeouts, WinHttpWriteData |
| UxTheme.dll | SetWindowTheme |
| SHLWAPI.dll | PathMatchSpecW |
| ntdll.dll | NtDeleteKey |
| WINMM.dll | timeBeginPeriod, timeEndPeriod, timeGetTime |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| api-ms-win-core-winrt-l1-1-0.dll | RoInitialize, RoUninitialize |
| Name | Ordinal | Address |
|---|---|---|
| GetHandleVerifier | 1 | 0x4d79f0 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-01T15:55:26.771372+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 4.175.87.197 | 443 | 192.168.2.6 | 49774 | TCP |
| 2024-11-01T15:55:48.258634+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 20.109.210.53 | 443 | 192.168.2.6 | 57376 | TCP |
| 2024-11-01T15:55:49.408023+0100 | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 1 | 20.109.210.53 | 443 | 192.168.2.6 | 57384 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 1, 2024 15:55:28.170046091 CET | 53 | 51640 | 1.1.1.1 | 192.168.2.6 |
| Nov 1, 2024 15:55:41.858015060 CET | 53 | 61871 | 162.159.36.2 | 192.168.2.6 |
| Nov 1, 2024 15:55:42.476671934 CET | 53050 | 53 | 192.168.2.6 | 1.1.1.1 |
| Nov 1, 2024 15:55:42.484972000 CET | 53 | 53050 | 1.1.1.1 | 192.168.2.6 |
| Nov 1, 2024 15:55:45.033510923 CET | 61869 | 53 | 192.168.2.6 | 1.1.1.1 |
| Nov 1, 2024 15:55:45.041007996 CET | 53 | 61869 | 1.1.1.1 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Nov 1, 2024 15:55:42.476671934 CET | 192.168.2.6 | 1.1.1.1 | 0x8176 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
| Nov 1, 2024 15:55:45.033510923 CET | 192.168.2.6 | 1.1.1.1 | 0xe758 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Nov 1, 2024 15:55:42.484972000 CET | 1.1.1.1 | 192.168.2.6 | 0x8176 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
| Nov 1, 2024 15:55:45.041007996 CET | 1.1.1.1 | 192.168.2.6 | 0xe758 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
| Target ID: | 0 |
| Start time: | 10:55:07 |
| Start date: | 01/11/2024 |
| Path: | C:\Users\user\Desktop\dAYksbWyFS.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x500000 |
| File size: | 4'962'863 bytes |
| MD5 hash: | 18390350844942315DF7E588671B4B4E |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D12C0 Relevance: 11.6, Strings: 8, Instructions: 1603COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007D7540 Relevance: 6.9, Strings: 5, Instructions: 606COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D5430 Relevance: 6.8, APIs: 4, Instructions: 802COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F93D0 Relevance: 6.5, APIs: 4, Instructions: 494COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00587420 Relevance: 5.0, Strings: 1, Instructions: 3785COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0051E710 Relevance: 4.7, Strings: 3, Instructions: 990COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00654CE0 Relevance: 4.1, Strings: 3, Instructions: 397COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00677210 Relevance: 3.5, APIs: 2, Instructions: 486COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006802C0 Relevance: 3.3, APIs: 2, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0064C330 Relevance: 3.2, APIs: 2, Instructions: 227COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0052CB90 Relevance: 3.1, Strings: 2, Instructions: 584COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00583540 Relevance: 3.0, Strings: 2, Instructions: 499COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005D4910 Relevance: 2.9, Strings: 2, Instructions: 377COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065A410 Relevance: 1.9, Strings: 1, Instructions: 636COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0065E440 Relevance: 1.9, APIs: 1, Instructions: 354COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005FC4D0 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00675280 Relevance: 1.7, Strings: 1, Instructions: 427COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E33A0 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0060AEA0 Relevance: 1.6, Strings: 1, Instructions: 366COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00746080 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076AD74 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076AD60 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076AD68 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F6810 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0074AFE0 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076AD7C Relevance: 1.5, Strings: 1, Instructions: 271COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0061CA20 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0061C710 Relevance: 1.5, Strings: 1, Instructions: 250COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007825F6 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007825C6 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0061AA00 Relevance: 1.2, Instructions: 1243COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00644AB0 Relevance: .7, Instructions: 713COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067EBF0 Relevance: .7, Instructions: 705COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00806E20 Relevance: .7, Instructions: 662COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007128C0 Relevance: .6, Instructions: 641COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00698A80 Relevance: .6, Instructions: 622COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0067B0C0 Relevance: .6, Instructions: 597COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E2A20 Relevance: .6, Instructions: 569COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005FAB50 Relevance: .6, Instructions: 568COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0064CFF0 Relevance: .6, Instructions: 563COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0074C970 Relevance: .6, Instructions: 555COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00748AA0 Relevance: .6, Instructions: 555COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00660000 Relevance: .6, Instructions: 554COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00713320 Relevance: .5, Instructions: 538COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E3590 Relevance: .5, Instructions: 538COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0058C420 Relevance: .5, Instructions: 504COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007A10DA Relevance: .5, Instructions: 504COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00664980 Relevance: .5, Instructions: 475COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00683170 Relevance: .5, Instructions: 470COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0080C070 Relevance: .4, Instructions: 450COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00504A80 Relevance: .4, Instructions: 443COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0056B1C0 Relevance: .4, Instructions: 440COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0085D510 Relevance: .4, Instructions: 434COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007A120E Relevance: .4, Instructions: 420COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007A10B0 Relevance: .4, Instructions: 410COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006309F0 Relevance: .4, Instructions: 408COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00716AD0 Relevance: .4, Instructions: 402COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00748520 Relevance: .4, Instructions: 399COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0070E460 Relevance: .4, Instructions: 393COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C3460 Relevance: .4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00668790 Relevance: .4, Instructions: 380COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00618980 Relevance: .4, Instructions: 364COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005FA620 Relevance: .4, Instructions: 359COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006806D0 Relevance: .4, Instructions: 354COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007A11E1 Relevance: .3, Instructions: 343COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0050D457 Relevance: .3, Instructions: 341COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00505010 Relevance: .3, Instructions: 336COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006555E0 Relevance: .3, Instructions: 331COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005CA470 Relevance: .3, Instructions: 328COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008070E8 Relevance: .3, Instructions: 328COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007A11F9 Relevance: .3, Instructions: 306COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00776010 Relevance: .3, Instructions: 302COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0080EAF8 Relevance: .3, Instructions: 299COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00794C80 Relevance: .3, Instructions: 277COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008072A8 Relevance: .3, Instructions: 276COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0080551C Relevance: .3, Instructions: 276COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006F53E1 Relevance: .3, Instructions: 269COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0060B490 Relevance: .3, Instructions: 265COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007A1281 Relevance: .3, Instructions: 258COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00756870 Relevance: .2, Instructions: 248COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0074E540 Relevance: .2, Instructions: 245COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007A12A6 Relevance: .2, Instructions: 245COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00787050 Relevance: .2, Instructions: 242COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007A12D3 Relevance: .2, Instructions: 233COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0060A0B0 Relevance: .2, Instructions: 213COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C4050 Relevance: .2, Instructions: 211COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00788980 Relevance: .2, Instructions: 211COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00785270 Relevance: .2, Instructions: 209COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007986B0 Relevance: .2, Instructions: 206COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006992B0 Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005ACE00 Relevance: .2, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076E9D0 Relevance: .2, Instructions: 195COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076B080 Relevance: .2, Instructions: 195COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0059D0B0 Relevance: .2, Instructions: 188COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005AC6F0 Relevance: .2, Instructions: 173COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00667410 Relevance: .2, Instructions: 160COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005032A2 Relevance: .2, Instructions: 152COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005C2DC0 Relevance: .1, Instructions: 141COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00616D80 Relevance: .1, Instructions: 137COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00756610 Relevance: .1, Instructions: 135COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00773290 Relevance: .1, Instructions: 135COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0078C7C1 Relevance: .1, Instructions: 133COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0078C7C9 Relevance: .1, Instructions: 120COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00793500 Relevance: .1, Instructions: 110COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0056A2A0 Relevance: .1, Instructions: 100COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00642FE0 Relevance: .1, Instructions: 93COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00801154 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0080115C Relevance: .1, Instructions: 89COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00801158 Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00501000 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005043C0 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0052C7E0 Relevance: 11.6, Strings: 9, Instructions: 327COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006E62D2 Relevance: 10.7, APIs: 7, Instructions: 190COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006E918A Relevance: 10.7, APIs: 7, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005E8650 Relevance: 10.1, Strings: 8, Instructions: 118COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006DCD39 Relevance: 9.2, Strings: 7, Instructions: 456COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006E8806 Relevance: 9.2, APIs: 6, Instructions: 201COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006F2BEC Relevance: 7.7, APIs: 5, Instructions: 248COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006E45BF Relevance: 6.2, APIs: 4, Instructions: 192COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006E85D4 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006E33E5 Relevance: 6.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006E8D62 Relevance: 6.1, APIs: 4, Instructions: 131COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 006E2E47 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 005F4370 Relevance: 5.2, Strings: 4, Instructions: 179COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|