Windows
Analysis Report
99.exe
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 99.exe (PID: 3800 cmdline:
"C:\Users\ user\Deskt op\99.exe" MD5: D493468D3A2924D4C9C235451C67E2AA)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Keylogger_Generic | Yara detected Keylogger Generic | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0053C235 |
Source: | Code function: | 0_2_1000710E | |
Source: | Code function: | 0_2_1000710E | |
Source: | Code function: | 0_2_1000710E | |
Source: | Code function: | 0_2_1000710E | |
Source: | Code function: | 0_2_1001A199 | |
Source: | Code function: | 0_2_100193C2 | |
Source: | Code function: | 0_2_100193C2 | |
Source: | Code function: | 0_2_100198CC | |
Source: | Code function: | 0_2_10018AD3 | |
Source: | Code function: | 0_2_10018AD3 | |
Source: | Code function: | 0_2_10018EEA | |
Source: | Code function: | 0_2_10007FDD | |
Source: | Code function: | 0_2_1001A031 | |
Source: | Code function: | 0_2_10006051 | |
Source: | Code function: | 0_2_10006051 | |
Source: | Code function: | 0_2_10014096 | |
Source: | Code function: | 0_2_10014096 | |
Source: | Code function: | 0_2_1000210D | |
Source: | Code function: | 0_2_1000210D | |
Source: | Code function: | 0_2_10003116 | |
Source: | Code function: | 0_2_10010199 | |
Source: | Code function: | 0_2_1001419C | |
Source: | Code function: | 0_2_1001419C | |
Source: | Code function: | 0_2_100111A7 | |
Source: | Code function: | 0_2_100151BD | |
Source: | Code function: | 0_2_100151BD | |
Source: | Code function: | 0_2_100151BD | |
Source: | Code function: | 0_2_1001D1C4 | |
Source: | Code function: | 0_2_1001D1C4 | |
Source: | Code function: | 0_2_100221E2 | |
Source: | Code function: | 0_2_100221E2 | |
Source: | Code function: | 0_2_100221E2 | |
Source: | Code function: | 0_2_100221E2 | |
Source: | Code function: | 0_2_100221E2 | |
Source: | Code function: | 0_2_100101FB | |
Source: | Code function: | 0_2_10014203 | |
Source: | Code function: | 0_2_1001121A | |
Source: | Code function: | 0_2_1001121A | |
Source: | Code function: | 0_2_1001121A | |
Source: | Code function: | 0_2_1001121A | |
Source: | Code function: | 0_2_1001121A | |
Source: | Code function: | 0_2_1001121A | |
Source: | Code function: | 0_2_1001221F | |
Source: | Code function: | 0_2_1001221F | |
Source: | Code function: | 0_2_1001A236 | |
Source: | Code function: | 0_2_10010255 | |
Source: | Code function: | 0_2_10010255 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1002129C | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1001F2ED | |
Source: | Code function: | 0_2_1000833D | |
Source: | Code function: | 0_2_1000634E | |
Source: | Code function: | 0_2_1000B353 | |
Source: | Code function: | 0_2_10026356 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_10014289 | |
Source: | Code function: | 0_2_100253E7 | |
Source: | Code function: | 0_2_1000B3F0 | |
Source: | Code function: | 0_2_10002461 | |
Source: | Code function: | 0_2_1000F472 | |
Source: | Code function: | 0_2_1001847E | |
Source: | Code function: | 0_2_10025484 | |
Source: | Code function: | 0_2_10025484 | |
Source: | Code function: | 0_2_10006495 | |
Source: | Code function: | 0_2_100024AC | |
Source: | Code function: | 0_2_100024AC | |
Source: | Code function: | 0_2_100024AC | |
Source: | Code function: | 0_2_100024AC | |
Source: | Code function: | 0_2_1001A4E7 | |
Source: | Code function: | 0_2_1000B61E | |
Source: | Code function: | 0_2_1001363D | |
Source: | Code function: | 0_2_1001363D | |
Source: | Code function: | 0_2_10011653 | |
Source: | Code function: | 0_2_10011653 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1000C655 | |
Source: | Code function: | 0_2_1001A6C7 | |
Source: | Code function: | 0_2_100246E4 | |
Source: | Code function: | 0_2_1001A6F8 | |
Source: | Code function: | 0_2_1001A6F8 | |
Source: | Code function: | 0_2_1001A6F8 | |
Source: | Code function: | 0_2_1001A6F8 | |
Source: | Code function: | 0_2_1001A6F8 | |
Source: | Code function: | 0_2_1001A6F8 | |
Source: | Code function: | 0_2_100236FF | |
Source: | Code function: | 0_2_100236FF | |
Source: | Code function: | 0_2_10011772 | |
Source: | Code function: | 0_2_10024781 | |
Source: | Code function: | 0_2_10024781 | |
Source: | Code function: | 0_2_1002378A | |
Source: | Code function: | 0_2_1002378A | |
Source: | Code function: | 0_2_1002378A | |
Source: | Code function: | 0_2_1002378A | |
Source: | Code function: | 0_2_1002378A | |
Source: | Code function: | 0_2_100137A3 | |
Source: | Code function: | 0_2_1000A7A2 | |
Source: | Code function: | 0_2_1000F7AC | |
Source: | Code function: | 0_2_10018801 | |
Source: | Code function: | 0_2_10017804 | |
Source: | Code function: | 0_2_10011772 | |
Source: | Code function: | 0_2_1001385A | |
Source: | Code function: | 0_2_10022882 | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_1001A8BE | |
Source: | Code function: | 0_2_100188E1 | |
Source: | Code function: | 0_2_1000B90D | |
Source: | Code function: | 0_2_10025977 | |
Source: | Code function: | 0_2_100259D9 | |
Source: | Code function: | 0_2_100189E6 | |
Source: | Code function: | 0_2_1000FA6F | |
Source: | Code function: | 0_2_10022A80 | |
Source: | Code function: | 0_2_10010AD6 | |
Source: | Code function: | 0_2_10010AD6 | |
Source: | Code function: | 0_2_1001BADE | |
Source: | Code function: | 0_2_10008B27 | |
Source: | Code function: | 0_2_1001BB29 | |
Source: | Code function: | 0_2_10015B34 | |
Source: | Code function: | 0_2_10012B40 | |
Source: | Code function: | 0_2_1001DB5C | |
Source: | Code function: | 0_2_1001DB5C | |
Source: | Code function: | 0_2_10017B68 | |
Source: | Code function: | 0_2_10008BC4 | |
Source: | Code function: | 0_2_10007BCA | |
Source: | Code function: | 0_2_10013C18 | |
Source: | Code function: | 0_2_10011C1A | |
Source: | Code function: | 0_2_10024C38 | |
Source: | Code function: | 0_2_1001AC51 | |
Source: | Code function: | 0_2_1001AC51 | |
Source: | Code function: | 0_2_1001AC51 | |
Source: | Code function: | 0_2_10006C96 | |
Source: | Code function: | 0_2_1000FCB0 | |
Source: | Code function: | 0_2_10017D41 | |
Source: | Code function: | 0_2_10017D41 | |
Source: | Code function: | 0_2_1000FD4D | |
Source: | Code function: | 0_2_10001D56 | |
Source: | Code function: | 0_2_10008DA3 | |
Source: | Code function: | 0_2_10007DB8 | |
Source: | Code function: | 0_2_1000FDEA | |
Source: | Code function: | 0_2_10008E40 | |
Source: | Code function: | 0_2_10007E55 | |
Source: | Code function: | 0_2_10007E55 | |
Source: | Code function: | 0_2_10011E89 | |
Source: | Code function: | 0_2_10017ECA | |
Source: | Code function: | 0_2_10008EDD | |
Source: | Code function: | 0_2_1000FF10 | |
Source: | Code function: | 0_2_1001BFA0 | |
Source: | Code function: | 0_2_1001BFA0 | |
Source: | Code function: | 0_2_1001BFA0 | |
Source: | Code function: | 0_2_1001BFA0 | |
Source: | Code function: | 0_2_1001BFA0 | |
Source: | Code function: | 0_2_10013FC8 | |
Source: | Code function: | 0_2_10005FDA |
Source: | Code function: | 0_2_00510400 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_1001F2ED |
Source: | Binary or memory string: | memstr_86e88561-1 |
Source: | Code function: | 0_2_0054090F |
Source: | File source: |
Source: | Code function: | 0_2_10007FDD | |
Source: | Code function: | 0_2_1001419C | |
Source: | Code function: | 0_2_1001221F |
Source: | Code function: | 0_2_0053E089 | |
Source: | Code function: | 0_2_0046C0E4 | |
Source: | Code function: | 0_2_0045108F | |
Source: | Code function: | 0_2_004C1190 | |
Source: | Code function: | 0_2_004CB610 | |
Source: | Code function: | 0_2_004C98C0 | |
Source: | Code function: | 0_2_004688EA | |
Source: | Code function: | 0_2_004E5A10 | |
Source: | Code function: | 0_2_00533A36 | |
Source: | Code function: | 0_2_00433C2C | |
Source: | Code function: | 0_2_004ACCC0 | |
Source: | Code function: | 0_2_00537C82 | |
Source: | Code function: | 0_2_0048FCAC | |
Source: | Code function: | 0_2_100032EA | |
Source: | Code function: | 0_2_10002628 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_004C0410 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_0052D112 | |
Source: | Code function: | 0_2_0040AAA9 | |
Source: | Code function: | 0_2_0040AB63 | |
Source: | Code function: | 0_2_0052AD8E | |
Source: | Code function: | 0_2_1002C7FC |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_00528D93 | |
Source: | Code function: | 0_2_1001F2ED |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Evasive API call chain: | graph_0-104409 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_00421D8D |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Evasive API call chain: | graph_0-103869 |
Source: | Code function: | 0_2_0053C235 |
Source: | Code function: | 0_2_0041C420 |
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-104523 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00421D8D |
Source: | Code function: | 0_2_10004B1B |
Source: | Code function: | 0_2_004C0410 |
Source: | Code function: | 0_2_0042025F | |
Source: | Code function: | 0_2_004159DC | |
Source: | Code function: | 0_2_0041CB04 | |
Source: | Code function: | 0_2_00416E5A | |
Source: | Code function: | 0_2_1001A4C7 | |
Source: | Code function: | 0_2_1000AE99 |
Source: | Code function: | 0_2_004AD790 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_0042E43B |
Source: | Code function: | 0_2_0052C1C0 |
Source: | Code function: | 0_2_0052C1C0 |
Source: | Code function: | 0_2_0053E089 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Native API | 1 LSASS Driver | 1 Process Injection | 1 Masquerading | 21 Input Capture | 2 System Time Discovery | Remote Services | 1 Screen Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 LSASS Driver | 1 Process Injection | LSASS Memory | 21 Security Software Discovery | Remote Desktop Protocol | 21 Input Capture | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | 1 Archive Collected Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 4 Obfuscated Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Software Packing | LSA Secrets | 3 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 14 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | ReversingLabs | Win32.Trojan.Generic | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1559173 |
Start date and time: | 2024-11-20 09:20:13 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 18s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 99.exe |
Detection: | MAL |
Classification: | mal72.evad.winEXE@1/4@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- VT rate limit hit for: 99.exe
Time | Type | Description |
---|---|---|
03:21:14 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\709f3c.tmp | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | ADWIND, Lokibot, Ramnit, Sality | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Bdaejec | Browse |
Process: | C:\Users\user\Desktop\99.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1699896 |
Entropy (8bit): | 6.290547513916722 |
Encrypted: | false |
SSDEEP: | 24576:0Na0qyFU/vb313JPCGucMBbruVALdpNQHKl3y9UfSj6HYZY8zCixcq:kFU3b3HucMBbrb/qj98deCNq |
MD5: | 5564A98A4692BA8B2D25770FB834D5F6 |
SHA1: | 129D030D817F6B25D1FDEF2CAD33EB81DE1DEA8B |
SHA-256: | 28AB9A0F5F50FD5398324B5EC099F5C53C6FAA701C3F6D8B0B3DA47A76C56230 |
SHA-512: | D803E2E3425095E170910103A4470C598FD4A9A10C1217A006A6393CD1ECA06D1C628E845F6FD1071F1C92778D481F47E4E5F175005FEC2CB0A7519C90992858 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\99.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1679648 |
Entropy (8bit): | 5.3288490918902225 |
Encrypted: | false |
SSDEEP: | 24576:nB79uCigstmh6JVZ3et1NtJJBwuCx59U4IgL5pc6:JXh2LeXJBwuOTU4I56 |
MD5: | 2E8AB67DC55089DFBCBFA7710BD15B07 |
SHA1: | 159434853CE512029314C6B70070220D251A924A |
SHA-256: | 2BCC4FD8A4D3C4033A81702E1B685860BE78D6F1A7E980F2E7593C59656F2706 |
SHA-512: | 7898B7B48685A2079BC77210464C448025E5BECB25EDDF3FB612A320B627FDB45AFF12D4913ADA98524E2C4718D74E911CE007F4DE6E3F2BB7184CDFAC5A0E5F |
Malicious: | false |
Antivirus: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\99.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 948 |
Entropy (8bit): | 7.728195311771606 |
Encrypted: | false |
SSDEEP: | 24:UuSWKxtY2W6uojEOHLLOtAi0vjaWrUXwUKTZO+1vI8:UubQvW6njvHLLFRuDXwXV/1vP |
MD5: | 8014CC830D75442D7FCD99817BCF53BF |
SHA1: | 7DA4E534B0762848C6625A10C16750487D1FD560 |
SHA-256: | 994EF96AC1EA8D8204528A6F3BC34E6389B4CF4A6236E2E49D50DA7B9B7F6CEA |
SHA-512: | E18141F4EA45D951858EA1AD8A388BF887712F456FFD33B643F2352E13BC2C7F3120CE2041EE2895CF8F098928C815F55ABDD23BAB138FF306EBC92B4EF4F355 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\99.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 3.52164063634332 |
Encrypted: | false |
SSDEEP: | 3:z:z |
MD5: | 9B7324D9076B1DACF2A6D40EE2B806E7 |
SHA1: | B239E85A0446F88F66113108E8CA7D095EC7A80D |
SHA-256: | A7C468945151C41FACB3A970AA723A5AE947A3733C533C9B339B17E0AF2A2814 |
SHA-512: | F23D9A36986D27557858A42B29C13668F51712B63505F9567A75BB678AA92BBA22620397E933C6D615C045ACACBDAD02BC317BD7170031F858238BC586B34F36 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.617119395721113 |
TrID: |
|
File name: | 99.exe |
File size: | 2'240'512 bytes |
MD5: | d493468d3a2924d4c9c235451c67e2aa |
SHA1: | d9f76deb08187b4c70cca18eccb456f0571f6404 |
SHA256: | 159b20c6cdcee8b9c746d8b7d97efc8a24bc50e4e124715839178b61f30eccce |
SHA512: | d8a787dfd3ec1c934769b20c0c4da6b115d7d055f8d8406c85f5ebdb59be5b609b02d1b7274579ac243525a3689deb1633efaa124afab8fd99848ff52efe786e |
SSDEEP: | 24576:5my2zSUR17sXRZ6/xtZRBmYVOs2PmyPG2aB7yAYpJpXdvCHBIZ140Q5Vv1gXvXlA:0y6gi/jcPPHaBqrNvChuQWvkvt |
TLSH: | D7A58D13F002C0B2D1562AF262A51B386EB48B653D79CE9BEBF0DD767CB1432972650D |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......d..A ... ... ...O...)...O...&...........[...%...v.......B...<... ...........#.......K...............!.......@.......;... ...{.. |
Icon Hash: | 1c304bcb217568c2 |
Entrypoint: | 0x529787 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x662919A3 [Wed Apr 24 14:39:31 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | decc92b221bcaf0a3b2a322cbb570101 |
Instruction |
---|
push ebp |
mov ebp, esp |
push FFFFFFFFh |
push 005E8A58h |
push 0052C5D4h |
mov eax, dword ptr fs:[00000000h] |
push eax |
mov dword ptr fs:[00000000h], esp |
sub esp, 58h |
push ebx |
push esi |
push edi |
mov dword ptr [ebp-18h], esp |
call dword ptr [0054C3E0h] |
xor edx, edx |
mov dl, ah |
mov dword ptr [00647F04h], edx |
mov ecx, eax |
and ecx, 000000FFh |
mov dword ptr [00647F00h], ecx |
shl ecx, 08h |
add ecx, edx |
mov dword ptr [00647EFCh], ecx |
shr eax, 10h |
mov dword ptr [00647EF8h], eax |
push 00000001h |
call 00007F9AACB33A7Dh |
pop ecx |
test eax, eax |
jne 00007F9AACB2D98Ah |
push 0000001Ch |
call 00007F9AACB2DA48h |
pop ecx |
call 00007F9AACB33828h |
test eax, eax |
jne 00007F9AACB2D98Ah |
push 00000010h |
call 00007F9AACB2DA37h |
pop ecx |
xor esi, esi |
mov dword ptr [ebp-04h], esi |
call 00007F9AACB33656h |
call dword ptr [0054C360h] |
mov dword ptr [0064D144h], eax |
call 00007F9AACB33514h |
mov dword ptr [00647E70h], eax |
call 00007F9AACB332BDh |
call 00007F9AACB331FFh |
call 00007F9AACB32130h |
mov dword ptr [ebp-30h], esi |
lea eax, dword ptr [ebp-5Ch] |
push eax |
call dword ptr [0054C1D4h] |
call 00007F9AACB33190h |
mov dword ptr [ebp-64h], eax |
test byte ptr [ebp-30h], 00000001h |
je 00007F9AACB2D988h |
movzx eax, word ptr [ebp+00h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1f1890 | 0x12c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x24e000 | 0x1568c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x14c000 | 0x7d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x14a85e | 0x14b000 | 6f14ecc7cf3e459d5df02e328092d43c | False | 0.4123793310989426 | data | 6.44187498568618 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x14c000 | 0xa80ee | 0xa9000 | a2ee2a68d142c53e46d8e56190dc544f | False | 0.603280152089497 | data | 6.79861789008601 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1f5000 | 0x5814a | 0x18000 | c531c5ee17ec5d323660daeb3c163e65 | False | 0.3048299153645833 | data | 5.07229830630416 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x24e000 | 0x1568c | 0x16000 | e507daa535c765cf11e73ac71f82fd56 | False | 0.6083873401988636 | data | 6.504507331161947 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x24eb9c | 0xb | ASCII text, with no line terminators | Chinese | China | 1.7272727272727273 |
TEXTINCLUDE | 0x24eba8 | 0x16 | data | Chinese | China | 1.3636363636363635 |
TEXTINCLUDE | 0x24ebc0 | 0x151 | C source, ASCII text, with CRLF line terminators | Chinese | China | 0.6201780415430267 |
RT_CURSOR | 0x24ed14 | 0x134 | data | Chinese | China | 0.5811688311688312 |
RT_CURSOR | 0x24ee48 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.37662337662337664 |
RT_CURSOR | 0x24ef7c | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | Chinese | China | 0.4805194805194805 |
RT_CURSOR | 0x24f0b0 | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | Chinese | China | 0.7 |
RT_BITMAP | 0x24f164 | 0x248 | Device independent bitmap graphic, 64 x 15 x 4, image size 480 | Chinese | China | 0.3407534246575342 |
RT_BITMAP | 0x24f3ac | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | Chinese | China | 0.4444444444444444 |
RT_BITMAP | 0x24f4f0 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.26453488372093026 |
RT_BITMAP | 0x24f648 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.2616279069767442 |
RT_BITMAP | 0x24f7a0 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.2441860465116279 |
RT_BITMAP | 0x24f8f8 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.24709302325581395 |
RT_BITMAP | 0x24fa50 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m | Chinese | China | 0.2238372093023256 |
RT_BITMAP | 0x24fba8 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240 | Chinese | China | 0.19476744186046513 |
RT_BITMAP | 0x24fd00 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240 | Chinese | China | 0.20930232558139536 |
RT_BITMAP | 0x24fe58 | 0x158 | Device independent bitmap graphic, 20 x 20 x 4, image size 240 | Chinese | China | 0.18895348837209303 |
RT_BITMAP | 0x24ffb0 | 0x5e4 | Device independent bitmap graphic, 70 x 39 x 4, image size 1404 | Chinese | China | 0.34615384615384615 |
RT_BITMAP | 0x250594 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | Chinese | China | 0.44565217391304346 |
RT_BITMAP | 0x25064c | 0x16c | Device independent bitmap graphic, 39 x 13 x 4, image size 260 | Chinese | China | 0.28296703296703296 |
RT_BITMAP | 0x2507b8 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | Chinese | China | 0.37962962962962965 |
RT_ICON | 0x2508fc | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Chinese | China | 0.26344086021505375 |
RT_ICON | 0x250be4 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Chinese | China | 0.41216216216216217 |
RT_ICON | 0x250d0c | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536 | 0.7020140778421862 | ||
RT_MENU | 0x261534 | 0xc | data | Chinese | China | 1.5 |
RT_MENU | 0x261540 | 0x284 | data | Chinese | China | 0.5 |
RT_DIALOG | 0x2617c4 | 0x98 | data | Chinese | China | 0.7171052631578947 |
RT_DIALOG | 0x26185c | 0x17a | data | Chinese | China | 0.5185185185185185 |
RT_DIALOG | 0x2619d8 | 0xfa | data | Chinese | China | 0.696 |
RT_DIALOG | 0x261ad4 | 0xea | data | Chinese | China | 0.6239316239316239 |
RT_DIALOG | 0x261bc0 | 0x8ae | data | Chinese | China | 0.39603960396039606 |
RT_DIALOG | 0x262470 | 0xb2 | data | Chinese | China | 0.7359550561797753 |
RT_DIALOG | 0x262524 | 0xcc | data | Chinese | China | 0.7647058823529411 |
RT_DIALOG | 0x2625f0 | 0xb2 | data | Chinese | China | 0.6629213483146067 |
RT_DIALOG | 0x2626a4 | 0xe2 | data | Chinese | China | 0.6637168141592921 |
RT_DIALOG | 0x262788 | 0x18c | data | Chinese | China | 0.5227272727272727 |
RT_STRING | 0x262914 | 0x50 | data | Chinese | China | 0.85 |
RT_STRING | 0x262964 | 0x2c | data | Chinese | China | 0.5909090909090909 |
RT_STRING | 0x262990 | 0x78 | data | Chinese | China | 0.925 |
RT_STRING | 0x262a08 | 0x1c4 | data | Chinese | China | 0.8141592920353983 |
RT_STRING | 0x262bcc | 0x12a | data | Chinese | China | 0.5201342281879194 |
RT_STRING | 0x262cf8 | 0x146 | data | Chinese | China | 0.6288343558282209 |
RT_STRING | 0x262e40 | 0x40 | data | Chinese | China | 0.65625 |
RT_STRING | 0x262e80 | 0x64 | data | Chinese | China | 0.73 |
RT_STRING | 0x262ee4 | 0x1d8 | data | Chinese | China | 0.6758474576271186 |
RT_STRING | 0x2630bc | 0x114 | data | Chinese | China | 0.6376811594202898 |
RT_STRING | 0x2631d0 | 0x24 | data | Chinese | China | 0.4444444444444444 |
RT_GROUP_CURSOR | 0x2631f4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.25 |
RT_GROUP_CURSOR | 0x263208 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | Chinese | China | 1.25 |
RT_GROUP_CURSOR | 0x26321c | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | Chinese | China | 1.0294117647058822 |
RT_GROUP_ICON | 0x263240 | 0x14 | data | 1.25 | ||
RT_GROUP_ICON | 0x263254 | 0x14 | data | Chinese | China | 1.2 |
RT_GROUP_ICON | 0x263268 | 0x14 | data | Chinese | China | 1.25 |
RT_VERSION | 0x26327c | 0x240 | data | Chinese | China | 0.5642361111111112 |
RT_MANIFEST | 0x2634bc | 0x1cd | XML 1.0 document, ASCII text, with very long lines (461), with no line terminators | 0.5878524945770065 |
DLL | Import |
---|---|
WINMM.dll | midiStreamOut, midiOutPrepareHeader, midiStreamProperty, midiStreamOpen, midiOutUnprepareHeader, waveOutOpen, waveOutUnprepareHeader, waveOutPrepareHeader, waveOutWrite, waveOutPause, waveOutReset, waveOutClose, waveOutGetNumDevs, waveOutRestart, midiStreamStop, midiOutReset, midiStreamClose, midiStreamRestart |
WS2_32.dll | WSAAsyncSelect, closesocket, send, select, WSAStartup, inet_ntoa, recvfrom, ioctlsocket, recv, getpeername, accept, WSACleanup, ntohl |
RASAPI32.dll | RasHangUpA, RasGetConnectStatusA |
KERNEL32.dll | MultiByteToWideChar, SetLastError, GetTimeZoneInformation, OpenProcess, FileTimeToSystemTime, CreateMutexA, ReleaseMutex, TerminateThread, SuspendThread, RaiseException, GetLocalTime, GetSystemTime, RtlUnwind, GetStartupInfoA, GetOEMCP, GetCPInfo, GetProcessVersion, SetErrorMode, GlobalFlags, GetCurrentThread, GetFileTime, TlsGetValue, LocalReAlloc, TlsSetValue, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, lstrcmpA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpiA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, DuplicateHandle, lstrcpynA, FileTimeToLocalFileTime, LocalFree, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, TerminateProcess, GetCurrentProcess, GetFileSize, SetFilePointer, CreateToolhelp32Snapshot, Process32First, Process32Next, CreateSemaphoreA, ResumeThread, ReleaseSemaphore, EnterCriticalSection, LeaveCriticalSection, GetProfileStringA, WriteFile, WaitForMultipleObjects, CreateFileA, SetEvent, FindResourceA, LoadResource, LockResource, ReadFile, lstrlenW, GetModuleFileNameA, GetCurrentThreadId, ExitProcess, GlobalSize, GlobalFree, DeleteCriticalSection, InitializeCriticalSection, lstrcatA, lstrlenA, WinExec, lstrcpyA, FindNextFileA, GetDriveTypeA, GlobalReAlloc, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetUserDefaultLCID, GetFullPathNameA, FreeLibrary, LoadLibraryA, GetLastError, GetVersionExA, WritePrivateProfileStringA, GetPrivateProfileStringA, CreateThread, CreateEventA, Sleep, ExpandEnvironmentStringsA, GlobalAlloc, GlobalLock, GlobalUnlock, InterlockedExchange, FindFirstFileA, FindClose, SetFileAttributesA, GetFileAttributesA, DeleteFileA, GetCurrentDirectoryA, SetCurrentDirectoryA, GetVolumeInformationA, GetModuleHandleA, GetProcAddress, MulDiv, GetCommandLineA, GetTickCount, CreateProcessA, WaitForSingleObject, CloseHandle, HeapSize, GetACP, SetStdHandle, GetFileType, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, SetEnvironmentVariableA, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, CompareStringA, CompareStringW, IsBadReadPtr, IsBadCodePtr, GetVersion |
USER32.dll | SetWindowRgn, DestroyAcceleratorTable, GetWindow, GetActiveWindow, SetFocus, GetMessagePos, ScreenToClient, GetSysColorBrush, LoadStringA, IsWindowEnabled, ShowWindow, SystemParametersInfoA, LoadImageA, EnumDisplaySettingsA, ClientToScreen, EnableMenuItem, GetSubMenu, GetDlgCtrlID, CreateAcceleratorTableA, CreateMenu, ModifyMenuA, AppendMenuA, CreatePopupMenu, DrawIconEx, CreateIconFromResource, CreateIconFromResourceEx, RegisterClipboardFormatA, SetRectEmpty, DispatchMessageA, GetMessageA, WindowFromPoint, ChildWindowFromPointEx, CopyRect, LoadBitmapA, WinHelpA, KillTimer, SetTimer, ReleaseCapture, GetCapture, SetCapture, GetScrollRange, SetScrollRange, SetScrollPos, SetRect, InflateRect, IntersectRect, DestroyIcon, PtInRect, OffsetRect, IsWindowVisible, DrawFocusRect, GetMenuCheckMarkDimensions, GetMenuState, SetMenuItemBitmaps, CheckMenuItem, MoveWindow, IsDialogMessageA, ScrollWindowEx, SendDlgItemMessageA, MapWindowPoints, AdjustWindowRectEx, IsIconic, GetScrollPos, RegisterClassA, GetMenuItemCount, GetMenuItemID, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, RemovePropA, GetMessageTime, GetLastActivePopup, GetForegroundWindow, RegisterWindowMessageA, GetWindowPlacement, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamA, EnableWindow, RedrawWindow, GetWindowLongA, SetWindowLongA, GetSysColor, SetActiveWindow, SetCursorPos, LoadCursorA, SetCursor, GetDC, FillRect, IsRectEmpty, ReleaseDC, IsChild, DestroyMenu, SetForegroundWindow, GetWindowRect, EqualRect, UpdateWindow, ValidateRect, InvalidateRect, GetClientRect, GetFocus, GetParent, GetTopWindow, PostMessageA, IsWindow, SetParent, DestroyCursor, SendMessageA, SetWindowPos, MessageBoxA, GetCursorPos, GetSystemMetrics, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, wsprintfA, WaitForInputIdle, PeekMessageA, SetMenu, GetMenu, DeleteMenu, GetSystemMenu, DefWindowProcA, GetClassInfoA, IsZoomed, DrawEdge, DrawFrameControl, TranslateMessage, LoadIconA, UnregisterClassA, GetDesktopWindow, GetClassNameA, GetWindowThreadProcessId, FindWindowA, GetWindowTextA, CallWindowProcA, CreateWindowExA, RegisterHotKey, UnregisterHotKey, SetWindowTextA, PostQuitMessage, CopyAcceleratorTableA, GetKeyState, TranslateAcceleratorA, GetDlgItem, GetWindowTextLengthA, CharUpperA, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, DestroyWindow |
GDI32.dll | ExtSelectClipRgn, LineTo, MoveToEx, ExcludeClipRect, GetClipBox, ScaleWindowExtEx, DeleteDC, StartDocA, StartPage, BitBlt, CreateCompatibleDC, Ellipse, Rectangle, LPtoDP, DPtoLP, GetCurrentObject, RoundRect, GetDeviceCaps, RealizePalette, SelectPalette, StretchBlt, CreatePalette, GetSystemPaletteEntries, CreateDIBitmap, DeleteObject, SelectClipRgn, CreatePolygonRgn, GetClipRgn, SetStretchBltMode, CreateRectRgnIndirect, SetBkColor, CreateFontA, TranslateCharsetInfo, SetWindowExtEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetTextColor, SetROP2, SetPolyFillMode, SetBkMode, GetViewportExtEx, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextMetricsA, EndDoc, EndPage, GetObjectA, GetStockObject, CreateFontIndirectA, CreateSolidBrush, FillRgn, CreateRectRgn, CombineRgn, PatBlt, CreatePen, SelectObject, CreateBitmap, RestoreDC, SaveDC, CreateDCA, CreateCompatibleBitmap, GetPolyFillMode, GetStretchBltMode, GetROP2, GetBkColor, GetBkMode, GetTextColor, CreateRoundRectRgn, CreateEllipticRgn, PathToRegion, EndPath, BeginPath, GetWindowOrgEx, GetViewportOrgEx, GetWindowExtEx, GetTextExtentPoint32A, GetDIBits |
WINSPOOL.DRV | OpenPrinterA, DocumentPropertiesA, ClosePrinter |
ADVAPI32.dll | RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegQueryValueA, RegCreateKeyExA, RegOpenKeyA, RegCloseKey |
SHELL32.dll | SHGetSpecialFolderPathA, Shell_NotifyIconA, SHChangeNotify, ShellExecuteA, DragQueryFileA, DragFinish, DragAcceptFiles |
ole32.dll | OleRun, CLSIDFromString, OleUninitialize, OleInitialize, CLSIDFromProgID, CoCreateInstance |
OLEAUT32.dll | UnRegisterTypeLib, LoadTypeLib, LHashValOfNameSys, RegisterTypeLib, SafeArrayPutElement, SafeArrayCreate, SafeArrayDestroy, SysAllocString, VariantInit, VariantCopyInd, SafeArrayGetElement, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, VariantChangeType, VariantClear |
COMCTL32.dll | ImageList_Add, ImageList_BeginDrag, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_EndDrag |
WININET.dll | InternetCanonicalizeUrlA, InternetCrackUrlA, HttpOpenRequestA, HttpSendRequestA, HttpQueryInfoA, InternetConnectA, InternetSetOptionA, InternetOpenA, InternetCloseHandle, InternetReadFile |
comdlg32.dll | ChooseColorA, GetFileTitleA, GetSaveFileNameA, GetOpenFileNameA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | China |
Target ID: | 0 |
Start time: | 03:21:14 |
Start date: | 20/11/2024 |
Path: | C:\Users\user\Desktop\99.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 2'240'512 bytes |
MD5 hash: | D493468D3A2924D4C9C235451C67E2AA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 2.4% |
Dynamic/Decrypted Code Coverage: | 26.9% |
Signature Coverage: | 24.6% |
Total number of Nodes: | 1232 |
Total number of Limit Nodes: | 49 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100193C2 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 424memoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000710E Relevance: 5.1, APIs: 3, Instructions: 556COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100198CC Relevance: 4.9, APIs: 1, Strings: 2, Instructions: 434stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10007FDD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053E089 Relevance: 3.4, APIs: 2, Instructions: 422COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10018AD3 Relevance: 3.3, APIs: 2, Instructions: 304memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AD790 Relevance: 3.1, APIs: 2, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10004B1B Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001A199 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041C420 Relevance: .5, Instructions: 544COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053D4BB Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 170stringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004E6870 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 370commemorythreadCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00536A6C Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 207timeCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041715A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 166libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10027BB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25memorywindowCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10028D40 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00540562 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004D0DB0 Relevance: 4.7, APIs: 3, Instructions: 203windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053BF09 Relevance: 3.1, APIs: 2, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00545F6E Relevance: 3.0, APIs: 2, Instructions: 32COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053C060 Relevance: 3.0, APIs: 2, Instructions: 31fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052F8DD Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053DA7B Relevance: 3.0, APIs: 2, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050F1CD Relevance: 3.0, APIs: 2, Instructions: 25windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053D6B1 Relevance: 3.0, APIs: 2, Instructions: 25threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10027C40 Relevance: 3.0, APIs: 2, Instructions: 24memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053DBAD Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052B0A5 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052AF7E Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053D017 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053D73F Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053EB3B Relevance: 1.5, APIs: 1, Instructions: 33windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053D28F Relevance: 1.5, APIs: 1, Instructions: 30COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005410CF Relevance: 1.5, APIs: 1, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053FAE9 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053FBBB Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10028E50 Relevance: 1.5, APIs: 1, Instructions: 4fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0048FCAC Relevance: 25.6, Strings: 18, Instructions: 3074COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10014289 Relevance: 23.7, APIs: 15, Instructions: 1193COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C1190 Relevance: 18.3, APIs: 12, Instructions: 273windowthreadnetworkCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004ACCC0 Relevance: 17.3, APIs: 11, Instructions: 840COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1002129C Relevance: 14.7, APIs: 9, Instructions: 1172COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004688EA Relevance: 10.5, Strings: 7, Instructions: 1772COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10017804 Relevance: 7.8, Strings: 6, Instructions: 270COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100221E2 Relevance: 6.3, APIs: 4, Instructions: 331fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001A8BE Relevance: 6.3, APIs: 4, Instructions: 265COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001221F Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 630nativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100151BD Relevance: 5.3, APIs: 3, Instructions: 822COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001419C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34nativesynchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045108F Relevance: 4.6, Strings: 3, Instructions: 889COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1002378A Relevance: 4.6, APIs: 3, Instructions: 104COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00528D93 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10026356 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 587stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10007E55 Relevance: 3.1, APIs: 2, Instructions: 119COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001363D Relevance: 3.1, APIs: 2, Instructions: 110COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10017D41 Relevance: 3.1, APIs: 2, Instructions: 108COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10011653 Relevance: 3.1, APIs: 2, Instructions: 79windowCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100032EA Relevance: 2.8, Strings: 1, Instructions: 1588COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000210D Relevance: 2.7, APIs: 2, Instructions: 237COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004E5A10 Relevance: 2.5, APIs: 1, Instructions: 1006COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001DB5C Relevance: 2.4, APIs: 1, Instructions: 857COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001BFA0 Relevance: 2.4, APIs: 1, Instructions: 850COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100259D9 Relevance: 2.2, APIs: 1, Instructions: 733COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004CB610 Relevance: 2.1, APIs: 1, Instructions: 638COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10008EDD Relevance: 2.0, APIs: 1, Instructions: 541COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10006495 Relevance: 1.8, APIs: 1, Instructions: 318COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10015B34 Relevance: 1.8, APIs: 1, Instructions: 255COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046C0E4 Relevance: 1.7, Strings: 1, Instructions: 413COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000FF10 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100188E1 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10001D56 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10013C18 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001A031 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10022882 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10006C96 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000FCB0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10003116 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000FD4D Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10008DA3 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10007DB8 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10008E40 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000FA6F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10022A80 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10011E89 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100246E4 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10008B27 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000833D Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000B353 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100137A3 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10008BC4 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10013FC8 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10007BCA Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100253E7 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000B3F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100236FF Relevance: 1.5, APIs: 1, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000F7AC Relevance: 1.3, APIs: 1, Instructions: 91memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10002461 Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000B90D Relevance: 1.0, Instructions: 984COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10012B40 Relevance: .9, Instructions: 871COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10010255 Relevance: .7, Instructions: 748COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10010AD6 Relevance: .7, Instructions: 694COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10002628 Relevance: .6, Instructions: 647COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000A7A2 Relevance: .6, Instructions: 573COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433C2C Relevance: .5, Instructions: 510COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00537C82 Relevance: .4, Instructions: 417COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C98C0 Relevance: .3, Instructions: 336COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10017ECA Relevance: .3, Instructions: 297COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00533A36 Relevance: .3, Instructions: 259COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001847E Relevance: .2, Instructions: 246COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10025977 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10024C38 Relevance: .2, Instructions: 214COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001A236 Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001121A Relevance: .2, Instructions: 193COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001385A Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10017B68 Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001A4E7 Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421D8D Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100024AC Relevance: .1, Instructions: 101COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000F472 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000FDEA Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001A6C7 Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10014096 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000AE99 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10018801 Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042025F Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416E5A Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100189E6 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10011C1A Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10011772 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10014203 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00510400 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100111A7 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E43B Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 100101FB Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001BADE Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001BB29 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10005FDA Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004159DC Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1001A4C7 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041CB04 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050EF99 Relevance: 36.9, APIs: 20, Strings: 1, Instructions: 108windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053F0E9 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00528C65 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 68libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C0D80 Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 310libraryregistryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00539F97 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 119registryclipboardwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050FD30 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 324networkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10029640 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 113librarywindowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10028E60 Relevance: 16.7, APIs: 11, Instructions: 162registrystringCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AB450 Relevance: 15.3, APIs: 10, Instructions: 324COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050EC00 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00537175 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053F5C0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052F973 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004F0080 Relevance: 12.2, APIs: 8, Instructions: 162COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052F3AC Relevance: 12.1, APIs: 8, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004AC7E0 Relevance: 10.8, APIs: 7, Instructions: 319COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00538282 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 241fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00543D4B Relevance: 10.6, APIs: 7, Instructions: 94windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00546481 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00528DFE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005454A8 Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005433F9 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054656D Relevance: 9.1, APIs: 6, Instructions: 61stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050EDD5 Relevance: 9.0, APIs: 6, Instructions: 50windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00542D18 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050F142 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053D90B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00545FD1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052F4DE Relevance: 7.6, APIs: 5, Instructions: 150COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052F701 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00545BF3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050F667 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00542CA3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10027B50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00533D2C Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004D3250 Relevance: 6.2, APIs: 4, Instructions: 246COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005357E0 Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004E5400 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005355F0 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10029F50 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00543281 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00529787 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10028DB0 Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050F6C7 Relevance: 6.1, APIs: 4, Instructions: 55stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053BE94 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053A6E5 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053E84C Relevance: 6.0, APIs: 4, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053E8C5 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00538FF1 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053EFB4 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005420DC Relevance: 6.0, APIs: 4, Instructions: 42COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00542145 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00542D8D Relevance: 6.0, APIs: 4, Instructions: 29stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00539874 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004C9700 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005455AE Relevance: 5.1, APIs: 4, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053388A Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005463EA Relevance: 5.0, APIs: 4, Instructions: 36COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00531F7B Relevance: 5.0, APIs: 4, Instructions: 12COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|