Windows
Analysis Report
yDoZVwXSMG.exe
Overview
General Information
Sample name: | yDoZVwXSMG.exerenamed because original name is a hash value |
Original sample name: | 21922_224871481_da5669cb6c0e24e7679e4cce556acae9d1fabff38df9769fae96837617c38753_au_.exe |
Analysis ID: | 1559721 |
MD5: | a82c9640641c01795da7322ed1b2462f |
SHA1: | af1c79055759a4c698220a22eff9cef97ac8209e |
SHA256: | da5669cb6c0e24e7679e4cce556acae9d1fabff38df9769fae96837617c38753 |
Infos: | |
Detection
Score: | 4 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
- System is w10x64
- yDoZVwXSMG.exe (PID: 5032 cmdline:
"C:\Users\ user\Deskt op\yDoZVwX SMG.exe" MD5: A82C9640641C01795DA7322ED1B2462F) - Au_.exe (PID: 3776 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\~nsuA. tmp\Au_.ex e" _?=C:\U sers\user\ Desktop\ MD5: A82C9640641C01795DA7322ED1B2462F)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Code function: | 0_2_00406775 | |
Source: | Code function: | 0_2_00402A84 | |
Source: | Code function: | 0_2_00405B99 | |
Source: | Code function: | 2_2_00406775 | |
Source: | Code function: | 2_2_00405B99 | |
Source: | Code function: | 2_2_00402A84 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00405683 |
Source: | Code function: | 2_2_03A11D4E |
Source: | Code function: | 0_2_004048DE |
Source: | Code function: | 0_2_004036E7 | |
Source: | Code function: | 2_2_004036E7 |
Source: | Code function: | 0_2_00404E7A | |
Source: | Code function: | 0_2_00406AB6 | |
Source: | Code function: | 2_2_00404E7A | |
Source: | Code function: | 2_2_00406AB6 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_004048DE |
Source: | Code function: | 0_2_004022F1 |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static file information: |
Source: | Code function: | 2_2_039F4DB4 |
Source: | Code function: | 2_2_039F3F3E |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 2_2_03A11410 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 0_2_00406775 | |
Source: | Code function: | 0_2_00402A84 | |
Source: | Code function: | 0_2_00405B99 | |
Source: | Code function: | 2_2_00406775 | |
Source: | Code function: | 2_2_00405B99 | |
Source: | Code function: | 2_2_00402A84 |
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-3581 | ||
Source: | API call chain: | graph_2-6481 | ||
Source: | API call chain: | graph_2-6280 | ||
Source: | API call chain: | graph_2-7616 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_039F4DB4 |
Source: | Code function: | 0_2_004036E7 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Process Injection | 1 Process Injection | 11 Input Capture | 1 Security Software Discovery | Remote Services | 11 Input Capture | 1 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 3 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1559721 |
Start date and time: | 2024-11-20 21:14:38 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | yDoZVwXSMG.exerenamed because original name is a hash value |
Original Sample Name: | 21922_224871481_da5669cb6c0e24e7679e4cce556acae9d1fabff38df9769fae96837617c38753_au_.exe |
Detection: | CLEAN |
Classification: | clean4.winEXE@3/11@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: yDoZVwXSMG.exe
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nslC943.tmp\BrandingURL.dll | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
C:\Users\user\AppData\Local\Temp\nslC943.tmp\FindProcDLL.dll | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Process: | C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 3.904876158695173 |
Encrypted: | false |
SSDEEP: | 48:qnMpjVitCGEuR+BrUtDQbfwz3Aa3MAAZHMAAJb/Jb9W/Boj:zAwDlUSbIz3Aa33AZH3A5BZW/Boj |
MD5: | 71C46B663BAA92AD941388D082AF97E7 |
SHA1: | 5A9FCCE065366A526D75CC5DED9AADE7CADD6421 |
SHA-256: | BB2B9C272B8B66BC1B414675C2ACBA7AFAD03FFF66A63BABEE3EE57ED163D19E |
SHA-512: | 5965BD3F5369B9A1ED641C479F7B8A14AF27700D0C27D482AA8EB62ACC42F7B702B5947D82F9791B29BCBA4D46E1409244F0A8DDCE4EC75022B5E27F6D671BCE |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 31744 |
Entropy (8bit): | 5.124320488199201 |
Encrypted: | false |
SSDEEP: | 384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy |
MD5: | 83CD62EAB980E3D64C131799608C8371 |
SHA1: | 5B57A6842A154997E31FAB573C5754B358F5DD1C |
SHA-256: | A6122E80F1C51DC72770B4F56C7C482F7A9571143FBF83B19C4D141D0CB19294 |
SHA-512: | 91CFBCC125600EC341F5571DCF1E4A814CF7673F82CF42F32155BD54791BBF32619F2BB14AE871D7996E9DDECDFCC5DB40CAA0979D6DFBA3E73CFE8E69C163C9 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14848 |
Entropy (8bit): | 5.54762139570877 |
Encrypted: | false |
SSDEEP: | 192:3Gs+dH4+oQOTgDbzuNfrigyULWsXXZF/01JJijnK72dwF7dBEnbok:3GvdH4qMebzPY2Vijn+BEnbo |
MD5: | D753362649AECD60FF434ADF171A4E7F |
SHA1: | 3B752AD064E06E21822C8958AE22E9A6BB8CF3D0 |
SHA-256: | 8F24C6CF0B06D18F3C07E7BFCA4E92AFCE71834663746CFAA9DDF52A25D5C586 |
SHA-512: | 41BF41ADD275867553FA3BD8835CD7E2A2A362A2D5670CCBFAD23700448BAD9FE0F577FB6EE9D4EB81DFC10D463B325B8A873FE5912EB580936D4AD96587AA6D |
Malicious: | false |
Antivirus: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 3.951555564830228 |
Encrypted: | false |
SSDEEP: | 48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2 |
MD5: | 9384F4007C492D4FA040924F31C00166 |
SHA1: | ABA37FAEF30D7C445584C688A0B5638F5DB31C7B |
SHA-256: | 60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5 |
SHA-512: | 68F158887E24302673227ADFFC688FD3EDABF097D7F5410F983E06C6B9C7344CA1D8A45C7FA05553ADCC5987993DF3A298763477168D4842E554C4EB93B9AAAF |
Malicious: | false |
Antivirus: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45056 |
Entropy (8bit): | 4.447330642171801 |
Encrypted: | false |
SSDEEP: | 768:I+mRGgtvKEeTLD4GKx1oj+aYb7+ZDomgfHx:IbG27eTLcGP+N/0o3fR |
MD5: | 1C440EC84001C94327082ACA9BDBD0D1 |
SHA1: | 4F35B29E8E1CA44368D15506C28A0873BED1C9F3 |
SHA-256: | F6D21EF2FA853B922C94D66D3ABD9277AD71BC1BE73A8D8418BC06635925A343 |
SHA-512: | 32A2C9641D1390295249A52FAB38F8BC8379BE80395A9B27B4E157D37B66A1C1F9F49F940CCD24725C59F9DE9A585690292119E11FAEA3E93D4054D9DB00E93A |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 649 |
Entropy (8bit): | 5.30762609292694 |
Encrypted: | false |
SSDEEP: | 12:lOu8VTsAgQRvAVagFhFa4gNhCfYqfPkmN4gND/hI0F4pVTt8oBdU/U:yTdRvAVacho1OwIBN1ZXaqoAs |
MD5: | 2786600C985A978FC6F62665B5003F8A |
SHA1: | 865CC9D09231D405335CE490E148EE1A0D056EDB |
SHA-256: | AADBBEBA93D8D2C6EDC84C730AF8C09B8340A57C5657CE27912AD1E5A0A1EF46 |
SHA-512: | 58CF08400120577B97A52EE8C77CA3D6FD12C21F933957EA10F6979AF82A519EA455D673848BDCD6A377C94C34E11D415D3EDF47A0DD2888EB34A5BE1D3867D2 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 344502 |
Entropy (8bit): | 7.44895003665144 |
Encrypted: | false |
SSDEEP: | 6144:VPmsu7BOZ6ML8yJ2H1TsLxRtqKGh+F09QyavhNH7jrsTuGVaaaaaaatCaXoIyoBI:VOsu7qjLvMVTsLxrqKGsa9zavXfUVaat |
MD5: | F975665D00EC6F2A8F77A9508C3BF1EF |
SHA1: | 703F4369F98B031790B993EE776388D1BCECCB96 |
SHA-256: | CAD1C216716927D66A2C0D33929543358FE809CA7C593A9A14E0E688F698AA10 |
SHA-512: | 182DD6C3487A83688B8FA14AE986549009FAAEF83A70561004263AEDFF2D6FE3750C1817A0F1A8652D01A94C885E4B1436995B95163F4C08B7FF6DDB07385276 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 515691 |
Entropy (8bit): | 6.952834018950696 |
Encrypted: | false |
SSDEEP: | 12288:HCIzpOsu7qjLvMVTsLxrqKGsa9zavXfUVaaaaaaatCOoIyoBFV7fDpqd:HfzXjLvMVTsLpaskCXcVaaaaaaatCORW |
MD5: | 3B11E38AA0DDE65ABF4B0096116940AF |
SHA1: | 5609AA4B53583B1F5F2E98E115797ABB8FA2BCE6 |
SHA-256: | 9F9A2994289AFC94FDB6DA0C0024840D180D40B98D247905A81EC131BCD23BAF |
SHA-512: | 75759C13DE0BEF6074C0BEC1290D84F706F25B1FD925D861C331062FAF5FBC3A45FDE4E5B003D784355AFFE4C8C1DE4B9D6ACBE384BAE56EDAABF436506D9A6A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\yDoZVwXSMG.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56848 |
Entropy (8bit): | 5.109217127899667 |
Encrypted: | false |
SSDEEP: | 384:hwLFHRN6kkDAYxCZUPPhN8d6EJfIL7IoflpZRT28eVY/DEJS9Q6rI9gGUkJVztGP:KxN6FAfRJALdpZRVenJS91Q77S6qnYg |
MD5: | 60127AB791B30C30BBABBDAFD5396C99 |
SHA1: | 0F7A08F5ACB059A98940E30617B4B4525D3C65E2 |
SHA-256: | 0CF35BACFE6E3F387FF34B156C6CDE409DC97CB458193E40115D8AA3AF9891FC |
SHA-512: | EB778FD5A80E8C9A645E476CC7777C27A833CDB7185C94C3DB5CBCE6372DA07661FD8CE6630FA79E69FEDD4F1844E794383FA6532FBD9E2D99A4C34A94EBA252 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\yDoZVwXSMG.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2469638 |
Entropy (8bit): | 7.980575297576846 |
Encrypted: | false |
SSDEEP: | 49152:ML1blinQ7Xi5JZtKg8+MI1PQoabl4WxLLfmfO7d5GsoAWn0FwdTf:ML1oAXirZm3b1hFW0i |
MD5: | A82C9640641C01795DA7322ED1B2462F |
SHA1: | AF1C79055759A4C698220A22EFF9CEF97AC8209E |
SHA-256: | DA5669CB6C0E24E7679E4CCE556ACAE9D1FABFF38DF9769FAE96837617C38753 |
SHA-512: | 5579B91F9A4C714733B3082B17604D8E888434A04750D6716866ACC441662EE5CC01E99DF73D9A1D9901075F36E078467D0874A23BDCB943282D516E9B6E6246 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\yDoZVwXSMG.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.980575297576846 |
TrID: |
|
File name: | yDoZVwXSMG.exe |
File size: | 2'469'638 bytes |
MD5: | a82c9640641c01795da7322ed1b2462f |
SHA1: | af1c79055759a4c698220a22eff9cef97ac8209e |
SHA256: | da5669cb6c0e24e7679e4cce556acae9d1fabff38df9769fae96837617c38753 |
SHA512: | 5579b91f9a4c714733b3082b17604d8e888434a04750d6716866acc441662ee5cc01e99df73d9a1d9901075f36e078467d0874a23bdcb943282d516e9b6e6246 |
SSDEEP: | 49152:ML1blinQ7Xi5JZtKg8+MI1PQoabl4WxLLfmfO7d5GsoAWn0FwdTf:ML1oAXirZm3b1hFW0i |
TLSH: | 53B52346E3109B64CD1406794DB39CFE6D6FB0B29A61041FA68D3FB6CB62E1D487C34A |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9(..XF..XF..XF.*W...XF..XG.rXF.*W...XF..{v..XF..^@..XF.Rich.XF.........................PE..L....:.V.................d......... |
Icon Hash: | aa9cbcccccc1c4b0 |
Entrypoint: | 0x4036e7 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x56FF3AC3 [Sat Apr 2 03:21:39 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 16cdca0a54bf8076dc7e57fab55dbc5b |
Instruction |
---|
sub esp, 00000184h |
push ebx |
push ebp |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+20h], ebx |
mov dword ptr [esp+14h], 0040A7B0h |
mov dword ptr [esp+1Ch], ebx |
mov byte ptr [esp+18h], 00000020h |
call dword ptr [004080B8h] |
call dword ptr [004080B4h] |
cmp ax, 00000006h |
je 00007F9ED0D75993h |
push ebx |
call 00007F9ED0D78A6Ah |
cmp eax, ebx |
je 00007F9ED0D75989h |
push 00000C00h |
call eax |
mov esi, 00408288h |
push esi |
call 00007F9ED0D789E6h |
push esi |
call dword ptr [004080B0h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007F9ED0D7596Dh |
push 0000000Dh |
call 00007F9ED0D78A3Eh |
push 0000000Bh |
call 00007F9ED0D78A37h |
mov dword ptr [00426404h], eax |
call dword ptr [00408034h] |
push ebx |
call dword ptr [00408278h] |
mov dword ptr [004264B8h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 00420D98h |
call dword ptr [0040815Ch] |
push 0040A840h |
push 00425C00h |
call 00007F9ED0D784BDh |
call dword ptr [004080ACh] |
mov ebp, 0042C000h |
push eax |
push ebp |
call 00007F9ED0D784ABh |
push ebx |
call dword ptr [00408148h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8420 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x36000 | 0x1cb98 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x288 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x63cd | 0x6400 | 84473a4e5c03ea7b88acbd207137a3ed | False | 0.668359375 | data | 6.455100510182752 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x11e2 | 0x1200 | 22a909d39528ffc909762b2fdbab6457 | False | 0.466796875 | data | 5.309380799178768 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x1c4f8 | 0xe00 | 89faa5fd30ca437f0aae195560c38849 | False | 0.41824776785714285 | data | 4.963237061637593 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x27000 | 0xf000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x36000 | 0x1cb98 | 0x1cc00 | bd7fce5ba12105a97791533354aba8d1 | False | 0.19535495923913043 | data | 6.246001857169698 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_BITMAP | 0x36910 | 0x666 | Device independent bitmap graphic, 96 x 16 x 8, image size 1538, resolution 2868 x 2868 px/m, 15 important colors | English | United States | 0.18192918192918192 |
RT_ICON | 0x36f78 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.1308411214953271 |
RT_ICON | 0x477a0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.2702527161076996 |
RT_ICON | 0x4b9c8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.3780082987551867 |
RT_ICON | 0x4df70 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.36843339587242024 |
RT_ICON | 0x4f018 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.43073770491803276 |
RT_ICON | 0x4f9a0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.4308510638297872 |
RT_DIALOG | 0x4fe08 | 0x120 | data | English | United States | 0.5138888888888888 |
RT_DIALOG | 0x4ff28 | 0x158 | data | English | United States | 0.5290697674418605 |
RT_DIALOG | 0x50080 | 0x202 | data | English | United States | 0.4085603112840467 |
RT_DIALOG | 0x50288 | 0xf8 | data | English | United States | 0.6290322580645161 |
RT_DIALOG | 0x50380 | 0xa0 | data | English | United States | 0.60625 |
RT_DIALOG | 0x50420 | 0xf4 | data | English | United States | 0.5450819672131147 |
RT_DIALOG | 0x50518 | 0xee | data | English | United States | 0.6260504201680672 |
RT_DIALOG | 0x50608 | 0x10c | data | English | United States | 0.5111940298507462 |
RT_DIALOG | 0x50718 | 0x144 | data | English | United States | 0.5216049382716049 |
RT_DIALOG | 0x50860 | 0x1ee | data | English | United States | 0.3866396761133603 |
RT_DIALOG | 0x50a50 | 0xe4 | data | English | United States | 0.6359649122807017 |
RT_DIALOG | 0x50b38 | 0x8c | data | English | United States | 0.5857142857142857 |
RT_DIALOG | 0x50bc8 | 0xe0 | data | English | United States | 0.53125 |
RT_DIALOG | 0x50ca8 | 0xda | data | English | United States | 0.6376146788990825 |
RT_DIALOG | 0x50d88 | 0x110 | data | English | United States | 0.5183823529411765 |
RT_DIALOG | 0x50e98 | 0x148 | data | English | United States | 0.5274390243902439 |
RT_DIALOG | 0x50fe0 | 0x1f2 | data | English | United States | 0.39759036144578314 |
RT_DIALOG | 0x511d8 | 0xe8 | data | English | United States | 0.6508620689655172 |
RT_DIALOG | 0x512c0 | 0x90 | data | English | United States | 0.6041666666666666 |
RT_DIALOG | 0x51350 | 0xe4 | data | English | United States | 0.543859649122807 |
RT_DIALOG | 0x51438 | 0xde | data | English | United States | 0.6486486486486487 |
RT_DIALOG | 0x51518 | 0x118 | data | English | United States | 0.5321428571428571 |
RT_DIALOG | 0x51630 | 0x150 | data | English | United States | 0.5386904761904762 |
RT_DIALOG | 0x51780 | 0x1fa | data | English | United States | 0.40118577075098816 |
RT_DIALOG | 0x51980 | 0xf0 | data | English | United States | 0.6666666666666666 |
RT_DIALOG | 0x51a70 | 0x98 | data | English | United States | 0.625 |
RT_DIALOG | 0x51b08 | 0xec | data | English | United States | 0.559322033898305 |
RT_DIALOG | 0x51bf8 | 0xe6 | data | English | United States | 0.6565217391304348 |
RT_DIALOG | 0x51ce0 | 0x10c | data | English | United States | 0.5111940298507462 |
RT_DIALOG | 0x51df0 | 0x144 | data | English | United States | 0.5216049382716049 |
RT_DIALOG | 0x51f38 | 0x1ee | data | English | United States | 0.38866396761133604 |
RT_DIALOG | 0x52128 | 0xe4 | data | English | United States | 0.6447368421052632 |
RT_DIALOG | 0x52210 | 0x8c | data | English | United States | 0.5928571428571429 |
RT_DIALOG | 0x522a0 | 0xe0 | data | English | United States | 0.5357142857142857 |
RT_DIALOG | 0x52380 | 0xda | data | English | United States | 0.6422018348623854 |
RT_GROUP_ICON | 0x52460 | 0x5a | data | English | United States | 0.7888888888888889 |
RT_VERSION | 0x524c0 | 0x314 | data | 0.5076142131979695 | ||
RT_MANIFEST | 0x527d8 | 0x3be | XML 1.0 document, ASCII text, with very long lines (958), with no line terminators | English | United States | 0.5187891440501043 |
DLL | Import |
---|---|
KERNEL32.dll | GetShortPathNameA, GetFullPathNameA, MoveFileA, GetLastError, SetCurrentDirectoryA, GetFileAttributesA, SearchPathA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, CompareFileTime, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetTempPathA, GetWindowsDirectoryA, GetProcAddress, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, ReadFile, WriteFile, GetPrivateProfileStringA, WritePrivateProfileStringA, MultiByteToWideChar, FreeLibrary, MulDiv, LoadLibraryExA, GetModuleHandleA |
USER32.dll | GetWindowRect, EnableMenuItem, GetSystemMenu, ScreenToClient, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetAsyncKeyState, IsDlgButtonChecked, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SystemParametersInfoA, RegisterClassA, EndDialog, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, wvsprintfA, DispatchMessageA, PeekMessageA, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, SetTimer, OpenClipboard, SetWindowTextA, GetDC, LoadImageA, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, SetClipboardData, EmptyClipboard, DestroyWindow, ExitWindowsEx, SetForegroundWindow, PostQuitMessage, CreateDialogParamA |
GDI32.dll | SelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA |
ADVAPI32.dll | RegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:15:35 |
Start date: | 20/11/2024 |
Path: | C:\Users\user\Desktop\yDoZVwXSMG.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 2'469'638 bytes |
MD5 hash: | A82C9640641C01795DA7322ED1B2462F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:15:35 |
Start date: | 20/11/2024 |
Path: | C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 2'469'638 bytes |
MD5 hash: | A82C9640641C01795DA7322ED1B2462F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 9.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 20.8% |
Total number of Nodes: | 1426 |
Total number of Limit Nodes: | 13 |
Graph
Function 004036E7 Relevance: 82.6, APIs: 27, Strings: 20, Instructions: 317stringfilecomCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406AB6 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040601B Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 144filememoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403120 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040679C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004033C6 Relevance: 7.6, APIs: 5, Instructions: 109fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004034F1 Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A22 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405AD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406EEB Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004070EC Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406E02 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406907 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406D55 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406E73 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406DBF Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405FA4 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A9F Relevance: 3.0, APIs: 2, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403B04 Relevance: 2.5, APIs: 2, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040366D Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040369F Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405683 Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 286windowclipboardmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404E7A Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B99 Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 184filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004048DE Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 303stringkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402A84 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401434 Relevance: 54.6, APIs: 13, Strings: 18, Instructions: 371sleepfilewindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403C17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 221stringregistryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004045E8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401899 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 189stringtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062EF Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402689 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 127registrystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402AC2 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94memoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004021E9 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404507 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402076 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404DFA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402FE9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401EE8 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404CF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401DD4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004025F5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004066C9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405DC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401F42 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040547B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405EA1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403BF6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F19 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 14.3% |
Dynamic/Decrypted Code Coverage: | 39.4% |
Signature Coverage: | 2.3% |
Total number of Nodes: | 1420 |
Total number of Limit Nodes: | 44 |
Graph
Function 004036E7 Relevance: 82.6, APIs: 26, Strings: 21, Instructions: 317stringfilecomCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03A11410 Relevance: 66.7, APIs: 5, Strings: 33, Instructions: 236stringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405B99 Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 184filestringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406AB6 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03A11E2F Relevance: 107.5, APIs: 51, Strings: 10, Instructions: 714COMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403FCD Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401434 Relevance: 56.4, APIs: 13, Strings: 19, Instructions: 371sleepfilewindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403C17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 221stringregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03A110DC Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 225windowstringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 1000116D Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 135windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401899 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 189stringtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03A12732 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 122windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403120 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 10001097 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 67windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004021E9 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03A119E7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89windowCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040679C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004033C6 Relevance: 7.6, APIs: 5, Instructions: 109fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401DD4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004034F1 Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A22 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405EA1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406EEB Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004070EC Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406E02 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406907 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406D55 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406E73 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406DBF Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404479 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F2C8F Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402D11 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405FA4 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F85 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405A9F Relevance: 3.0, APIs: 2, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F3047 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404897 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040366D Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004044A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004044D5 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040369F Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03A113F3 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404E7A Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F4DB4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03A11D4E Relevance: 13.6, APIs: 9, Instructions: 79clipboardstringwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405683 Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 286windowclipboardmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004045E8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004048DE Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 303stringkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03A1176B Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196stringwindowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040601B Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 144filememoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F11D0 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 201windowmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004062EF Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402689 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 127registrystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402AC2 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94memoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F318A Relevance: 13.7, APIs: 9, Instructions: 177COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F2DCD Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F29E8 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404507 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402076 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004065C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51stringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404DFA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402FE9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F33D9 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03A11B09 Relevance: 9.1, APIs: 6, Instructions: 114windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 03A11C53 Relevance: 9.1, APIs: 6, Instructions: 91COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F2CEC Relevance: 9.1, APIs: 6, Instructions: 56memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F1000 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 123fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004025F5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F24D2 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401EE8 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F21F8 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F1B68 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404CF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004066C9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405DC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F4790 Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040547B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402904 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405AD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405E07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406747 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403BF6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F45E4 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405F19 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 039F1B3F Relevance: 5.0, APIs: 4, Instructions: 12COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|